1#!/bin/sh 2 3# ssl-opt.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8# Purpose 9# 10# Executes tests to prove various TLS/SSL options and extensions. 11# 12# The goal is not to cover every ciphersuite/version, but instead to cover 13# specific options (max fragment length, truncated hmac, etc) or procedures 14# (session resumption from cache or ticket, renego, etc). 15# 16# The tests assume a build with default options, with exceptions expressed 17# with a dependency. The tests focus on functionality and do not consider 18# performance. 19# 20 21set -u 22 23# Limit the size of each log to 10 GiB, in case of failures with this script 24# where it may output seemingly unlimited length error logs. 25ulimit -f 20971520 26 27ORIGINAL_PWD=$PWD 28if ! cd "$(dirname "$0")"; then 29 exit 125 30fi 31 32DATA_FILES_PATH=../framework/data_files 33 34# default values, can be overridden by the environment 35: ${P_SRV:=../programs/ssl/ssl_server2} 36: ${P_CLI:=../programs/ssl/ssl_client2} 37: ${P_PXY:=../programs/test/udp_proxy} 38: ${P_QUERY:=../programs/test/query_compile_time_config} 39: ${OPENSSL:=openssl} 40: ${GNUTLS_CLI:=gnutls-cli} 41: ${GNUTLS_SERV:=gnutls-serv} 42: ${PERL:=perl} 43 44# The OPENSSL variable used to be OPENSSL_CMD for historical reasons. 45# To help the migration, error out if the old variable is set, 46# but only if it has a different value than the new one. 47if [ "${OPENSSL_CMD+set}" = set ]; then 48 # the variable is set, we can now check its value 49 if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then 50 echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 51 exit 125 52 fi 53fi 54 55guess_config_name() { 56 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then 57 echo "default" 58 else 59 echo "unknown" 60 fi 61} 62: ${MBEDTLS_TEST_OUTCOME_FILE=} 63: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} 64: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 65: ${EARLY_DATA_INPUT:="$DATA_FILES_PATH/tls13_early_data.txt"} 66 67O_SRV="$OPENSSL s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" 68O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client" 69G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" 70G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" 71TCP_CLIENT="$PERL scripts/tcp_client.pl" 72 73# alternative versions of OpenSSL and GnuTLS (no default path) 74 75# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well. 76if [ -z "${OPENSSL_NEXT:-}" ]; then 77 case $($OPENSSL version) in 78 OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;; 79 OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;; 80 esac 81fi 82 83# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well. 84if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then 85 case $($GNUTLS_CLI --version) in 86 gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; 87 gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; 88 gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; 89 esac 90fi 91 92# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well. 93if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then 94 case $($GNUTLS_SERV --version) in 95 gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; 96 gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; 97 gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; 98 esac 99fi 100 101if [ -n "${OPENSSL_NEXT:-}" ]; then 102 O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" 103 O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" 104 O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " 105 O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" 106 O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" 107else 108 O_NEXT_SRV=false 109 O_NEXT_SRV_NO_CERT=false 110 O_NEXT_SRV_EARLY_DATA=false 111 O_NEXT_CLI_NO_CERT=false 112 O_NEXT_CLI=false 113fi 114 115if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 116 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" 117 G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV" 118else 119 G_NEXT_SRV=false 120 G_NEXT_SRV_NO_CERT=false 121fi 122 123if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 124 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" 125 G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" 126else 127 G_NEXT_CLI=false 128 G_NEXT_CLI_NO_CERT=false 129fi 130 131TESTS=0 132FAILS=0 133SKIPS=0 134 135CONFIG_H='../include/mbedtls/mbedtls_config.h' 136 137MEMCHECK=0 138FILTER='.*' 139EXCLUDE='^$' 140 141SHOW_TEST_NUMBER=0 142LIST_TESTS=0 143RUN_TEST_NUMBER='' 144RUN_TEST_SUITE='' 145 146MIN_TESTS=1 147PRESERVE_LOGS=0 148 149# Pick a "unique" server port in the range 10000-19999, and a proxy 150# port which is this plus 10000. Each port number may be independently 151# overridden by a command line option. 152SRV_PORT=$(($$ % 10000 + 10000)) 153PXY_PORT=$((SRV_PORT + 10000)) 154 155print_usage() { 156 echo "Usage: $0 [options]" 157 printf " -h|--help\tPrint this help.\n" 158 printf " -m|--memcheck\tCheck memory leaks and errors.\n" 159 printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" 160 printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" 161 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" 162 printf " -s|--show-numbers\tShow test numbers in front of test names\n" 163 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" 164 printf " --list-test-cases\tList all potential test cases (No Execution)\n" 165 printf " --min \tMinimum number of non-skipped tests (default 1)\n" 166 printf " --outcome-file\tFile where test outcomes are written\n" 167 printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" 168 printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" 169 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" 170 printf " --seed \tInteger seed value to use for this test run\n" 171 printf " --test-suite\tOnly matching test suites are executed\n" 172 printf " \t(comma-separated, e.g. 'ssl-opt,tls13-compat')\n\n" 173} 174 175get_options() { 176 while [ $# -gt 0 ]; do 177 case "$1" in 178 -f|--filter) 179 shift; FILTER=$1 180 ;; 181 -e|--exclude) 182 shift; EXCLUDE=$1 183 ;; 184 -m|--memcheck) 185 MEMCHECK=1 186 ;; 187 -n|--number) 188 shift; RUN_TEST_NUMBER=$1 189 ;; 190 -s|--show-numbers) 191 SHOW_TEST_NUMBER=1 192 ;; 193 -l|--list-test-cases) 194 LIST_TESTS=1 195 ;; 196 -p|--preserve-logs) 197 PRESERVE_LOGS=1 198 ;; 199 --min) 200 shift; MIN_TESTS=$1 201 ;; 202 --outcome-file) 203 shift; MBEDTLS_TEST_OUTCOME_FILE=$1 204 ;; 205 --port) 206 shift; SRV_PORT=$1 207 ;; 208 --proxy-port) 209 shift; PXY_PORT=$1 210 ;; 211 --seed) 212 shift; SEED="$1" 213 ;; 214 --test-suite) 215 shift; RUN_TEST_SUITE="$1" 216 ;; 217 -h|--help) 218 print_usage 219 exit 0 220 ;; 221 *) 222 echo "Unknown argument: '$1'" 223 print_usage 224 exit 1 225 ;; 226 esac 227 shift 228 done 229} 230 231get_options "$@" 232 233# Read boolean configuration options from mbedtls_config.h for easy and quick 234# testing. Skip non-boolean options (with something other than spaces 235# and a comment after "#define SYMBOL"). The variable contains a 236# space-separated list of symbols. 237if [ "$LIST_TESTS" -eq 0 ];then 238 CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" 239else 240 P_QUERY=":" 241 CONFIGS_ENABLED="" 242fi 243# Skip next test; use this macro to skip tests which are legitimate 244# in theory and expected to be re-introduced at some point, but 245# aren't expected to succeed at the moment due to problems outside 246# our control (such as bugs in other TLS implementations). 247skip_next_test() { 248 SKIP_NEXT="YES" 249} 250 251# Check if the required configuration ($1) is enabled 252is_config_enabled() 253{ 254 case $CONFIGS_ENABLED in 255 *" $1"[\ =]*) return 0;; 256 *) return 1;; 257 esac 258} 259 260# skip next test if the flag is not enabled in mbedtls_config.h 261requires_config_enabled() { 262 case $CONFIGS_ENABLED in 263 *" $1"[\ =]*) :;; 264 *) SKIP_NEXT="YES";; 265 esac 266} 267 268# skip next test if the flag is enabled in mbedtls_config.h 269requires_config_disabled() { 270 case $CONFIGS_ENABLED in 271 *" $1"[\ =]*) SKIP_NEXT="YES";; 272 esac 273} 274 275requires_all_configs_enabled() { 276 if ! $P_QUERY -all $* 2>&1 > /dev/null 277 then 278 SKIP_NEXT="YES" 279 fi 280} 281 282requires_all_configs_disabled() { 283 if $P_QUERY -any $* 2>&1 > /dev/null 284 then 285 SKIP_NEXT="YES" 286 fi 287} 288 289requires_any_configs_enabled() { 290 if ! $P_QUERY -any $* 2>&1 > /dev/null 291 then 292 SKIP_NEXT="YES" 293 fi 294} 295 296requires_any_configs_disabled() { 297 if $P_QUERY -all $* 2>&1 > /dev/null 298 then 299 SKIP_NEXT="YES" 300 fi 301} 302 303TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ 304 MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ 305 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 306 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ 307 MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 308 MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ 309 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" 310 311TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ 312 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" 313 314TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ 315 MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ 316 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 317 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ 318 MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" 319 320requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { 321 if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 322 then 323 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 324 elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 325 then 326 SKIP_NEXT="YES" 327 fi 328} 329 330get_config_value_or_default() { 331 # This function uses the query_config command line option to query the 332 # required Mbed TLS compile time configuration from the ssl_server2 333 # program. The command will always return a success value if the 334 # configuration is defined and the value will be printed to stdout. 335 # 336 # Note that if the configuration is not defined or is defined to nothing, 337 # the output of this function will be an empty string. 338 if [ "$LIST_TESTS" -eq 0 ];then 339 ${P_SRV} "query_config=${1}" 340 else 341 echo "1" 342 fi 343 344} 345 346requires_config_value_at_least() { 347 VAL="$( get_config_value_or_default "$1" )" 348 if [ -z "$VAL" ]; then 349 # Should never happen 350 echo "Mbed TLS configuration $1 is not defined" 351 exit 1 352 elif [ "$VAL" -lt "$2" ]; then 353 SKIP_NEXT="YES" 354 fi 355} 356 357requires_config_value_at_most() { 358 VAL=$( get_config_value_or_default "$1" ) 359 if [ -z "$VAL" ]; then 360 # Should never happen 361 echo "Mbed TLS configuration $1 is not defined" 362 exit 1 363 elif [ "$VAL" -gt "$2" ]; then 364 SKIP_NEXT="YES" 365 fi 366} 367 368requires_config_value_equals() { 369 VAL=$( get_config_value_or_default "$1" ) 370 if [ -z "$VAL" ]; then 371 # Should never happen 372 echo "Mbed TLS configuration $1 is not defined" 373 exit 1 374 elif [ "$VAL" -ne "$2" ]; then 375 SKIP_NEXT="YES" 376 fi 377} 378 379# Require Mbed TLS to support the given protocol version. 380# 381# Inputs: 382# * $1: protocol version in mbedtls syntax (argument to force_version=) 383requires_protocol_version() { 384 # Support for DTLS is detected separately in detect_dtls(). 385 case "$1" in 386 tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; 387 tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;; 388 *) echo "Unknown required protocol version: $1"; exit 1;; 389 esac 390} 391 392# Space-separated list of ciphersuites supported by this build of 393# Mbed TLS. 394P_CIPHERSUITES="" 395if [ "$LIST_TESTS" -eq 0 ]; then 396 P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null | 397 grep 'TLS-\|TLS1-3' | 398 tr -s ' \n' ' ')" 399 400 if [ -z "${P_CIPHERSUITES# }" ]; then 401 echo >&2 "$0: fatal error: no cipher suites found!" 402 exit 125 403 fi 404fi 405 406requires_ciphersuite_enabled() { 407 case $P_CIPHERSUITES in 408 *" $1 "*) :;; 409 *) SKIP_NEXT="YES";; 410 esac 411} 412 413requires_cipher_enabled() { 414 KEY_TYPE=$1 415 MODE=${2:-} 416 if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then 417 case "$KEY_TYPE" in 418 CHACHA20) 419 requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 420 requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20 421 ;; 422 *) 423 requires_config_enabled PSA_WANT_ALG_${MODE} 424 requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE} 425 ;; 426 esac 427 else 428 case "$KEY_TYPE" in 429 CHACHA20) 430 requires_config_enabled MBEDTLS_CHACHA20_C 431 requires_config_enabled MBEDTLS_CHACHAPOLY_C 432 ;; 433 *) 434 requires_config_enabled MBEDTLS_${MODE}_C 435 requires_config_enabled MBEDTLS_${KEY_TYPE}_C 436 ;; 437 esac 438 fi 439} 440 441# Automatically detect required features based on command line parameters. 442# Parameters are: 443# - $1 = command line (call to a TLS client or server program) 444# - $2 = client/server 445# - $3 = TLS version (TLS12 or TLS13) 446# - $4 = Use an external tool without ECDH support 447# - $5 = run test options 448detect_required_features() { 449 CMD_LINE=$1 450 ROLE=$2 451 TLS_VERSION=$3 452 EXT_WO_ECDH=$4 453 TEST_OPTIONS=${5:-} 454 455 case "$CMD_LINE" in 456 *\ force_version=*) 457 tmp="${CMD_LINE##*\ force_version=}" 458 tmp="${tmp%%[!-0-9A-Z_a-z]*}" 459 requires_protocol_version "$tmp";; 460 esac 461 462 case "$CMD_LINE" in 463 *\ force_ciphersuite=*) 464 tmp="${CMD_LINE##*\ force_ciphersuite=}" 465 tmp="${tmp%%[!-0-9A-Z_a-z]*}" 466 requires_ciphersuite_enabled "$tmp";; 467 esac 468 469 case " $CMD_LINE " in 470 *[-_\ =]tickets=[^0]*) 471 requires_config_enabled MBEDTLS_SSL_TICKET_C;; 472 esac 473 case " $CMD_LINE " in 474 *[-_\ =]alpn=*) 475 requires_config_enabled MBEDTLS_SSL_ALPN;; 476 esac 477 478 case "$CMD_LINE" in 479 */server5*|\ 480 */server7*|\ 481 */dir-maxpath*) 482 if [ "$TLS_VERSION" = "TLS13" ]; then 483 # In case of TLS13 the support for ECDSA is enough 484 requires_pk_alg "ECDSA" 485 else 486 # For TLS12 requirements are different between server and client 487 if [ "$ROLE" = "server" ]; then 488 # If the server uses "server5*" certificates, then an ECDSA based 489 # key exchange is required. However gnutls also does not 490 # support ECDH, so this limit the choice to ECDHE-ECDSA 491 if [ "$EXT_WO_ECDH" = "yes" ]; then 492 requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 493 else 494 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT 495 fi 496 elif [ "$ROLE" = "client" ]; then 497 # On the client side it is enough to have any certificate 498 # based authentication together with support for ECDSA. 499 # Of course the GnuTLS limitation mentioned above applies 500 # also here. 501 if [ "$EXT_WO_ECDH" = "yes" ]; then 502 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH 503 else 504 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 505 fi 506 requires_pk_alg "ECDSA" 507 fi 508 fi 509 ;; 510 esac 511 512 case "$CMD_LINE" in 513 */server1*|\ 514 */server2*|\ 515 */server7*) 516 # Certificates with an RSA key. The algorithm requirement is 517 # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, 518 # PSS signature}. We can't easily tell which subset works, and 519 # we aren't currently running ssl-opt.sh in configurations 520 # where partial RSA support is a problem, so generically, we 521 # just require RSA and it works out for our tests so far. 522 requires_config_enabled "MBEDTLS_RSA_C" 523 esac 524 525 unset tmp 526} 527 528requires_certificate_authentication () { 529 if [ "$PSK_ONLY" = "YES" ]; then 530 SKIP_NEXT="YES" 531 fi 532} 533 534adapt_cmd_for_psk () { 535 case "$2" in 536 *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; 537 *openssl*) s='-psk 73776f726466697368';; 538 *gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; 539 *) s='psk=73776f726466697368';; 540 esac 541 eval $1='"$2 $s"' 542 unset s 543} 544 545# maybe_adapt_for_psk [RUN_TEST_OPTION...] 546# If running in a PSK-only build, maybe adapt the test to use a pre-shared key. 547# 548# If not running in a PSK-only build, do nothing. 549# If the test looks like it doesn't use a pre-shared key but can run with a 550# pre-shared key, pass a pre-shared key. If the test looks like it can't run 551# with a pre-shared key, skip it. If the test looks like it's already using 552# a pre-shared key, do nothing. 553# 554# This code does not consider builds with ECDHE-PSK or RSA-PSK. 555# 556# Inputs: 557# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. 558# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges). 559# * "$@": options passed to run_test. 560# 561# Outputs: 562# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments. 563# * $SKIP_NEXT: set to YES if the test can't run with PSK. 564maybe_adapt_for_psk() { 565 if [ "$PSK_ONLY" != "YES" ]; then 566 return 567 fi 568 if [ "$SKIP_NEXT" = "YES" ]; then 569 return 570 fi 571 case "$CLI_CMD $SRV_CMD" in 572 *[-_\ =]psk*|*[-_\ =]PSK*) 573 return;; 574 *force_ciphersuite*) 575 # The test case forces a non-PSK cipher suite. In some cases, a 576 # PSK cipher suite could be substituted, but we're not ready for 577 # that yet. 578 SKIP_NEXT="YES" 579 return;; 580 *\ auth_mode=*|*[-_\ =]crt[_=]*) 581 # The test case involves certificates. PSK won't do. 582 SKIP_NEXT="YES" 583 return;; 584 esac 585 adapt_cmd_for_psk CLI_CMD "$CLI_CMD" 586 adapt_cmd_for_psk SRV_CMD "$SRV_CMD" 587} 588 589case " $CONFIGS_ENABLED " in 590 *\ MBEDTLS_KEY_EXCHANGE_[^P]*) PSK_ONLY="NO";; 591 *\ MBEDTLS_KEY_EXCHANGE_P[^S]*) PSK_ONLY="NO";; 592 *\ MBEDTLS_KEY_EXCHANGE_PS[^K]*) PSK_ONLY="NO";; 593 *\ MBEDTLS_KEY_EXCHANGE_PSK[^_]*) PSK_ONLY="NO";; 594 *\ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED\ *) PSK_ONLY="YES";; 595 *) PSK_ONLY="NO";; 596esac 597 598HAS_ALG_MD5="NO" 599HAS_ALG_SHA_1="NO" 600HAS_ALG_SHA_224="NO" 601HAS_ALG_SHA_256="NO" 602HAS_ALG_SHA_384="NO" 603HAS_ALG_SHA_512="NO" 604 605check_for_hash_alg() 606{ 607 CURR_ALG="INVALID"; 608 USE_PSA="NO" 609 if is_config_enabled "MBEDTLS_USE_PSA_CRYPTO"; then 610 USE_PSA="YES"; 611 fi 612 if [ $USE_PSA = "YES" ]; then 613 CURR_ALG=PSA_WANT_ALG_${1} 614 else 615 CURR_ALG=MBEDTLS_${1}_C 616 # Remove the second underscore to match MBEDTLS_* naming convention 617 # MD5 is an exception to this convention 618 if [ "${1}" != "MD5" ]; then 619 CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2') 620 fi 621 fi 622 623 case $CONFIGS_ENABLED in 624 *" $CURR_ALG"[\ =]*) 625 return 0 626 ;; 627 *) :;; 628 esac 629 return 1 630} 631 632populate_enabled_hash_algs() 633{ 634 for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512 MD5; do 635 if check_for_hash_alg "$hash_alg"; then 636 hash_alg_variable=HAS_ALG_${hash_alg} 637 eval ${hash_alg_variable}=YES 638 fi 639 done 640} 641 642# skip next test if the given hash alg is not supported 643requires_hash_alg() { 644 HASH_DEFINE="Invalid" 645 HAS_HASH_ALG="NO" 646 case $1 in 647 MD5):;; 648 SHA_1):;; 649 SHA_224):;; 650 SHA_256):;; 651 SHA_384):;; 652 SHA_512):;; 653 *) 654 echo "Unsupported hash alg - $1" 655 exit 1 656 ;; 657 esac 658 659 HASH_DEFINE=HAS_ALG_${1} 660 eval "HAS_HASH_ALG=\${${HASH_DEFINE}}" 661 if [ "$HAS_HASH_ALG" = "NO" ] 662 then 663 SKIP_NEXT="YES" 664 fi 665} 666 667# Skip next test if the given pk alg is not enabled 668requires_pk_alg() { 669 case $1 in 670 ECDSA) 671 if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then 672 requires_config_enabled PSA_WANT_ALG_ECDSA 673 else 674 requires_config_enabled MBEDTLS_ECDSA_C 675 fi 676 ;; 677 *) 678 echo "Unknown/unimplemented case $1 in requires_pk_alg" 679 exit 1 680 ;; 681 esac 682} 683 684# skip next test if OpenSSL doesn't support FALLBACK_SCSV 685requires_openssl_with_fallback_scsv() { 686 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then 687 if $OPENSSL s_client -help 2>&1 | grep fallback_scsv >/dev/null 688 then 689 OPENSSL_HAS_FBSCSV="YES" 690 else 691 OPENSSL_HAS_FBSCSV="NO" 692 fi 693 fi 694 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then 695 SKIP_NEXT="YES" 696 fi 697} 698 699# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value 700requires_max_content_len() { 701 requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 702 requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 703} 704 705# skip next test if GnuTLS isn't available 706requires_gnutls() { 707 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then 708 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then 709 GNUTLS_AVAILABLE="YES" 710 else 711 GNUTLS_AVAILABLE="NO" 712 fi 713 fi 714 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then 715 SKIP_NEXT="YES" 716 fi 717} 718 719# skip next test if GnuTLS-next isn't available 720requires_gnutls_next() { 721 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then 722 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then 723 GNUTLS_NEXT_AVAILABLE="YES" 724 else 725 GNUTLS_NEXT_AVAILABLE="NO" 726 fi 727 fi 728 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 729 SKIP_NEXT="YES" 730 fi 731} 732 733requires_openssl_next() { 734 if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then 735 if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then 736 OPENSSL_NEXT_AVAILABLE="YES" 737 else 738 OPENSSL_NEXT_AVAILABLE="NO" 739 fi 740 fi 741 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 742 SKIP_NEXT="YES" 743 fi 744} 745 746# skip next test if openssl version is lower than 3.0 747requires_openssl_3_x() { 748 requires_openssl_next 749 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 750 OPENSSL_3_X_AVAILABLE="NO" 751 fi 752 if [ -z "${OPENSSL_3_X_AVAILABLE:-}" ]; then 753 if $OPENSSL_NEXT version 2>&1 | grep "OpenSSL 3." >/dev/null 754 then 755 OPENSSL_3_X_AVAILABLE="YES" 756 else 757 OPENSSL_3_X_AVAILABLE="NO" 758 fi 759 fi 760 if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then 761 SKIP_NEXT="YES" 762 fi 763} 764 765# skip next test if openssl does not support ffdh keys 766requires_openssl_tls1_3_with_ffdh() { 767 requires_openssl_3_x 768} 769 770# skip next test if openssl cannot handle ephemeral key exchange 771requires_openssl_tls1_3_with_compatible_ephemeral() { 772 requires_openssl_next 773 774 if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then 775 requires_openssl_tls1_3_with_ffdh 776 fi 777} 778 779# skip next test if tls1_3 is not available 780requires_openssl_tls1_3() { 781 requires_openssl_next 782 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 783 OPENSSL_TLS1_3_AVAILABLE="NO" 784 fi 785 if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then 786 if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null 787 then 788 OPENSSL_TLS1_3_AVAILABLE="YES" 789 else 790 OPENSSL_TLS1_3_AVAILABLE="NO" 791 fi 792 fi 793 if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then 794 SKIP_NEXT="YES" 795 fi 796} 797 798# skip next test if tls1_3 is not available 799requires_gnutls_tls1_3() { 800 requires_gnutls_next 801 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 802 GNUTLS_TLS1_3_AVAILABLE="NO" 803 fi 804 if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then 805 if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null 806 then 807 GNUTLS_TLS1_3_AVAILABLE="YES" 808 else 809 GNUTLS_TLS1_3_AVAILABLE="NO" 810 fi 811 fi 812 if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then 813 SKIP_NEXT="YES" 814 fi 815} 816 817# Check %NO_TICKETS option 818requires_gnutls_next_no_ticket() { 819 requires_gnutls_next 820 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 821 GNUTLS_NO_TICKETS_AVAILABLE="NO" 822 fi 823 if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then 824 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null 825 then 826 GNUTLS_NO_TICKETS_AVAILABLE="YES" 827 else 828 GNUTLS_NO_TICKETS_AVAILABLE="NO" 829 fi 830 fi 831 if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then 832 SKIP_NEXT="YES" 833 fi 834} 835 836# Check %DISABLE_TLS13_COMPAT_MODE option 837requires_gnutls_next_disable_tls13_compat() { 838 requires_gnutls_next 839 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 840 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" 841 fi 842 if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then 843 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null 844 then 845 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES" 846 else 847 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" 848 fi 849 fi 850 if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then 851 SKIP_NEXT="YES" 852 fi 853} 854 855# skip next test if GnuTLS does not support the record size limit extension 856requires_gnutls_record_size_limit() { 857 requires_gnutls_next 858 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 859 GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO" 860 else 861 GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES" 862 fi 863 if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then 864 SKIP_NEXT="YES" 865 fi 866} 867 868# skip next test if IPv6 isn't available on this host 869requires_ipv6() { 870 if [ -z "${HAS_IPV6:-}" ]; then 871 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & 872 SRV_PID=$! 873 sleep 1 874 kill $SRV_PID >/dev/null 2>&1 875 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then 876 HAS_IPV6="NO" 877 else 878 HAS_IPV6="YES" 879 fi 880 rm -r $SRV_OUT 881 fi 882 883 if [ "$HAS_IPV6" = "NO" ]; then 884 SKIP_NEXT="YES" 885 fi 886} 887 888# skip next test if it's i686 or uname is not available 889requires_not_i686() { 890 if [ -z "${IS_I686:-}" ]; then 891 IS_I686="YES" 892 if which "uname" >/dev/null 2>&1; then 893 if [ -z "$(uname -a | grep i686)" ]; then 894 IS_I686="NO" 895 fi 896 fi 897 fi 898 if [ "$IS_I686" = "YES" ]; then 899 SKIP_NEXT="YES" 900 fi 901} 902 903MAX_CONTENT_LEN=16384 904MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) 905MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) 906if [ "$LIST_TESTS" -eq 0 ];then 907 # Calculate the input & output maximum content lengths set in the config 908 909 # Calculate the maximum content length that fits both 910 if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then 911 MAX_CONTENT_LEN="$MAX_IN_LEN" 912 fi 913 if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then 914 MAX_CONTENT_LEN="$MAX_OUT_LEN" 915 fi 916fi 917# skip the next test if the SSL output buffer is less than 16KB 918requires_full_size_output_buffer() { 919 if [ "$MAX_OUT_LEN" -ne 16384 ]; then 920 SKIP_NEXT="YES" 921 fi 922} 923 924# skip the next test if valgrind is in use 925not_with_valgrind() { 926 if [ "$MEMCHECK" -gt 0 ]; then 927 SKIP_NEXT="YES" 928 fi 929} 930 931# skip the next test if valgrind is NOT in use 932only_with_valgrind() { 933 if [ "$MEMCHECK" -eq 0 ]; then 934 SKIP_NEXT="YES" 935 fi 936} 937 938# multiply the client timeout delay by the given factor for the next test 939client_needs_more_time() { 940 CLI_DELAY_FACTOR=$1 941} 942 943# wait for the given seconds after the client finished in the next test 944server_needs_more_time() { 945 SRV_DELAY_SECONDS=$1 946} 947 948# print_name <name> 949print_name() { 950 TESTS=$(( $TESTS + 1 )) 951 LINE="" 952 953 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then 954 LINE="$TESTS " 955 fi 956 957 LINE="$LINE$1" 958 959 printf "%s " "$LINE" 960 LEN=$(( 72 - `echo "$LINE" | wc -c` )) 961 for i in `seq 1 $LEN`; do printf '.'; done 962 printf ' ' 963 964} 965 966# record_outcome <outcome> [<failure-reason>] 967# The test name must be in $NAME. 968# Use $TEST_SUITE_NAME as the test suite name if set. 969record_outcome() { 970 echo "$1" 971 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then 972 printf '%s;%s;%s;%s;%s;%s\n' \ 973 "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ 974 "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \ 975 "$1" "${2-}" \ 976 >>"$MBEDTLS_TEST_OUTCOME_FILE" 977 fi 978} 979unset TEST_SUITE_NAME 980 981# True if the presence of the given pattern in a log definitely indicates 982# that the test has failed. False if the presence is inconclusive. 983# 984# Inputs: 985# * $1: pattern found in the logs 986# * $TIMES_LEFT: >0 if retrying is an option 987# 988# Outputs: 989# * $outcome: set to a retry reason if the pattern is inconclusive, 990# unchanged otherwise. 991# * Return value: 1 if the pattern is inconclusive, 992# 0 if the failure is definitive. 993log_pattern_presence_is_conclusive() { 994 # If we've run out of attempts, then don't retry no matter what. 995 if [ $TIMES_LEFT -eq 0 ]; then 996 return 0 997 fi 998 case $1 in 999 "resend") 1000 # An undesired resend may have been caused by the OS dropping or 1001 # delaying a packet at an inopportune time. 1002 outcome="RETRY(resend)" 1003 return 1;; 1004 esac 1005} 1006 1007# fail <message> 1008fail() { 1009 record_outcome "FAIL" "$1" 1010 echo " ! $1" 1011 1012 mv $SRV_OUT o-srv-${TESTS}.log 1013 mv $CLI_OUT o-cli-${TESTS}.log 1014 if [ -n "$PXY_CMD" ]; then 1015 mv $PXY_OUT o-pxy-${TESTS}.log 1016 fi 1017 echo " ! outputs saved to o-XXX-${TESTS}.log" 1018 1019 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 1020 echo " ! server output:" 1021 cat o-srv-${TESTS}.log 1022 echo " ! ========================================================" 1023 echo " ! client output:" 1024 cat o-cli-${TESTS}.log 1025 if [ -n "$PXY_CMD" ]; then 1026 echo " ! ========================================================" 1027 echo " ! proxy output:" 1028 cat o-pxy-${TESTS}.log 1029 fi 1030 echo "" 1031 fi 1032 1033 FAILS=$(( $FAILS + 1 )) 1034} 1035 1036# is_polar <cmd_line> 1037is_polar() { 1038 case "$1" in 1039 *ssl_client2*) true;; 1040 *ssl_server2*) true;; 1041 *) false;; 1042 esac 1043} 1044 1045# openssl s_server doesn't have -www with DTLS 1046check_osrv_dtls() { 1047 case "$SRV_CMD" in 1048 *s_server*-dtls*) 1049 NEEDS_INPUT=1 1050 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; 1051 *) NEEDS_INPUT=0;; 1052 esac 1053} 1054 1055# provide input to commands that need it 1056provide_input() { 1057 if [ $NEEDS_INPUT -eq 0 ]; then 1058 return 1059 fi 1060 1061 while true; do 1062 echo "HTTP/1.0 200 OK" 1063 sleep 1 1064 done 1065} 1066 1067# has_mem_err <log_file_name> 1068has_mem_err() { 1069 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 1070 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 1071 then 1072 return 1 # false: does not have errors 1073 else 1074 return 0 # true: has errors 1075 fi 1076} 1077 1078# Wait for process $2 named $3 to be listening on port $1. Print error to $4. 1079if type lsof >/dev/null 2>/dev/null; then 1080 wait_app_start() { 1081 newline=' 1082' 1083 START_TIME=$(date +%s) 1084 if [ "$DTLS" -eq 1 ]; then 1085 proto=UDP 1086 else 1087 proto=TCP 1088 fi 1089 # Make a tight loop, server normally takes less than 1s to start. 1090 while true; do 1091 SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t) 1092 # When we use a proxy, it will be listening on the same port we 1093 # are checking for as well as the server and lsof will list both. 1094 case ${newline}${SERVER_PIDS}${newline} in 1095 *${newline}${2}${newline}*) break;; 1096 esac 1097 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 1098 echo "$3 START TIMEOUT" 1099 echo "$3 START TIMEOUT" >> $4 1100 break 1101 fi 1102 # Linux and *BSD support decimal arguments to sleep. On other 1103 # OSes this may be a tight loop. 1104 sleep 0.1 2>/dev/null || true 1105 done 1106 } 1107else 1108 echo "Warning: lsof not available, wait_app_start = sleep" 1109 wait_app_start() { 1110 sleep "$START_DELAY" 1111 } 1112fi 1113 1114# Wait for server process $2 to be listening on port $1. 1115wait_server_start() { 1116 wait_app_start $1 $2 "SERVER" $SRV_OUT 1117} 1118 1119# Wait for proxy process $2 to be listening on port $1. 1120wait_proxy_start() { 1121 wait_app_start $1 $2 "PROXY" $PXY_OUT 1122} 1123 1124# Given the client or server debug output, parse the unix timestamp that is 1125# included in the first 4 bytes of the random bytes and check that it's within 1126# acceptable bounds 1127check_server_hello_time() { 1128 # Extract the time from the debug (lvl 3) output of the client 1129 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" 1130 # Get the Unix timestamp for now 1131 CUR_TIME=$(date +'%s') 1132 THRESHOLD_IN_SECS=300 1133 1134 # Check if the ServerHello time was printed 1135 if [ -z "$SERVER_HELLO_TIME" ]; then 1136 return 1 1137 fi 1138 1139 # Check the time in ServerHello is within acceptable bounds 1140 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then 1141 # The time in ServerHello is at least 5 minutes before now 1142 return 1 1143 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then 1144 # The time in ServerHello is at least 5 minutes later than now 1145 return 1 1146 else 1147 return 0 1148 fi 1149} 1150 1151# Get handshake memory usage from server or client output and put it into the variable specified by the first argument 1152handshake_memory_get() { 1153 OUTPUT_VARIABLE="$1" 1154 OUTPUT_FILE="$2" 1155 1156 # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112" 1157 MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1) 1158 1159 # Check if memory usage was read 1160 if [ -z "$MEM_USAGE" ]; then 1161 echo "Error: Can not read the value of handshake memory usage" 1162 return 1 1163 else 1164 eval "$OUTPUT_VARIABLE=$MEM_USAGE" 1165 return 0 1166 fi 1167} 1168 1169# Get handshake memory usage from server or client output and check if this value 1170# is not higher than the maximum given by the first argument 1171handshake_memory_check() { 1172 MAX_MEMORY="$1" 1173 OUTPUT_FILE="$2" 1174 1175 # Get memory usage 1176 if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then 1177 return 1 1178 fi 1179 1180 # Check if memory usage is below max value 1181 if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then 1182 echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \ 1183 "but should be below $MAX_MEMORY bytes" 1184 return 1 1185 else 1186 return 0 1187 fi 1188} 1189 1190# wait for client to terminate and set CLI_EXIT 1191# must be called right after starting the client 1192wait_client_done() { 1193 CLI_PID=$! 1194 1195 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) 1196 CLI_DELAY_FACTOR=1 1197 1198 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & 1199 DOG_PID=$! 1200 1201 # For Ubuntu 22.04, `Terminated` message is outputed by wait command. 1202 # To remove it from stdout, redirect stdout/stderr to CLI_OUT 1203 wait $CLI_PID >> $CLI_OUT 2>&1 1204 CLI_EXIT=$? 1205 1206 kill $DOG_PID >/dev/null 2>&1 1207 wait $DOG_PID >> $CLI_OUT 2>&1 1208 1209 echo "EXIT: $CLI_EXIT" >> $CLI_OUT 1210 1211 sleep $SRV_DELAY_SECONDS 1212 SRV_DELAY_SECONDS=0 1213} 1214 1215# check if the given command uses dtls and sets global variable DTLS 1216detect_dtls() { 1217 case "$1" in 1218 *dtls=1*|*-dtls*|*-u*) DTLS=1;; 1219 *) DTLS=0;; 1220 esac 1221} 1222 1223# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS 1224is_gnutls() { 1225 case "$1" in 1226 *gnutls-cli*) 1227 CMD_IS_GNUTLS=1 1228 ;; 1229 *gnutls-serv*) 1230 CMD_IS_GNUTLS=1 1231 ;; 1232 *) 1233 CMD_IS_GNUTLS=0 1234 ;; 1235 esac 1236} 1237 1238# Some external tools (gnutls or openssl) might not have support for static ECDH 1239# and this limit the tests that can be run with them. This function checks server 1240# and client command lines, given as input, to verify if the current test 1241# is using one of these tools. 1242use_ext_tool_without_ecdh_support() { 1243 case "$1" in 1244 *$GNUTLS_SERV*|\ 1245 *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\ 1246 *${OPENSSL_NEXT:-"openssl-dummy"}*) 1247 echo "yes" 1248 return;; 1249 esac 1250 case "$2" in 1251 *$GNUTLS_CLI*|\ 1252 *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\ 1253 *${OPENSSL_NEXT:-"openssl-dummy"}*) 1254 echo "yes" 1255 return;; 1256 esac 1257 echo "no" 1258} 1259 1260# Generate random psk_list argument for ssl_server2 1261get_srv_psk_list () 1262{ 1263 case $(( TESTS % 3 )) in 1264 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; 1265 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; 1266 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; 1267 esac 1268} 1269 1270# Determine what calc_verify trace is to be expected, if any. 1271# 1272# calc_verify is only called for two things: to calculate the 1273# extended master secret, and to process client authentication. 1274# 1275# Warning: the current implementation assumes that extended_ms is not 1276# disabled on the client or on the server. 1277# 1278# Inputs: 1279# * $1: the value of the server auth_mode parameter. 1280# 'required' if client authentication is expected, 1281# 'none' or absent if not. 1282# * $CONFIGS_ENABLED 1283# 1284# Outputs: 1285# * $maybe_calc_verify: set to a trace expected in the debug logs 1286set_maybe_calc_verify() { 1287 maybe_calc_verify= 1288 case $CONFIGS_ENABLED in 1289 *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; 1290 *) 1291 case ${1-} in 1292 ''|none) return;; 1293 required) :;; 1294 *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; 1295 esac 1296 esac 1297 case $CONFIGS_ENABLED in 1298 *\ MBEDTLS_USE_PSA_CRYPTO\ *) maybe_calc_verify="PSA calc verify";; 1299 *) maybe_calc_verify="<= calc verify";; 1300 esac 1301} 1302 1303# Compare file content 1304# Usage: find_in_both pattern file1 file2 1305# extract from file1 the first line matching the pattern 1306# check in file2 that the same line can be found 1307find_in_both() { 1308 srv_pattern=$(grep -m 1 "$1" "$2"); 1309 if [ -z "$srv_pattern" ]; then 1310 return 1; 1311 fi 1312 1313 if grep "$srv_pattern" $3 >/dev/null; then : 1314 return 0; 1315 else 1316 return 1; 1317 fi 1318} 1319 1320SKIP_HANDSHAKE_CHECK="NO" 1321skip_handshake_stage_check() { 1322 SKIP_HANDSHAKE_CHECK="YES" 1323} 1324 1325# Analyze the commands that will be used in a test. 1326# 1327# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass 1328# extra arguments or go through wrappers. 1329# 1330# Inputs: 1331# * $@: supplemental options to run_test() (after the mandatory arguments). 1332# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands. 1333# * $DTLS: 1 if DTLS, otherwise 0. 1334# 1335# Outputs: 1336# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked. 1337analyze_test_commands() { 1338 # if the test uses DTLS but no custom proxy, add a simple proxy 1339 # as it provides timing info that's useful to debug failures 1340 if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then 1341 PXY_CMD="$P_PXY" 1342 case " $SRV_CMD " in 1343 *' server_addr=::1 '*) 1344 PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; 1345 esac 1346 fi 1347 1348 # update CMD_IS_GNUTLS variable 1349 is_gnutls "$SRV_CMD" 1350 1351 # if the server uses gnutls but doesn't set priority, explicitly 1352 # set the default priority 1353 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then 1354 case "$SRV_CMD" in 1355 *--priority*) :;; 1356 *) SRV_CMD="$SRV_CMD --priority=NORMAL";; 1357 esac 1358 fi 1359 1360 # update CMD_IS_GNUTLS variable 1361 is_gnutls "$CLI_CMD" 1362 1363 # if the client uses gnutls but doesn't set priority, explicitly 1364 # set the default priority 1365 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then 1366 case "$CLI_CMD" in 1367 *--priority*) :;; 1368 *) CLI_CMD="$CLI_CMD --priority=NORMAL";; 1369 esac 1370 fi 1371 1372 # fix client port 1373 if [ -n "$PXY_CMD" ]; then 1374 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) 1375 else 1376 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) 1377 fi 1378 1379 # prepend valgrind to our commands if active 1380 if [ "$MEMCHECK" -gt 0 ]; then 1381 if is_polar "$SRV_CMD"; then 1382 SRV_CMD="valgrind --leak-check=full $SRV_CMD" 1383 fi 1384 if is_polar "$CLI_CMD"; then 1385 CLI_CMD="valgrind --leak-check=full $CLI_CMD" 1386 fi 1387 fi 1388} 1389 1390# Check for failure conditions after a test case. 1391# 1392# Inputs from run_test: 1393# * positional parameters: test options (see run_test documentation) 1394# * $CLI_EXIT: client return code 1395# * $CLI_EXPECT: expected client return code 1396# * $SRV_RET: server return code 1397# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs 1398# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed 1399# 1400# Outputs: 1401# * $outcome: one of PASS/RETRY*/FAIL 1402check_test_failure() { 1403 outcome=FAIL 1404 1405 if [ $TIMES_LEFT -gt 0 ] && 1406 grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null 1407 then 1408 outcome="RETRY(client-timeout)" 1409 return 1410 fi 1411 1412 # check if the client and server went at least to the handshake stage 1413 # (useful to avoid tests with only negative assertions and non-zero 1414 # expected client exit to incorrectly succeed in case of catastrophic 1415 # failure) 1416 if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] 1417 then 1418 if is_polar "$SRV_CMD"; then 1419 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; 1420 else 1421 fail "server or client failed to reach handshake stage" 1422 return 1423 fi 1424 fi 1425 if is_polar "$CLI_CMD"; then 1426 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; 1427 else 1428 fail "server or client failed to reach handshake stage" 1429 return 1430 fi 1431 fi 1432 fi 1433 1434 SKIP_HANDSHAKE_CHECK="NO" 1435 # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't 1436 # exit with status 0 when interrupted by a signal, and we don't really 1437 # care anyway), in case e.g. the server reports a memory leak. 1438 if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then 1439 fail "Server exited with status $SRV_RET" 1440 return 1441 fi 1442 1443 # check client exit code 1444 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ 1445 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] 1446 then 1447 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" 1448 return 1449 fi 1450 1451 # check other assertions 1452 # lines beginning with == are added by valgrind, ignore them 1453 # lines with 'Serious error when reading debug info', are valgrind issues as well 1454 while [ $# -gt 0 ] 1455 do 1456 case $1 in 1457 "-s") 1458 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 1459 fail "pattern '$2' MUST be present in the Server output" 1460 return 1461 fi 1462 ;; 1463 1464 "-c") 1465 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 1466 fail "pattern '$2' MUST be present in the Client output" 1467 return 1468 fi 1469 ;; 1470 1471 "-S") 1472 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 1473 if log_pattern_presence_is_conclusive "$2"; then 1474 fail "pattern '$2' MUST NOT be present in the Server output" 1475 fi 1476 return 1477 fi 1478 ;; 1479 1480 "-C") 1481 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 1482 if log_pattern_presence_is_conclusive "$2"; then 1483 fail "pattern '$2' MUST NOT be present in the Client output" 1484 fi 1485 return 1486 fi 1487 ;; 1488 1489 # The filtering in the following two options (-u and -U) do the following 1490 # - ignore valgrind output 1491 # - filter out everything but lines right after the pattern occurrences 1492 # - keep one of each non-unique line 1493 # - count how many lines remain 1494 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 1495 # if there were no duplicates. 1496 "-U") 1497 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 1498 fail "lines following pattern '$2' must be unique in Server output" 1499 return 1500 fi 1501 ;; 1502 1503 "-u") 1504 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 1505 fail "lines following pattern '$2' must be unique in Client output" 1506 return 1507 fi 1508 ;; 1509 "-F") 1510 if ! $2 "$SRV_OUT"; then 1511 fail "function call to '$2' failed on Server output" 1512 return 1513 fi 1514 ;; 1515 "-f") 1516 if ! $2 "$CLI_OUT"; then 1517 fail "function call to '$2' failed on Client output" 1518 return 1519 fi 1520 ;; 1521 "-g") 1522 if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then 1523 fail "function call to '$2' failed on Server and Client output" 1524 return 1525 fi 1526 ;; 1527 1528 *) 1529 echo "Unknown test: $1" >&2 1530 exit 1 1531 esac 1532 shift 2 1533 done 1534 1535 # check valgrind's results 1536 if [ "$MEMCHECK" -gt 0 ]; then 1537 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then 1538 fail "Server has memory errors" 1539 return 1540 fi 1541 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then 1542 fail "Client has memory errors" 1543 return 1544 fi 1545 fi 1546 1547 # if we're here, everything is ok 1548 outcome=PASS 1549} 1550 1551# Run the current test case: start the server and if applicable the proxy, run 1552# the client, wait for all processes to finish or time out. 1553# 1554# Inputs: 1555# * $NAME: test case name 1556# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run 1557# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs 1558# 1559# Outputs: 1560# * $CLI_EXIT: client return code 1561# * $SRV_RET: server return code 1562do_run_test_once() { 1563 # run the commands 1564 if [ -n "$PXY_CMD" ]; then 1565 printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT 1566 $PXY_CMD >> $PXY_OUT 2>&1 & 1567 PXY_PID=$! 1568 wait_proxy_start "$PXY_PORT" "$PXY_PID" 1569 fi 1570 1571 check_osrv_dtls 1572 printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT 1573 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & 1574 SRV_PID=$! 1575 wait_server_start "$SRV_PORT" "$SRV_PID" 1576 1577 printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT 1578 # The client must be a subprocess of the script in order for killing it to 1579 # work properly, that's why the ampersand is placed inside the eval command, 1580 # not at the end of the line: the latter approach will spawn eval as a 1581 # subprocess, and the $CLI_CMD as a grandchild. 1582 eval "$CLI_CMD &" >> $CLI_OUT 2>&1 1583 wait_client_done 1584 1585 sleep 0.05 1586 1587 # terminate the server (and the proxy) 1588 kill $SRV_PID 1589 # For Ubuntu 22.04, `Terminated` message is outputed by wait command. 1590 # To remove it from stdout, redirect stdout/stderr to SRV_OUT 1591 wait $SRV_PID >> $SRV_OUT 2>&1 1592 SRV_RET=$? 1593 1594 if [ -n "$PXY_CMD" ]; then 1595 kill $PXY_PID >/dev/null 2>&1 1596 wait $PXY_PID >> $PXY_OUT 2>&1 1597 fi 1598} 1599 1600# Detect if the current test is going to use TLS 1.3 or TLS 1.2. 1601# $1 and $2 contain the server and client command lines, respectively. 1602# 1603# Note: this function only provides some guess about TLS version by simply 1604# looking at the server/client command lines. Even though this works 1605# for the sake of tests' filtering (especially in conjunction with the 1606# detect_required_features() function), it does NOT guarantee that the 1607# result is accurate. It does not check other conditions, such as: 1608# - we can force a ciphersuite which contains "WITH" in its name, meaning 1609# that we are going to use TLS 1.2 1610# - etc etc 1611get_tls_version() { 1612 # First check if the version is forced on an Mbed TLS peer 1613 case $1 in 1614 *tls12*) 1615 echo "TLS12" 1616 return;; 1617 *tls13*) 1618 echo "TLS13" 1619 return;; 1620 esac 1621 case $2 in 1622 *tls12*) 1623 echo "TLS12" 1624 return;; 1625 *tls13*) 1626 echo "TLS13" 1627 return;; 1628 esac 1629 # Second check if the version is forced on an OpenSSL or GnuTLS peer 1630 case $1 in 1631 tls1_2*) 1632 echo "TLS12" 1633 return;; 1634 *tls1_3) 1635 echo "TLS13" 1636 return;; 1637 esac 1638 case $2 in 1639 *tls1_2) 1640 echo "TLS12" 1641 return;; 1642 *tls1_3) 1643 echo "TLS13" 1644 return;; 1645 esac 1646 # Third if the version is not forced, if TLS 1.3 is enabled then the test 1647 # is aimed to run a TLS 1.3 handshake. 1648 if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_3 1649 then 1650 echo "TLS13" 1651 else 1652 echo "TLS12" 1653 fi 1654} 1655 1656# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] 1657# Options: -s pattern pattern that must be present in server output 1658# -c pattern pattern that must be present in client output 1659# -u pattern lines after pattern must be unique in client output 1660# -f call shell function on client output 1661# -S pattern pattern that must be absent in server output 1662# -C pattern pattern that must be absent in client output 1663# -U pattern lines after pattern must be unique in server output 1664# -F call shell function on server output 1665# -g call shell function on server and client output 1666run_test() { 1667 NAME="$1" 1668 shift 1 1669 1670 if is_excluded "$NAME"; then 1671 SKIP_NEXT="NO" 1672 # There was no request to run the test, so don't record its outcome. 1673 return 1674 fi 1675 1676 if [ "$LIST_TESTS" -gt 0 ]; then 1677 printf "%s\n" "${TEST_SUITE_NAME:-ssl-opt};$NAME" 1678 return 1679 fi 1680 1681 # Use ssl-opt as default test suite name. Also see record_outcome function 1682 if is_excluded_test_suite "${TEST_SUITE_NAME:-ssl-opt}"; then 1683 # Do not skip next test and skip current test. 1684 SKIP_NEXT="NO" 1685 return 1686 fi 1687 1688 print_name "$NAME" 1689 1690 # Do we only run numbered tests? 1691 if [ -n "$RUN_TEST_NUMBER" ]; then 1692 case ",$RUN_TEST_NUMBER," in 1693 *",$TESTS,"*) :;; 1694 *) SKIP_NEXT="YES";; 1695 esac 1696 fi 1697 1698 # does this test use a proxy? 1699 if [ "X$1" = "X-p" ]; then 1700 PXY_CMD="$2" 1701 shift 2 1702 else 1703 PXY_CMD="" 1704 fi 1705 1706 # get commands and client output 1707 SRV_CMD="$1" 1708 CLI_CMD="$2" 1709 CLI_EXPECT="$3" 1710 shift 3 1711 1712 # Check if test uses files 1713 case "$SRV_CMD $CLI_CMD" in 1714 *$DATA_FILES_PATH/*) 1715 requires_config_enabled MBEDTLS_FS_IO;; 1716 esac 1717 1718 # Check if the test uses DTLS. 1719 detect_dtls "$SRV_CMD" 1720 if [ "$DTLS" -eq 1 ]; then 1721 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 1722 fi 1723 1724 # Check if we are trying to use an external tool which does not support ECDH 1725 EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") 1726 1727 # Guess the TLS version which is going to be used 1728 if [ "$EXT_WO_ECDH" = "no" ]; then 1729 TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") 1730 else 1731 TLS_VERSION="TLS12" 1732 fi 1733 1734 # If the client or server requires certain features that can be detected 1735 # from their command-line arguments, check whether they're enabled. 1736 detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" 1737 detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" 1738 1739 # If we're in a PSK-only build and the test can be adapted to PSK, do that. 1740 maybe_adapt_for_psk "$@" 1741 1742 # should we skip? 1743 if [ "X$SKIP_NEXT" = "XYES" ]; then 1744 SKIP_NEXT="NO" 1745 record_outcome "SKIP" 1746 SKIPS=$(( $SKIPS + 1 )) 1747 return 1748 fi 1749 1750 analyze_test_commands "$@" 1751 1752 # One regular run and two retries 1753 TIMES_LEFT=3 1754 while [ $TIMES_LEFT -gt 0 ]; do 1755 TIMES_LEFT=$(( $TIMES_LEFT - 1 )) 1756 1757 do_run_test_once 1758 1759 check_test_failure "$@" 1760 case $outcome in 1761 PASS) break;; 1762 RETRY*) printf "$outcome ";; 1763 FAIL) return;; 1764 esac 1765 done 1766 1767 # If we get this far, the test case passed. 1768 record_outcome "PASS" 1769 if [ "$PRESERVE_LOGS" -gt 0 ]; then 1770 mv $SRV_OUT o-srv-${TESTS}.log 1771 mv $CLI_OUT o-cli-${TESTS}.log 1772 if [ -n "$PXY_CMD" ]; then 1773 mv $PXY_OUT o-pxy-${TESTS}.log 1774 fi 1775 fi 1776 1777 rm -f $SRV_OUT $CLI_OUT $PXY_OUT 1778} 1779 1780run_test_psa() { 1781 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1782 set_maybe_calc_verify none 1783 run_test "PSA-supported ciphersuite: $1" \ 1784 "$P_SRV debug_level=3 force_version=tls12" \ 1785 "$P_CLI debug_level=3 force_ciphersuite=$1" \ 1786 0 \ 1787 -c "$maybe_calc_verify" \ 1788 -c "calc PSA finished" \ 1789 -s "$maybe_calc_verify" \ 1790 -s "calc PSA finished" \ 1791 -s "Protocol is TLSv1.2" \ 1792 -c "Perform PSA-based ECDH computation."\ 1793 -c "Perform PSA-based computation of digest of ServerKeyExchange" \ 1794 -S "error" \ 1795 -C "error" 1796 unset maybe_calc_verify 1797} 1798 1799run_test_psa_force_curve() { 1800 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1801 set_maybe_calc_verify none 1802 run_test "PSA - ECDH with $1" \ 1803 "$P_SRV debug_level=4 force_version=tls12 groups=$1" \ 1804 "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \ 1805 0 \ 1806 -c "$maybe_calc_verify" \ 1807 -c "calc PSA finished" \ 1808 -s "$maybe_calc_verify" \ 1809 -s "calc PSA finished" \ 1810 -s "Protocol is TLSv1.2" \ 1811 -c "Perform PSA-based ECDH computation."\ 1812 -c "Perform PSA-based computation of digest of ServerKeyExchange" \ 1813 -S "error" \ 1814 -C "error" 1815 unset maybe_calc_verify 1816} 1817 1818# Test that the server's memory usage after a handshake is reduced when a client specifies 1819# a maximum fragment length. 1820# first argument ($1) is MFL for SSL client 1821# second argument ($2) is memory usage for SSL client with default MFL (16k) 1822run_test_memory_after_handshake_with_mfl() 1823{ 1824 # The test passes if the difference is around 2*(16k-MFL) 1825 MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))" 1826 1827 # Leave some margin for robustness 1828 MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))" 1829 1830 run_test "Handshake memory usage (MFL $1)" \ 1831 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ 1832 "$P_CLI debug_level=3 \ 1833 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 1834 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ 1835 0 \ 1836 -F "handshake_memory_check $MEMORY_USAGE_LIMIT" 1837} 1838 1839 1840# Test that the server's memory usage after a handshake is reduced when a client specifies 1841# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes 1842run_tests_memory_after_handshake() 1843{ 1844 # all tests in this sequence requires the same configuration (see requires_config_enabled()) 1845 SKIP_THIS_TESTS="$SKIP_NEXT" 1846 1847 # first test with default MFU is to get reference memory usage 1848 MEMORY_USAGE_MFL_16K=0 1849 run_test "Handshake memory usage initial (MFL 16384 - default)" \ 1850 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ 1851 "$P_CLI debug_level=3 \ 1852 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 1853 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ 1854 0 \ 1855 -F "handshake_memory_get MEMORY_USAGE_MFL_16K" 1856 1857 SKIP_NEXT="$SKIP_THIS_TESTS" 1858 run_test_memory_after_handshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K" 1859 1860 SKIP_NEXT="$SKIP_THIS_TESTS" 1861 run_test_memory_after_handshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K" 1862 1863 SKIP_NEXT="$SKIP_THIS_TESTS" 1864 run_test_memory_after_handshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K" 1865 1866 SKIP_NEXT="$SKIP_THIS_TESTS" 1867 run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" 1868} 1869 1870cleanup() { 1871 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION 1872 rm -f context_srv.txt 1873 rm -f context_cli.txt 1874 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 1875 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 1876 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 1877 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 1878 exit 1 1879} 1880 1881# 1882# MAIN 1883# 1884 1885# Make the outcome file path relative to the original directory, not 1886# to .../tests 1887case "$MBEDTLS_TEST_OUTCOME_FILE" in 1888 [!/]*) 1889 MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" 1890 ;; 1891esac 1892 1893populate_enabled_hash_algs 1894 1895# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell 1896# patterns rather than regular expressions, use a case statement instead 1897# of calling grep. To keep the optimizer simple, it is incomplete and only 1898# detects simple cases: plain substring, everything, nothing. 1899# 1900# As an exception, the character '.' is treated as an ordinary character 1901# if it is the only special character in the string. This is because it's 1902# rare to need "any one character", but needing a literal '.' is common 1903# (e.g. '-f "DTLS 1.2"'). 1904need_grep= 1905case "$FILTER" in 1906 '^$') simple_filter=;; 1907 '.*') simple_filter='*';; 1908 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1909 need_grep=1;; 1910 *) # No regexp or shell-pattern special character 1911 simple_filter="*$FILTER*";; 1912esac 1913case "$EXCLUDE" in 1914 '^$') simple_exclude=;; 1915 '.*') simple_exclude='*';; 1916 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1917 need_grep=1;; 1918 *) # No regexp or shell-pattern special character 1919 simple_exclude="*$EXCLUDE*";; 1920esac 1921if [ -n "$need_grep" ]; then 1922 is_excluded () { 1923 ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" 1924 } 1925else 1926 is_excluded () { 1927 case "$1" in 1928 $simple_exclude) true;; 1929 $simple_filter) false;; 1930 *) true;; 1931 esac 1932 } 1933fi 1934 1935# Filter tests according to TEST_SUITE_NAME 1936is_excluded_test_suite () { 1937 if [ -n "$RUN_TEST_SUITE" ] 1938 then 1939 case ",$RUN_TEST_SUITE," in 1940 *",$1,"*) false;; 1941 *) true;; 1942 esac 1943 else 1944 false 1945 fi 1946 1947} 1948 1949 1950if [ "$LIST_TESTS" -eq 0 ];then 1951 1952 # sanity checks, avoid an avalanche of errors 1953 P_SRV_BIN="${P_SRV%%[ ]*}" 1954 P_CLI_BIN="${P_CLI%%[ ]*}" 1955 P_PXY_BIN="${P_PXY%%[ ]*}" 1956 if [ ! -x "$P_SRV_BIN" ]; then 1957 echo "Command '$P_SRV_BIN' is not an executable file" 1958 exit 1 1959 fi 1960 if [ ! -x "$P_CLI_BIN" ]; then 1961 echo "Command '$P_CLI_BIN' is not an executable file" 1962 exit 1 1963 fi 1964 if [ ! -x "$P_PXY_BIN" ]; then 1965 echo "Command '$P_PXY_BIN' is not an executable file" 1966 exit 1 1967 fi 1968 if [ "$MEMCHECK" -gt 0 ]; then 1969 if which valgrind >/dev/null 2>&1; then :; else 1970 echo "Memcheck not possible. Valgrind not found" 1971 exit 1 1972 fi 1973 fi 1974 if which $OPENSSL >/dev/null 2>&1; then :; else 1975 echo "Command '$OPENSSL' not found" 1976 exit 1 1977 fi 1978 1979 # used by watchdog 1980 MAIN_PID="$$" 1981 1982 # We use somewhat arbitrary delays for tests: 1983 # - how long do we wait for the server to start (when lsof not available)? 1984 # - how long do we allow for the client to finish? 1985 # (not to check performance, just to avoid waiting indefinitely) 1986 # Things are slower with valgrind, so give extra time here. 1987 # 1988 # Note: without lsof, there is a trade-off between the running time of this 1989 # script and the risk of spurious errors because we didn't wait long enough. 1990 # The watchdog delay on the other hand doesn't affect normal running time of 1991 # the script, only the case where a client or server gets stuck. 1992 if [ "$MEMCHECK" -gt 0 ]; then 1993 START_DELAY=6 1994 DOG_DELAY=60 1995 else 1996 START_DELAY=2 1997 DOG_DELAY=20 1998 fi 1999 2000 # some particular tests need more time: 2001 # - for the client, we multiply the usual watchdog limit by a factor 2002 # - for the server, we sleep for a number of seconds after the client exits 2003 # see client_need_more_time() and server_needs_more_time() 2004 CLI_DELAY_FACTOR=1 2005 SRV_DELAY_SECONDS=0 2006 2007 # fix commands to use this port, force IPv4 while at it 2008 # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later 2009 # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many 2010 # machines that will resolve to ::1, and we don't want ipv6 here. 2011 P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" 2012 P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" 2013 P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" 2014 O_SRV="$O_SRV -accept $SRV_PORT" 2015 O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" 2016 G_SRV="$G_SRV -p $SRV_PORT" 2017 G_CLI="$G_CLI -p +SRV_PORT" 2018 2019 # Newer versions of OpenSSL have a syntax to enable all "ciphers", even 2020 # low-security ones. This covers not just cipher suites but also protocol 2021 # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on 2022 # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in 2023 # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find 2024 # a way to discover it from -help, so check the openssl version. 2025 case $($OPENSSL version) in 2026 "OpenSSL 0"*|"OpenSSL 1.0"*) :;; 2027 *) 2028 O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" 2029 O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" 2030 ;; 2031 esac 2032 2033 if [ -n "${OPENSSL_NEXT:-}" ]; then 2034 O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" 2035 O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" 2036 O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" 2037 O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" 2038 O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" 2039 fi 2040 2041 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 2042 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" 2043 G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" 2044 fi 2045 2046 if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 2047 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" 2048 G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" 2049 fi 2050 2051 # Allow SHA-1, because many of our test certificates use it 2052 P_SRV="$P_SRV allow_sha1=1" 2053 P_CLI="$P_CLI allow_sha1=1" 2054 2055fi 2056# Also pick a unique name for intermediate files 2057SRV_OUT="srv_out.$$" 2058CLI_OUT="cli_out.$$" 2059PXY_OUT="pxy_out.$$" 2060SESSION="session.$$" 2061 2062SKIP_NEXT="NO" 2063 2064trap cleanup INT TERM HUP 2065 2066# Basic test 2067 2068# Checks that: 2069# - things work with all ciphersuites active (used with config-full in all.sh) 2070# - the expected parameters are selected 2071requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 2072requires_hash_alg SHA_512 # "signature_algorithm ext: 6" 2073requires_any_configs_enabled "MBEDTLS_ECP_DP_CURVE25519_ENABLED \ 2074 PSA_WANT_ECC_MONTGOMERY_255" 2075run_test "Default, TLS 1.2" \ 2076 "$P_SRV debug_level=3" \ 2077 "$P_CLI force_version=tls12" \ 2078 0 \ 2079 -s "Protocol is TLSv1.2" \ 2080 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ 2081 -s "client hello v3, signature_algorithm ext: 6" \ 2082 -s "ECDHE curve: x25519" \ 2083 -S "error" \ 2084 -C "error" 2085 2086requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2087requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 2088run_test "Default, DTLS" \ 2089 "$P_SRV dtls=1" \ 2090 "$P_CLI dtls=1" \ 2091 0 \ 2092 -s "Protocol is DTLSv1.2" \ 2093 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" 2094 2095requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 2096run_test "TLS client auth: required" \ 2097 "$P_SRV auth_mode=required" \ 2098 "$P_CLI" \ 2099 0 \ 2100 -s "Verifying peer X.509 certificate... ok" 2101 2102run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2103 "$P_SRV" \ 2104 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2105 0 \ 2106 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2107 -c "Key size is 256" 2108 2109run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2110 "$P_SRV" \ 2111 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2112 0 \ 2113 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2114 -c "Key size is 128" 2115 2116requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2117# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM 2118# module does not support PSA dispatching so we need builtin support. 2119requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 2120requires_config_enabled MBEDTLS_AES_C 2121requires_hash_alg MD5 2122requires_hash_alg SHA_256 2123run_test "TLS: password protected client key" \ 2124 "$P_SRV force_version=tls12 auth_mode=required" \ 2125 "$P_CLI crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ 2126 0 2127 2128requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2129# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM 2130# module does not support PSA dispatching so we need builtin support. 2131requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 2132requires_config_enabled MBEDTLS_AES_C 2133requires_hash_alg MD5 2134requires_hash_alg SHA_256 2135run_test "TLS: password protected server key" \ 2136 "$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ 2137 "$P_CLI force_version=tls12" \ 2138 0 2139 2140requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2141requires_config_enabled MBEDTLS_RSA_C 2142# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM 2143# module does not support PSA dispatching so we need builtin support. 2144requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 2145requires_config_enabled MBEDTLS_AES_C 2146requires_hash_alg MD5 2147requires_hash_alg SHA_256 2148run_test "TLS: password protected server key, two certificates" \ 2149 "$P_SRV force_version=tls12\ 2150 key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest crt_file=$DATA_FILES_PATH/server5.crt \ 2151 key_file2=$DATA_FILES_PATH/server2.key.enc key_pwd2=PolarSSLTest crt_file2=$DATA_FILES_PATH/server2.crt" \ 2152 "$P_CLI" \ 2153 0 2154 2155requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 2156run_test "CA callback on client" \ 2157 "$P_SRV debug_level=3" \ 2158 "$P_CLI ca_callback=1 debug_level=3 " \ 2159 0 \ 2160 -c "use CA callback for X.509 CRT verification" \ 2161 -S "error" \ 2162 -C "error" 2163 2164requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 2165requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2166requires_hash_alg SHA_256 2167run_test "CA callback on server" \ 2168 "$P_SRV auth_mode=required" \ 2169 "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \ 2170 key_file=$DATA_FILES_PATH/server5.key" \ 2171 0 \ 2172 -c "use CA callback for X.509 CRT verification" \ 2173 -s "Verifying peer X.509 certificate... ok" \ 2174 -S "error" \ 2175 -C "error" 2176 2177# Test using an EC opaque private key for client authentication 2178requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2179requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2180requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2181requires_hash_alg SHA_256 2182run_test "Opaque key for client authentication: ECDHE-ECDSA" \ 2183 "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt \ 2184 key_file=$DATA_FILES_PATH/server5.key" \ 2185 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2186 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 2187 0 \ 2188 -c "key type: Opaque" \ 2189 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2190 -s "Verifying peer X.509 certificate... ok" \ 2191 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2192 -S "error" \ 2193 -C "error" 2194 2195# Test using a RSA opaque private key for client authentication 2196requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2197requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2198requires_config_enabled MBEDTLS_RSA_C 2199requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2200requires_hash_alg SHA_256 2201run_test "Opaque key for client authentication: ECDHE-RSA" \ 2202 "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2203 key_file=$DATA_FILES_PATH/server2.key" \ 2204 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2205 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2206 0 \ 2207 -c "key type: Opaque" \ 2208 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2209 -s "Verifying peer X.509 certificate... ok" \ 2210 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2211 -S "error" \ 2212 -C "error" 2213 2214requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2215requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2216requires_config_enabled MBEDTLS_RSA_C 2217requires_hash_alg SHA_256 2218run_test "Opaque key for client authentication: DHE-RSA" \ 2219 "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2220 key_file=$DATA_FILES_PATH/server2.key" \ 2221 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2222 key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 2223 key_opaque_algs=rsa-sign-pkcs1,none" \ 2224 0 \ 2225 -c "key type: Opaque" \ 2226 -c "Ciphersuite is TLS-DHE-RSA" \ 2227 -s "Verifying peer X.509 certificate... ok" \ 2228 -s "Ciphersuite is TLS-DHE-RSA" \ 2229 -S "error" \ 2230 -C "error" 2231 2232# Test using an EC opaque private key for server authentication 2233requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2234requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2235requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2236requires_hash_alg SHA_256 2237run_test "Opaque key for server authentication: ECDHE-ECDSA" \ 2238 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2239 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 2240 "$P_CLI force_version=tls12" \ 2241 0 \ 2242 -c "Verifying peer X.509 certificate... ok" \ 2243 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2244 -s "key types: Opaque, none" \ 2245 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2246 -S "error" \ 2247 -C "error" 2248 2249requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2250requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2251requires_hash_alg SHA_256 2252run_test "Opaque key for server authentication: ECDH-" \ 2253 "$P_SRV auth_mode=required key_opaque=1\ 2254 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ 2255 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ 2256 "$P_CLI force_version=tls12" \ 2257 0 \ 2258 -c "Verifying peer X.509 certificate... ok" \ 2259 -c "Ciphersuite is TLS-ECDH-" \ 2260 -s "key types: Opaque, none" \ 2261 -s "Ciphersuite is TLS-ECDH-" \ 2262 -S "error" \ 2263 -C "error" 2264 2265requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2266requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2267requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE 2268requires_hash_alg SHA_256 2269run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ 2270 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2271 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ 2272 debug_level=1" \ 2273 "$P_CLI force_version=tls12" \ 2274 1 \ 2275 -s "key types: Opaque, none" \ 2276 -s "error" \ 2277 -c "error" \ 2278 -c "Public key type mismatch" 2279 2280requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2281requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2282requires_config_enabled MBEDTLS_ECDSA_C 2283requires_config_enabled MBEDTLS_RSA_C 2284requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE 2285requires_hash_alg SHA_256 2286run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ 2287 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2288 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ 2289 debug_level=1" \ 2290 "$P_CLI force_version=tls12" \ 2291 1 \ 2292 -s "key types: Opaque, none" \ 2293 -s "error" \ 2294 -c "error" \ 2295 -c "Public key type mismatch" 2296 2297requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2298requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2299requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 2300requires_hash_alg SHA_256 2301run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ 2302 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2303 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ 2304 debug_level=1" \ 2305 "$P_CLI force_version=tls12" \ 2306 1 \ 2307 -s "key types: Opaque, none" \ 2308 -s "got ciphersuites in common, but none of them usable" \ 2309 -s "error" \ 2310 -c "error" 2311 2312requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2313requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2314requires_config_enabled MBEDTLS_RSA_C 2315requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 2316requires_hash_alg SHA_256 2317run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ 2318 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2319 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ 2320 debug_level=1" \ 2321 "$P_CLI force_version=tls12" \ 2322 1 \ 2323 -s "key types: Opaque, none" \ 2324 -s "got ciphersuites in common, but none of them usable" \ 2325 -s "error" \ 2326 -c "error" 2327 2328requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2329requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2330requires_hash_alg SHA_256 2331run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ 2332 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2333 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none \ 2334 debug_level=1" \ 2335 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 2336 1 \ 2337 -s "key types: Opaque, none" \ 2338 -s "got ciphersuites in common, but none of them usable" \ 2339 -s "error" \ 2340 -c "error" 2341 2342requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2343requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2344requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2345requires_hash_alg SHA_256 2346requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2347run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \ 2348 "$P_SRV force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ 2349 key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdh,none \ 2350 crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ 2351 key_opaque_algs2=ecdsa-sign,none" \ 2352 "$P_CLI force_version=tls12" \ 2353 0 \ 2354 -c "Verifying peer X.509 certificate... ok" \ 2355 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2356 -c "CN=Polarssl Test EC CA" \ 2357 -s "key types: Opaque, Opaque" \ 2358 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2359 -S "error" \ 2360 -C "error" 2361 2362requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2363requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2364requires_hash_alg SHA_384 2365requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2366run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ 2367 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ 2368 key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \ 2369 crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ 2370 key_opaque_algs2=ecdh,none debug_level=3" \ 2371 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ 2372 0 \ 2373 -c "Verifying peer X.509 certificate... ok" \ 2374 -c "Ciphersuite is TLS-ECDH-ECDSA" \ 2375 -c "CN=Polarssl Test EC CA" \ 2376 -s "key types: Opaque, Opaque" \ 2377 -s "Ciphersuite is TLS-ECDH-ECDSA" \ 2378 -S "error" \ 2379 -C "error" 2380 2381requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2382requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2383requires_hash_alg SHA_384 2384requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2385run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ 2386 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2387 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ 2388 crt_file2=$DATA_FILES_PATH/server2-sha256.crt \ 2389 key_file2=$DATA_FILES_PATH/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \ 2390 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 2391 0 \ 2392 -c "Verifying peer X.509 certificate... ok" \ 2393 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2394 -c "CN=Polarssl Test EC CA" \ 2395 -s "key types: Opaque, Opaque" \ 2396 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2397 -S "error" \ 2398 -C "error" 2399 2400requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2401requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2402requires_config_enabled MBEDTLS_RSA_C 2403requires_config_enabled MBEDTLS_SSL_SRV_C 2404requires_config_enabled MBEDTLS_SSL_CLI_C 2405run_test "TLS 1.3 opaque key: no suitable algorithm found" \ 2406 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ 2407 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2408 1 \ 2409 -c "key type: Opaque" \ 2410 -s "key types: Opaque, Opaque" \ 2411 -c "error" \ 2412 -s "no suitable signature algorithm" 2413 2414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2415requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2416requires_config_enabled MBEDTLS_RSA_C 2417requires_config_enabled MBEDTLS_SSL_SRV_C 2418requires_config_enabled MBEDTLS_SSL_CLI_C 2419run_test "TLS 1.3 opaque key: suitable algorithm found" \ 2420 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2421 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2422 0 \ 2423 -c "key type: Opaque" \ 2424 -s "key types: Opaque, Opaque" \ 2425 -C "error" \ 2426 -S "error" 2427 2428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2429requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2430requires_config_enabled MBEDTLS_RSA_C 2431requires_config_enabled MBEDTLS_SSL_SRV_C 2432requires_config_enabled MBEDTLS_SSL_CLI_C 2433run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ 2434 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ 2435 "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ 2436 0 \ 2437 -s "key types: Opaque, Opaque" \ 2438 -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ 2439 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 2440 -C "error" \ 2441 -S "error" \ 2442 2443requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2444requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2445requires_config_enabled MBEDTLS_RSA_C 2446requires_config_enabled MBEDTLS_SSL_SRV_C 2447requires_config_enabled MBEDTLS_SSL_CLI_C 2448run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ 2449 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2450 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2451 0 \ 2452 -c "key type: Opaque" \ 2453 -s "key types: Opaque, Opaque" \ 2454 -C "error" \ 2455 -S "error" \ 2456 2457# Test using a RSA opaque private key for server authentication 2458requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2459requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2460requires_config_enabled MBEDTLS_RSA_C 2461requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2462requires_hash_alg SHA_256 2463run_test "Opaque key for server authentication: ECDHE-RSA" \ 2464 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2465 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2466 "$P_CLI force_version=tls12" \ 2467 0 \ 2468 -c "Verifying peer X.509 certificate... ok" \ 2469 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2470 -s "key types: Opaque, none" \ 2471 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2472 -S "error" \ 2473 -C "error" 2474 2475requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2476requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2477requires_config_enabled MBEDTLS_RSA_C 2478requires_hash_alg SHA_256 2479run_test "Opaque key for server authentication: DHE-RSA" \ 2480 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2481 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2482 "$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2483 0 \ 2484 -c "Verifying peer X.509 certificate... ok" \ 2485 -c "Ciphersuite is TLS-DHE-RSA" \ 2486 -s "key types: Opaque, none" \ 2487 -s "Ciphersuite is TLS-DHE-RSA" \ 2488 -S "error" \ 2489 -C "error" 2490 2491requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2492requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2493requires_config_enabled MBEDTLS_RSA_C 2494requires_hash_alg SHA_256 2495run_test "Opaque key for server authentication: RSA-PSK" \ 2496 "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \ 2497 psk=73776f726466697368 psk_identity=foo" \ 2498 "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ 2499 psk=73776f726466697368 psk_identity=foo" \ 2500 0 \ 2501 -c "Verifying peer X.509 certificate... ok" \ 2502 -c "Ciphersuite is TLS-RSA-PSK-" \ 2503 -s "key types: Opaque, Opaque" \ 2504 -s "Ciphersuite is TLS-RSA-PSK-" \ 2505 -S "error" \ 2506 -C "error" 2507 2508requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2509requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2510requires_config_enabled MBEDTLS_RSA_C 2511requires_hash_alg SHA_256 2512run_test "Opaque key for server authentication: RSA-" \ 2513 "$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \ 2514 "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \ 2515 0 \ 2516 -c "Verifying peer X.509 certificate... ok" \ 2517 -c "Ciphersuite is TLS-RSA-" \ 2518 -s "key types: Opaque, Opaque" \ 2519 -s "Ciphersuite is TLS-RSA-" \ 2520 -S "error" \ 2521 -C "error" 2522 2523requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2524requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2525requires_config_enabled MBEDTLS_RSA_C 2526requires_hash_alg SHA_256 2527run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \ 2528 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2529 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ 2530 "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2531 key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2532 1 \ 2533 -s "key types: Opaque, none" \ 2534 -s "got ciphersuites in common, but none of them usable" \ 2535 -s "error" \ 2536 -c "error" 2537 2538requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2539requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2540requires_config_enabled MBEDTLS_RSA_C 2541requires_hash_alg SHA_256 2542requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2543requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2544run_test "Opaque keys for server authentication: RSA keys with different algs" \ 2545 "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2546 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none \ 2547 crt_file2=$DATA_FILES_PATH/server4.crt \ 2548 key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ 2549 "$P_CLI force_version=tls12" \ 2550 0 \ 2551 -c "Verifying peer X.509 certificate... ok" \ 2552 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2553 -c "CN=Polarssl Test EC CA" \ 2554 -s "key types: Opaque, Opaque" \ 2555 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2556 -S "error" \ 2557 -C "error" 2558 2559requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2560requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2561requires_config_enabled MBEDTLS_RSA_C 2562requires_hash_alg SHA_384 2563requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2564run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ 2565 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2566 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ 2567 crt_file2=$DATA_FILES_PATH/server4.crt \ 2568 key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ 2569 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2570 0 \ 2571 -c "Verifying peer X.509 certificate... ok" \ 2572 -c "Ciphersuite is TLS-DHE-RSA" \ 2573 -c "CN=Polarssl Test EC CA" \ 2574 -s "key types: Opaque, Opaque" \ 2575 -s "Ciphersuite is TLS-DHE-RSA" \ 2576 -S "error" \ 2577 -C "error" 2578 2579# Test using an EC opaque private key for client/server authentication 2580requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2581requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2582requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2583requires_hash_alg SHA_256 2584run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ 2585 "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2586 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 2587 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ 2588 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 2589 0 \ 2590 -c "key type: Opaque" \ 2591 -c "Verifying peer X.509 certificate... ok" \ 2592 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2593 -s "key types: Opaque, none" \ 2594 -s "Verifying peer X.509 certificate... ok" \ 2595 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2596 -S "error" \ 2597 -C "error" 2598 2599# Test using a RSA opaque private key for client/server authentication 2600requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2601requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2602requires_config_enabled MBEDTLS_RSA_C 2603requires_hash_alg SHA_256 2604requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2605run_test "Opaque key for client/server authentication: ECDHE-RSA" \ 2606 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2607 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2608 "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2609 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2610 0 \ 2611 -c "key type: Opaque" \ 2612 -c "Verifying peer X.509 certificate... ok" \ 2613 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2614 -s "key types: Opaque, none" \ 2615 -s "Verifying peer X.509 certificate... ok" \ 2616 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2617 -S "error" \ 2618 -C "error" 2619 2620requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2621requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2622requires_config_enabled MBEDTLS_RSA_C 2623requires_hash_alg SHA_256 2624run_test "Opaque key for client/server authentication: DHE-RSA" \ 2625 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2626 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2627 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 2628 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none \ 2629 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2630 0 \ 2631 -c "key type: Opaque" \ 2632 -c "Verifying peer X.509 certificate... ok" \ 2633 -c "Ciphersuite is TLS-DHE-RSA" \ 2634 -s "key types: Opaque, none" \ 2635 -s "Verifying peer X.509 certificate... ok" \ 2636 -s "Ciphersuite is TLS-DHE-RSA" \ 2637 -S "error" \ 2638 -C "error" 2639 2640 2641# Test ciphersuites which we expect to be fully supported by PSA Crypto 2642# and check that we don't fall back to Mbed TLS' internal crypto primitives. 2643run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM 2644run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 2645run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM 2646run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 2647run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 2648run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 2649run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 2650run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 2651run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 2652 2653requires_config_enabled PSA_WANT_ECC_SECP_R1_521 2654run_test_psa_force_curve "secp521r1" 2655requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512 2656run_test_psa_force_curve "brainpoolP512r1" 2657requires_config_enabled PSA_WANT_ECC_SECP_R1_384 2658run_test_psa_force_curve "secp384r1" 2659requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384 2660run_test_psa_force_curve "brainpoolP384r1" 2661requires_config_enabled PSA_WANT_ECC_SECP_R1_256 2662run_test_psa_force_curve "secp256r1" 2663requires_config_enabled PSA_WANT_ECC_SECP_K1_256 2664run_test_psa_force_curve "secp256k1" 2665requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 2666run_test_psa_force_curve "brainpoolP256r1" 2667requires_config_enabled PSA_WANT_ECC_SECP_R1_224 2668run_test_psa_force_curve "secp224r1" 2669## SECP224K1 is buggy via the PSA API 2670## (https://github.com/Mbed-TLS/mbedtls/issues/3541), 2671## so it is disabled in PSA even when it's enabled in Mbed TLS. 2672## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but 2673## dependencies on PSA symbols in ssl-opt.sh are not implemented yet. 2674#requires_config_enabled PSA_WANT_ECC_SECP_K1_224 2675#run_test_psa_force_curve "secp224k1" 2676requires_config_enabled PSA_WANT_ECC_SECP_R1_192 2677run_test_psa_force_curve "secp192r1" 2678requires_config_enabled PSA_WANT_ECC_SECP_K1_192 2679run_test_psa_force_curve "secp192k1" 2680 2681# Test current time in ServerHello 2682requires_config_enabled MBEDTLS_HAVE_TIME 2683run_test "ServerHello contains gmt_unix_time" \ 2684 "$P_SRV debug_level=3" \ 2685 "$P_CLI force_version=tls12 debug_level=3" \ 2686 0 \ 2687 -f "check_server_hello_time" \ 2688 -F "check_server_hello_time" 2689 2690# Test for uniqueness of IVs in AEAD ciphersuites 2691run_test "Unique IV in GCM" \ 2692 "$P_SRV exchanges=20 debug_level=4" \ 2693 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 2694 0 \ 2695 -u "IV used" \ 2696 -U "IV used" 2697 2698# Test for correctness of sent single supported algorithm 2699requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ 2700 PSA_WANT_ECC_SECP_R1_256" 2701requires_config_enabled MBEDTLS_DEBUG_C 2702requires_config_enabled MBEDTLS_SSL_CLI_C 2703requires_config_enabled MBEDTLS_SSL_SRV_C 2704requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 2705requires_pk_alg "ECDSA" 2706requires_hash_alg SHA_256 2707run_test "Single supported algorithm sending: mbedtls client" \ 2708 "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ 2709 "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ 2710 0 \ 2711 -c "Supported Signature Algorithm found: 04 03" 2712 2713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2714requires_config_enabled MBEDTLS_SSL_SRV_C 2715requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ 2716 PSA_WANT_ECC_SECP_R1_256" 2717requires_hash_alg SHA_256 2718run_test "Single supported algorithm sending: openssl client" \ 2719 "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ 2720 "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ 2721 -key $DATA_FILES_PATH/server6.key" \ 2722 0 2723 2724# Tests for certificate verification callback 2725requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 2726run_test "Configuration-specific CRT verification callback" \ 2727 "$P_SRV debug_level=3" \ 2728 "$P_CLI context_crt_cb=0 debug_level=3" \ 2729 0 \ 2730 -S "error" \ 2731 -c "Verify requested for " \ 2732 -c "Use configuration-specific verification callback" \ 2733 -C "Use context-specific verification callback" \ 2734 -C "error" 2735 2736requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 2737run_test "Context-specific CRT verification callback" \ 2738 "$P_SRV debug_level=3" \ 2739 "$P_CLI context_crt_cb=1 debug_level=3" \ 2740 0 \ 2741 -S "error" \ 2742 -c "Verify requested for " \ 2743 -c "Use context-specific verification callback" \ 2744 -C "Use configuration-specific verification callback" \ 2745 -C "error" 2746 2747# Tests for SHA-1 support 2748requires_hash_alg SHA_1 2749run_test "SHA-1 forbidden by default in server certificate" \ 2750 "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ 2751 "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ 2752 1 \ 2753 -c "The certificate is signed with an unacceptable hash" 2754 2755requires_hash_alg SHA_1 2756run_test "SHA-1 explicitly allowed in server certificate" \ 2757 "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ 2758 "$P_CLI force_version=tls12 allow_sha1=1" \ 2759 0 2760 2761run_test "SHA-256 allowed by default in server certificate" \ 2762 "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2-sha256.crt" \ 2763 "$P_CLI force_version=tls12 allow_sha1=0" \ 2764 0 2765 2766requires_hash_alg SHA_1 2767requires_config_enabled MBEDTLS_RSA_C 2768run_test "SHA-1 forbidden by default in client certificate" \ 2769 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ 2770 "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ 2771 1 \ 2772 -s "The certificate is signed with an unacceptable hash" 2773 2774requires_hash_alg SHA_1 2775requires_config_enabled MBEDTLS_RSA_C 2776run_test "SHA-1 explicitly allowed in client certificate" \ 2777 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ 2778 "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ 2779 0 2780 2781requires_config_enabled MBEDTLS_RSA_C 2782requires_hash_alg SHA_256 2783run_test "SHA-256 allowed by default in client certificate" \ 2784 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ 2785 "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha256.crt" \ 2786 0 2787 2788# Tests for datagram packing 2789requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2790run_test "DTLS: multiple records in same datagram, client and server" \ 2791 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 2792 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 2793 0 \ 2794 -c "next record in same datagram" \ 2795 -s "next record in same datagram" 2796 2797requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2798run_test "DTLS: multiple records in same datagram, client only" \ 2799 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 2800 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 2801 0 \ 2802 -s "next record in same datagram" \ 2803 -C "next record in same datagram" 2804 2805requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2806run_test "DTLS: multiple records in same datagram, server only" \ 2807 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 2808 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 2809 0 \ 2810 -S "next record in same datagram" \ 2811 -c "next record in same datagram" 2812 2813requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2814run_test "DTLS: multiple records in same datagram, neither client nor server" \ 2815 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 2816 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 2817 0 \ 2818 -S "next record in same datagram" \ 2819 -C "next record in same datagram" 2820 2821# Tests for Context serialization 2822 2823requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2824run_test "Context serialization, client serializes, CCM" \ 2825 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2826 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2827 0 \ 2828 -c "Deserializing connection..." \ 2829 -S "Deserializing connection..." 2830 2831requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2832run_test "Context serialization, client serializes, ChaChaPoly" \ 2833 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2834 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2835 0 \ 2836 -c "Deserializing connection..." \ 2837 -S "Deserializing connection..." 2838 2839requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2840run_test "Context serialization, client serializes, GCM" \ 2841 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2842 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2843 0 \ 2844 -c "Deserializing connection..." \ 2845 -S "Deserializing connection..." 2846 2847requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2848requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2849requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2850run_test "Context serialization, client serializes, with CID" \ 2851 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ 2852 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ 2853 0 \ 2854 -c "Deserializing connection..." \ 2855 -S "Deserializing connection..." 2856 2857requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2858run_test "Context serialization, server serializes, CCM" \ 2859 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2860 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2861 0 \ 2862 -C "Deserializing connection..." \ 2863 -s "Deserializing connection..." 2864 2865requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2866run_test "Context serialization, server serializes, ChaChaPoly" \ 2867 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2868 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2869 0 \ 2870 -C "Deserializing connection..." \ 2871 -s "Deserializing connection..." 2872 2873requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2874run_test "Context serialization, server serializes, GCM" \ 2875 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2876 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2877 0 \ 2878 -C "Deserializing connection..." \ 2879 -s "Deserializing connection..." 2880 2881requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2882requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2883requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2884run_test "Context serialization, server serializes, with CID" \ 2885 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ 2886 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ 2887 0 \ 2888 -C "Deserializing connection..." \ 2889 -s "Deserializing connection..." 2890 2891requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2892run_test "Context serialization, both serialize, CCM" \ 2893 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2894 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2895 0 \ 2896 -c "Deserializing connection..." \ 2897 -s "Deserializing connection..." 2898 2899requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2900run_test "Context serialization, both serialize, ChaChaPoly" \ 2901 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2902 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2903 0 \ 2904 -c "Deserializing connection..." \ 2905 -s "Deserializing connection..." 2906 2907requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2908run_test "Context serialization, both serialize, GCM" \ 2909 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2910 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2911 0 \ 2912 -c "Deserializing connection..." \ 2913 -s "Deserializing connection..." 2914 2915requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2916requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2917requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2918run_test "Context serialization, both serialize, with CID" \ 2919 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ 2920 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ 2921 0 \ 2922 -c "Deserializing connection..." \ 2923 -s "Deserializing connection..." 2924 2925requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2926run_test "Context serialization, re-init, client serializes, CCM" \ 2927 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2928 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2929 0 \ 2930 -c "Deserializing connection..." \ 2931 -S "Deserializing connection..." 2932 2933requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2934requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2935run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ 2936 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2937 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2938 0 \ 2939 -c "Deserializing connection..." \ 2940 -S "Deserializing connection..." 2941 2942requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2943run_test "Context serialization, re-init, client serializes, GCM" \ 2944 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2945 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2946 0 \ 2947 -c "Deserializing connection..." \ 2948 -S "Deserializing connection..." 2949 2950requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2951requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2952requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2953run_test "Context serialization, re-init, client serializes, with CID" \ 2954 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ 2955 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ 2956 0 \ 2957 -c "Deserializing connection..." \ 2958 -S "Deserializing connection..." 2959 2960requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2961run_test "Context serialization, re-init, server serializes, CCM" \ 2962 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2963 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2964 0 \ 2965 -C "Deserializing connection..." \ 2966 -s "Deserializing connection..." 2967 2968requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2969run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ 2970 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2971 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2972 0 \ 2973 -C "Deserializing connection..." \ 2974 -s "Deserializing connection..." 2975 2976requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2977run_test "Context serialization, re-init, server serializes, GCM" \ 2978 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2979 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2980 0 \ 2981 -C "Deserializing connection..." \ 2982 -s "Deserializing connection..." 2983 2984requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2985requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2986requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2987run_test "Context serialization, re-init, server serializes, with CID" \ 2988 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ 2989 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ 2990 0 \ 2991 -C "Deserializing connection..." \ 2992 -s "Deserializing connection..." 2993 2994requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2995run_test "Context serialization, re-init, both serialize, CCM" \ 2996 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2997 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2998 0 \ 2999 -c "Deserializing connection..." \ 3000 -s "Deserializing connection..." 3001 3002requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 3003run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ 3004 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 3005 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 3006 0 \ 3007 -c "Deserializing connection..." \ 3008 -s "Deserializing connection..." 3009 3010requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 3011run_test "Context serialization, re-init, both serialize, GCM" \ 3012 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 3013 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 3014 0 \ 3015 -c "Deserializing connection..." \ 3016 -s "Deserializing connection..." 3017 3018requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3019requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 3020requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3021run_test "Context serialization, re-init, both serialize, with CID" \ 3022 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ 3023 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ 3024 0 \ 3025 -c "Deserializing connection..." \ 3026 -s "Deserializing connection..." 3027 3028requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3029requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 3030run_test "Saving the serialized context to a file" \ 3031 "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ 3032 "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \ 3033 0 \ 3034 -s "Save serialized context to a file... ok" \ 3035 -c "Save serialized context to a file... ok" 3036rm -f context_srv.txt 3037rm -f context_cli.txt 3038 3039# Tests for DTLS Connection ID extension 3040 3041# So far, the CID API isn't implemented, so we can't 3042# grep for output witnessing its use. This needs to be 3043# changed once the CID extension is implemented. 3044 3045requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3046requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3047run_test "Connection ID: Cli enabled, Srv disabled" \ 3048 "$P_SRV debug_level=3 dtls=1 cid=0" \ 3049 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3050 0 \ 3051 -s "Disable use of CID extension." \ 3052 -s "found CID extension" \ 3053 -s "Client sent CID extension, but CID disabled" \ 3054 -c "Enable use of CID extension." \ 3055 -c "client hello, adding CID extension" \ 3056 -S "server hello, adding CID extension" \ 3057 -C "found CID extension" \ 3058 -S "Copy CIDs into SSL transform" \ 3059 -C "Copy CIDs into SSL transform" \ 3060 -c "Use of Connection ID was rejected by the server" 3061 3062requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3063requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3064run_test "Connection ID: Cli disabled, Srv enabled" \ 3065 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3066 "$P_CLI debug_level=3 dtls=1 cid=0" \ 3067 0 \ 3068 -c "Disable use of CID extension." \ 3069 -C "client hello, adding CID extension" \ 3070 -S "found CID extension" \ 3071 -s "Enable use of CID extension." \ 3072 -S "server hello, adding CID extension" \ 3073 -C "found CID extension" \ 3074 -S "Copy CIDs into SSL transform" \ 3075 -C "Copy CIDs into SSL transform" \ 3076 -s "Use of Connection ID was not offered by client" 3077 3078requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3079requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3080run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3081 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 3082 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 3083 0 \ 3084 -c "Enable use of CID extension." \ 3085 -s "Enable use of CID extension." \ 3086 -c "client hello, adding CID extension" \ 3087 -s "found CID extension" \ 3088 -s "Use of CID extension negotiated" \ 3089 -s "server hello, adding CID extension" \ 3090 -c "found CID extension" \ 3091 -c "Use of CID extension negotiated" \ 3092 -s "Copy CIDs into SSL transform" \ 3093 -c "Copy CIDs into SSL transform" \ 3094 -c "Peer CID (length 2 Bytes): de ad" \ 3095 -s "Peer CID (length 2 Bytes): be ef" \ 3096 -s "Use of Connection ID has been negotiated" \ 3097 -c "Use of Connection ID has been negotiated" 3098 3099requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3100requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3101run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3102 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3103 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ 3104 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \ 3105 0 \ 3106 -c "Enable use of CID extension." \ 3107 -s "Enable use of CID extension." \ 3108 -c "client hello, adding CID extension" \ 3109 -s "found CID extension" \ 3110 -s "Use of CID extension negotiated" \ 3111 -s "server hello, adding CID extension" \ 3112 -c "found CID extension" \ 3113 -c "Use of CID extension negotiated" \ 3114 -s "Copy CIDs into SSL transform" \ 3115 -c "Copy CIDs into SSL transform" \ 3116 -c "Peer CID (length 2 Bytes): de ad" \ 3117 -s "Peer CID (length 2 Bytes): be ef" \ 3118 -s "Use of Connection ID has been negotiated" \ 3119 -c "Use of Connection ID has been negotiated" \ 3120 -c "ignoring unexpected CID" \ 3121 -s "ignoring unexpected CID" 3122 3123requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3124requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3125run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3126 -p "$P_PXY mtu=800" \ 3127 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ 3128 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ 3129 0 \ 3130 -c "Enable use of CID extension." \ 3131 -s "Enable use of CID extension." \ 3132 -c "client hello, adding CID extension" \ 3133 -s "found CID extension" \ 3134 -s "Use of CID extension negotiated" \ 3135 -s "server hello, adding CID extension" \ 3136 -c "found CID extension" \ 3137 -c "Use of CID extension negotiated" \ 3138 -s "Copy CIDs into SSL transform" \ 3139 -c "Copy CIDs into SSL transform" \ 3140 -c "Peer CID (length 2 Bytes): de ad" \ 3141 -s "Peer CID (length 2 Bytes): be ef" \ 3142 -s "Use of Connection ID has been negotiated" \ 3143 -c "Use of Connection ID has been negotiated" 3144 3145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3146requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3147run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3148 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 3149 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ 3150 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ 3151 0 \ 3152 -c "Enable use of CID extension." \ 3153 -s "Enable use of CID extension." \ 3154 -c "client hello, adding CID extension" \ 3155 -s "found CID extension" \ 3156 -s "Use of CID extension negotiated" \ 3157 -s "server hello, adding CID extension" \ 3158 -c "found CID extension" \ 3159 -c "Use of CID extension negotiated" \ 3160 -s "Copy CIDs into SSL transform" \ 3161 -c "Copy CIDs into SSL transform" \ 3162 -c "Peer CID (length 2 Bytes): de ad" \ 3163 -s "Peer CID (length 2 Bytes): be ef" \ 3164 -s "Use of Connection ID has been negotiated" \ 3165 -c "Use of Connection ID has been negotiated" \ 3166 -c "ignoring unexpected CID" \ 3167 -s "ignoring unexpected CID" 3168 3169requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3170requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3171run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ 3172 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3173 "$P_CLI debug_level=3 dtls=1 cid=1" \ 3174 0 \ 3175 -c "Enable use of CID extension." \ 3176 -s "Enable use of CID extension." \ 3177 -c "client hello, adding CID extension" \ 3178 -s "found CID extension" \ 3179 -s "Use of CID extension negotiated" \ 3180 -s "server hello, adding CID extension" \ 3181 -c "found CID extension" \ 3182 -c "Use of CID extension negotiated" \ 3183 -s "Copy CIDs into SSL transform" \ 3184 -c "Copy CIDs into SSL transform" \ 3185 -c "Peer CID (length 4 Bytes): de ad be ef" \ 3186 -s "Peer CID (length 0 Bytes):" \ 3187 -s "Use of Connection ID has been negotiated" \ 3188 -c "Use of Connection ID has been negotiated" 3189 3190requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3191requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3192run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ 3193 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3194 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3195 0 \ 3196 -c "Enable use of CID extension." \ 3197 -s "Enable use of CID extension." \ 3198 -c "client hello, adding CID extension" \ 3199 -s "found CID extension" \ 3200 -s "Use of CID extension negotiated" \ 3201 -s "server hello, adding CID extension" \ 3202 -c "found CID extension" \ 3203 -c "Use of CID extension negotiated" \ 3204 -s "Copy CIDs into SSL transform" \ 3205 -c "Copy CIDs into SSL transform" \ 3206 -s "Peer CID (length 4 Bytes): de ad be ef" \ 3207 -c "Peer CID (length 0 Bytes):" \ 3208 -s "Use of Connection ID has been negotiated" \ 3209 -c "Use of Connection ID has been negotiated" 3210 3211requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3212requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3213run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ 3214 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3215 "$P_CLI debug_level=3 dtls=1 cid=1" \ 3216 0 \ 3217 -c "Enable use of CID extension." \ 3218 -s "Enable use of CID extension." \ 3219 -c "client hello, adding CID extension" \ 3220 -s "found CID extension" \ 3221 -s "Use of CID extension negotiated" \ 3222 -s "server hello, adding CID extension" \ 3223 -c "found CID extension" \ 3224 -c "Use of CID extension negotiated" \ 3225 -s "Copy CIDs into SSL transform" \ 3226 -c "Copy CIDs into SSL transform" \ 3227 -S "Use of Connection ID has been negotiated" \ 3228 -C "Use of Connection ID has been negotiated" 3229 3230requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3231run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ 3232 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 3233 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3234 0 \ 3235 -c "Enable use of CID extension." \ 3236 -s "Enable use of CID extension." \ 3237 -c "client hello, adding CID extension" \ 3238 -s "found CID extension" \ 3239 -s "Use of CID extension negotiated" \ 3240 -s "server hello, adding CID extension" \ 3241 -c "found CID extension" \ 3242 -c "Use of CID extension negotiated" \ 3243 -s "Copy CIDs into SSL transform" \ 3244 -c "Copy CIDs into SSL transform" \ 3245 -c "Peer CID (length 2 Bytes): de ad" \ 3246 -s "Peer CID (length 2 Bytes): be ef" \ 3247 -s "Use of Connection ID has been negotiated" \ 3248 -c "Use of Connection ID has been negotiated" 3249 3250requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3251run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ 3252 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3253 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3254 0 \ 3255 -c "Enable use of CID extension." \ 3256 -s "Enable use of CID extension." \ 3257 -c "client hello, adding CID extension" \ 3258 -s "found CID extension" \ 3259 -s "Use of CID extension negotiated" \ 3260 -s "server hello, adding CID extension" \ 3261 -c "found CID extension" \ 3262 -c "Use of CID extension negotiated" \ 3263 -s "Copy CIDs into SSL transform" \ 3264 -c "Copy CIDs into SSL transform" \ 3265 -c "Peer CID (length 4 Bytes): de ad be ef" \ 3266 -s "Peer CID (length 0 Bytes):" \ 3267 -s "Use of Connection ID has been negotiated" \ 3268 -c "Use of Connection ID has been negotiated" 3269 3270requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3271run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ 3272 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3273 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3274 0 \ 3275 -c "Enable use of CID extension." \ 3276 -s "Enable use of CID extension." \ 3277 -c "client hello, adding CID extension" \ 3278 -s "found CID extension" \ 3279 -s "Use of CID extension negotiated" \ 3280 -s "server hello, adding CID extension" \ 3281 -c "found CID extension" \ 3282 -c "Use of CID extension negotiated" \ 3283 -s "Copy CIDs into SSL transform" \ 3284 -c "Copy CIDs into SSL transform" \ 3285 -s "Peer CID (length 4 Bytes): de ad be ef" \ 3286 -c "Peer CID (length 0 Bytes):" \ 3287 -s "Use of Connection ID has been negotiated" \ 3288 -c "Use of Connection ID has been negotiated" 3289 3290requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3291run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ 3292 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3293 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3294 0 \ 3295 -c "Enable use of CID extension." \ 3296 -s "Enable use of CID extension." \ 3297 -c "client hello, adding CID extension" \ 3298 -s "found CID extension" \ 3299 -s "Use of CID extension negotiated" \ 3300 -s "server hello, adding CID extension" \ 3301 -c "found CID extension" \ 3302 -c "Use of CID extension negotiated" \ 3303 -s "Copy CIDs into SSL transform" \ 3304 -c "Copy CIDs into SSL transform" \ 3305 -S "Use of Connection ID has been negotiated" \ 3306 -C "Use of Connection ID has been negotiated" 3307 3308requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3309run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ 3310 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 3311 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3312 0 \ 3313 -c "Enable use of CID extension." \ 3314 -s "Enable use of CID extension." \ 3315 -c "client hello, adding CID extension" \ 3316 -s "found CID extension" \ 3317 -s "Use of CID extension negotiated" \ 3318 -s "server hello, adding CID extension" \ 3319 -c "found CID extension" \ 3320 -c "Use of CID extension negotiated" \ 3321 -s "Copy CIDs into SSL transform" \ 3322 -c "Copy CIDs into SSL transform" \ 3323 -c "Peer CID (length 2 Bytes): de ad" \ 3324 -s "Peer CID (length 2 Bytes): be ef" \ 3325 -s "Use of Connection ID has been negotiated" \ 3326 -c "Use of Connection ID has been negotiated" 3327 3328requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3329run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ 3330 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3331 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3332 0 \ 3333 -c "Enable use of CID extension." \ 3334 -s "Enable use of CID extension." \ 3335 -c "client hello, adding CID extension" \ 3336 -s "found CID extension" \ 3337 -s "Use of CID extension negotiated" \ 3338 -s "server hello, adding CID extension" \ 3339 -c "found CID extension" \ 3340 -c "Use of CID extension negotiated" \ 3341 -s "Copy CIDs into SSL transform" \ 3342 -c "Copy CIDs into SSL transform" \ 3343 -c "Peer CID (length 4 Bytes): de ad be ef" \ 3344 -s "Peer CID (length 0 Bytes):" \ 3345 -s "Use of Connection ID has been negotiated" \ 3346 -c "Use of Connection ID has been negotiated" 3347 3348requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3349run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ 3350 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3351 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3352 0 \ 3353 -c "Enable use of CID extension." \ 3354 -s "Enable use of CID extension." \ 3355 -c "client hello, adding CID extension" \ 3356 -s "found CID extension" \ 3357 -s "Use of CID extension negotiated" \ 3358 -s "server hello, adding CID extension" \ 3359 -c "found CID extension" \ 3360 -c "Use of CID extension negotiated" \ 3361 -s "Copy CIDs into SSL transform" \ 3362 -c "Copy CIDs into SSL transform" \ 3363 -s "Peer CID (length 4 Bytes): de ad be ef" \ 3364 -c "Peer CID (length 0 Bytes):" \ 3365 -s "Use of Connection ID has been negotiated" \ 3366 -c "Use of Connection ID has been negotiated" 3367 3368requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3369run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ 3370 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3371 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3372 0 \ 3373 -c "Enable use of CID extension." \ 3374 -s "Enable use of CID extension." \ 3375 -c "client hello, adding CID extension" \ 3376 -s "found CID extension" \ 3377 -s "Use of CID extension negotiated" \ 3378 -s "server hello, adding CID extension" \ 3379 -c "found CID extension" \ 3380 -c "Use of CID extension negotiated" \ 3381 -s "Copy CIDs into SSL transform" \ 3382 -c "Copy CIDs into SSL transform" \ 3383 -S "Use of Connection ID has been negotiated" \ 3384 -C "Use of Connection ID has been negotiated" 3385 3386requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3387requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3388requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3389run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ 3390 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 3391 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 3392 0 \ 3393 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3394 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3395 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3396 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3397 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3398 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3399 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3400 -c "(after renegotiation) Use of Connection ID has been negotiated" 3401 3402requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3403requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3404requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3405run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ 3406 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ 3407 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 3408 0 \ 3409 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3410 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3411 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3412 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3413 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3414 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3415 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3416 -c "(after renegotiation) Use of Connection ID has been negotiated" 3417 3418requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3419requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3420requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3421run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ 3422 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \ 3423 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 3424 0 \ 3425 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3426 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3427 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3428 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3429 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3430 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3431 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3432 -c "(after renegotiation) Use of Connection ID has been negotiated" 3433 3434requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3435requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3436requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3437run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ 3438 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 3439 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ 3440 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 3441 0 \ 3442 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3443 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3444 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3445 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3446 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3447 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3448 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3449 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3450 -c "ignoring unexpected CID" \ 3451 -s "ignoring unexpected CID" 3452 3453requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3454requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3455requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3456run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ 3457 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3458 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3459 0 \ 3460 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3461 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3462 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3463 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3464 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3465 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3466 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3467 -S "(after renegotiation) Use of Connection ID has been negotiated" 3468 3469requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3470requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3471requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3472run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ 3473 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3474 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3475 0 \ 3476 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3477 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3478 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3479 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3480 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3481 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3482 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3483 -S "(after renegotiation) Use of Connection ID has been negotiated" 3484 3485requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3486requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3487requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3488run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ 3489 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3490 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3491 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3492 0 \ 3493 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3494 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3495 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3496 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3497 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3498 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3499 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3500 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3501 -c "ignoring unexpected CID" \ 3502 -s "ignoring unexpected CID" 3503 3504requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3505requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3506requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3507run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ 3508 "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 3509 "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 3510 0 \ 3511 -S "(initial handshake) Use of Connection ID has been negotiated" \ 3512 -C "(initial handshake) Use of Connection ID has been negotiated" \ 3513 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3514 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3515 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3516 -s "(after renegotiation) Use of Connection ID has been negotiated" 3517 3518requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3519requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3520requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3521run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ 3522 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 3523 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 3524 0 \ 3525 -S "(initial handshake) Use of Connection ID has been negotiated" \ 3526 -C "(initial handshake) Use of Connection ID has been negotiated" \ 3527 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3528 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3529 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3530 -s "(after renegotiation) Use of Connection ID has been negotiated" 3531 3532requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3533requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3534requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3535run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ 3536 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 3537 "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 3538 "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 3539 0 \ 3540 -S "(initial handshake) Use of Connection ID has been negotiated" \ 3541 -C "(initial handshake) Use of Connection ID has been negotiated" \ 3542 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3543 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3544 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3545 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3546 -c "ignoring unexpected CID" \ 3547 -s "ignoring unexpected CID" 3548 3549requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3550requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3551requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3552run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ 3553 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 3554 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3555 0 \ 3556 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3557 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3558 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3559 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3560 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3561 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3562 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3563 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3564 -s "(after renegotiation) Use of Connection ID was not offered by client" 3565 3566requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3567requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3568requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3569run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ 3570 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3571 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 3572 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3573 0 \ 3574 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3575 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3576 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3577 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3578 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3579 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3580 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3581 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3582 -s "(after renegotiation) Use of Connection ID was not offered by client" \ 3583 -c "ignoring unexpected CID" \ 3584 -s "ignoring unexpected CID" 3585 3586requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3587requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3588requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3589run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ 3590 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3591 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 3592 0 \ 3593 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3594 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3595 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3596 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3597 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3598 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3599 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3600 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3601 -c "(after renegotiation) Use of Connection ID was rejected by the server" 3602 3603requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3604requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3605requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3606run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ 3607 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3608 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3609 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 3610 0 \ 3611 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3612 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3613 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3614 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3615 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3616 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3617 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3618 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3619 -c "(after renegotiation) Use of Connection ID was rejected by the server" \ 3620 -c "ignoring unexpected CID" \ 3621 -s "ignoring unexpected CID" 3622 3623# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the 3624# tests check that the buffer contents are reallocated when the message is 3625# larger than the buffer. 3626requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3627requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 3628requires_max_content_len 513 3629run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ 3630 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ 3631 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ 3632 0 \ 3633 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3634 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3635 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3636 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3637 -s "Reallocating in_buf" \ 3638 -s "Reallocating out_buf" 3639 3640requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3641requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 3642requires_max_content_len 1025 3643run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ 3644 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ 3645 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ 3646 0 \ 3647 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3648 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3649 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3650 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3651 -s "Reallocating in_buf" \ 3652 -s "Reallocating out_buf" 3653 3654# Tests for Encrypt-then-MAC extension 3655 3656run_test "Encrypt then MAC: default" \ 3657 "$P_SRV debug_level=3 \ 3658 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3659 "$P_CLI debug_level=3" \ 3660 0 \ 3661 -c "client hello, adding encrypt_then_mac extension" \ 3662 -s "found encrypt then mac extension" \ 3663 -s "server hello, adding encrypt then mac extension" \ 3664 -c "found encrypt_then_mac extension" \ 3665 -c "using encrypt then mac" \ 3666 -s "using encrypt then mac" 3667 3668run_test "Encrypt then MAC: client enabled, server disabled" \ 3669 "$P_SRV debug_level=3 etm=0 \ 3670 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3671 "$P_CLI debug_level=3 etm=1" \ 3672 0 \ 3673 -c "client hello, adding encrypt_then_mac extension" \ 3674 -s "found encrypt then mac extension" \ 3675 -S "server hello, adding encrypt then mac extension" \ 3676 -C "found encrypt_then_mac extension" \ 3677 -C "using encrypt then mac" \ 3678 -S "using encrypt then mac" 3679 3680run_test "Encrypt then MAC: client enabled, aead cipher" \ 3681 "$P_SRV debug_level=3 etm=1 \ 3682 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ 3683 "$P_CLI debug_level=3 etm=1" \ 3684 0 \ 3685 -c "client hello, adding encrypt_then_mac extension" \ 3686 -s "found encrypt then mac extension" \ 3687 -S "server hello, adding encrypt then mac extension" \ 3688 -C "found encrypt_then_mac extension" \ 3689 -C "using encrypt then mac" \ 3690 -S "using encrypt then mac" 3691 3692run_test "Encrypt then MAC: client disabled, server enabled" \ 3693 "$P_SRV debug_level=3 etm=1 \ 3694 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3695 "$P_CLI debug_level=3 etm=0" \ 3696 0 \ 3697 -C "client hello, adding encrypt_then_mac extension" \ 3698 -S "found encrypt then mac extension" \ 3699 -S "server hello, adding encrypt then mac extension" \ 3700 -C "found encrypt_then_mac extension" \ 3701 -C "using encrypt then mac" \ 3702 -S "using encrypt then mac" 3703 3704# Tests for Extended Master Secret extension 3705 3706requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET 3707run_test "Extended Master Secret: default" \ 3708 "$P_SRV debug_level=3" \ 3709 "$P_CLI force_version=tls12 debug_level=3" \ 3710 0 \ 3711 -c "client hello, adding extended_master_secret extension" \ 3712 -s "found extended master secret extension" \ 3713 -s "server hello, adding extended master secret extension" \ 3714 -c "found extended_master_secret extension" \ 3715 -c "session hash for extended master secret" \ 3716 -s "session hash for extended master secret" 3717 3718requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET 3719run_test "Extended Master Secret: client enabled, server disabled" \ 3720 "$P_SRV debug_level=3 extended_ms=0" \ 3721 "$P_CLI force_version=tls12 debug_level=3 extended_ms=1" \ 3722 0 \ 3723 -c "client hello, adding extended_master_secret extension" \ 3724 -s "found extended master secret extension" \ 3725 -S "server hello, adding extended master secret extension" \ 3726 -C "found extended_master_secret extension" \ 3727 -C "session hash for extended master secret" \ 3728 -S "session hash for extended master secret" 3729 3730requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET 3731run_test "Extended Master Secret: client disabled, server enabled" \ 3732 "$P_SRV force_version=tls12 debug_level=3 extended_ms=1" \ 3733 "$P_CLI debug_level=3 extended_ms=0" \ 3734 0 \ 3735 -C "client hello, adding extended_master_secret extension" \ 3736 -S "found extended master secret extension" \ 3737 -S "server hello, adding extended master secret extension" \ 3738 -C "found extended_master_secret extension" \ 3739 -C "session hash for extended master secret" \ 3740 -S "session hash for extended master secret" 3741 3742# Test sending and receiving empty application data records 3743 3744run_test "Encrypt then MAC: empty application data record" \ 3745 "$P_SRV auth_mode=none debug_level=4 etm=1" \ 3746 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 3747 0 \ 3748 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 3749 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3750 -c "0 bytes written in 1 fragments" 3751 3752requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3753run_test "Encrypt then MAC: disabled, empty application data record" \ 3754 "$P_SRV auth_mode=none debug_level=4 etm=0" \ 3755 "$P_CLI auth_mode=none etm=0 request_size=0" \ 3756 0 \ 3757 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3758 -c "0 bytes written in 1 fragments" 3759 3760run_test "Encrypt then MAC, DTLS: empty application data record" \ 3761 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ 3762 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ 3763 0 \ 3764 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 3765 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3766 -c "0 bytes written in 1 fragments" 3767 3768requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3769run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ 3770 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ 3771 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ 3772 0 \ 3773 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3774 -c "0 bytes written in 1 fragments" 3775 3776# Tests for CBC 1/n-1 record splitting 3777 3778run_test "CBC Record splitting: TLS 1.2, no splitting" \ 3779 "$P_SRV force_version=tls12" \ 3780 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 3781 request_size=123" \ 3782 0 \ 3783 -s "Read from client: 123 bytes read" \ 3784 -S "Read from client: 1 bytes read" \ 3785 -S "122 bytes read" 3786 3787# Tests for Session Tickets 3788 3789requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3790run_test "Session resume using tickets: basic" \ 3791 "$P_SRV debug_level=3 tickets=1" \ 3792 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3793 0 \ 3794 -c "client hello, adding session ticket extension" \ 3795 -s "found session ticket extension" \ 3796 -s "server hello, adding session ticket extension" \ 3797 -c "found session_ticket extension" \ 3798 -c "parse new session ticket" \ 3799 -S "session successfully restored from cache" \ 3800 -s "session successfully restored from ticket" \ 3801 -s "a session has been resumed" \ 3802 -c "a session has been resumed" 3803 3804requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3805run_test "Session resume using tickets: manual rotation" \ 3806 "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \ 3807 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3808 0 \ 3809 -c "client hello, adding session ticket extension" \ 3810 -s "found session ticket extension" \ 3811 -s "server hello, adding session ticket extension" \ 3812 -c "found session_ticket extension" \ 3813 -c "parse new session ticket" \ 3814 -S "session successfully restored from cache" \ 3815 -s "session successfully restored from ticket" \ 3816 -s "a session has been resumed" \ 3817 -c "a session has been resumed" 3818 3819requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3820run_test "Session resume using tickets: cache disabled" \ 3821 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 3822 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3823 0 \ 3824 -c "client hello, adding session ticket extension" \ 3825 -s "found session ticket extension" \ 3826 -s "server hello, adding session ticket extension" \ 3827 -c "found session_ticket extension" \ 3828 -c "parse new session ticket" \ 3829 -S "session successfully restored from cache" \ 3830 -s "session successfully restored from ticket" \ 3831 -s "a session has been resumed" \ 3832 -c "a session has been resumed" 3833 3834requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3835run_test "Session resume using tickets: timeout" \ 3836 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ 3837 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \ 3838 0 \ 3839 -c "client hello, adding session ticket extension" \ 3840 -s "found session ticket extension" \ 3841 -s "server hello, adding session ticket extension" \ 3842 -c "found session_ticket extension" \ 3843 -c "parse new session ticket" \ 3844 -S "session successfully restored from cache" \ 3845 -S "session successfully restored from ticket" \ 3846 -S "a session has been resumed" \ 3847 -C "a session has been resumed" 3848 3849requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3850run_test "Session resume using tickets: session copy" \ 3851 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 3852 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ 3853 0 \ 3854 -c "client hello, adding session ticket extension" \ 3855 -s "found session ticket extension" \ 3856 -s "server hello, adding session ticket extension" \ 3857 -c "found session_ticket extension" \ 3858 -c "parse new session ticket" \ 3859 -S "session successfully restored from cache" \ 3860 -s "session successfully restored from ticket" \ 3861 -s "a session has been resumed" \ 3862 -c "a session has been resumed" 3863 3864requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3865requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3866run_test "Session resume using tickets: openssl server" \ 3867 "$O_SRV -tls1_2" \ 3868 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 3869 0 \ 3870 -c "client hello, adding session ticket extension" \ 3871 -c "found session_ticket extension" \ 3872 -c "parse new session ticket" \ 3873 -c "a session has been resumed" 3874 3875requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3876requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3877run_test "Session resume using tickets: openssl client" \ 3878 "$P_SRV force_version=tls12 debug_level=3 tickets=1" \ 3879 "( $O_CLI -sess_out $SESSION; \ 3880 $O_CLI -sess_in $SESSION; \ 3881 rm -f $SESSION )" \ 3882 0 \ 3883 -s "found session ticket extension" \ 3884 -s "server hello, adding session ticket extension" \ 3885 -S "session successfully restored from cache" \ 3886 -s "session successfully restored from ticket" \ 3887 -s "a session has been resumed" 3888 3889requires_cipher_enabled "AES" "GCM" 3890requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3891run_test "Session resume using tickets: AES-128-GCM" \ 3892 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ 3893 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3894 0 \ 3895 -c "client hello, adding session ticket extension" \ 3896 -s "found session ticket extension" \ 3897 -s "server hello, adding session ticket extension" \ 3898 -c "found session_ticket extension" \ 3899 -c "parse new session ticket" \ 3900 -S "session successfully restored from cache" \ 3901 -s "session successfully restored from ticket" \ 3902 -s "a session has been resumed" \ 3903 -c "a session has been resumed" 3904 3905requires_cipher_enabled "AES" "GCM" 3906requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3907run_test "Session resume using tickets: AES-192-GCM" \ 3908 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ 3909 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3910 0 \ 3911 -c "client hello, adding session ticket extension" \ 3912 -s "found session ticket extension" \ 3913 -s "server hello, adding session ticket extension" \ 3914 -c "found session_ticket extension" \ 3915 -c "parse new session ticket" \ 3916 -S "session successfully restored from cache" \ 3917 -s "session successfully restored from ticket" \ 3918 -s "a session has been resumed" \ 3919 -c "a session has been resumed" 3920 3921requires_cipher_enabled "AES" "CCM" 3922requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3923run_test "Session resume using tickets: AES-128-CCM" \ 3924 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ 3925 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3926 0 \ 3927 -c "client hello, adding session ticket extension" \ 3928 -s "found session ticket extension" \ 3929 -s "server hello, adding session ticket extension" \ 3930 -c "found session_ticket extension" \ 3931 -c "parse new session ticket" \ 3932 -S "session successfully restored from cache" \ 3933 -s "session successfully restored from ticket" \ 3934 -s "a session has been resumed" \ 3935 -c "a session has been resumed" 3936 3937requires_cipher_enabled "AES" "CCM" 3938requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3939run_test "Session resume using tickets: AES-192-CCM" \ 3940 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ 3941 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3942 0 \ 3943 -c "client hello, adding session ticket extension" \ 3944 -s "found session ticket extension" \ 3945 -s "server hello, adding session ticket extension" \ 3946 -c "found session_ticket extension" \ 3947 -c "parse new session ticket" \ 3948 -S "session successfully restored from cache" \ 3949 -s "session successfully restored from ticket" \ 3950 -s "a session has been resumed" \ 3951 -c "a session has been resumed" 3952 3953requires_cipher_enabled "AES" "CCM" 3954requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3955run_test "Session resume using tickets: AES-256-CCM" \ 3956 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ 3957 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3958 0 \ 3959 -c "client hello, adding session ticket extension" \ 3960 -s "found session ticket extension" \ 3961 -s "server hello, adding session ticket extension" \ 3962 -c "found session_ticket extension" \ 3963 -c "parse new session ticket" \ 3964 -S "session successfully restored from cache" \ 3965 -s "session successfully restored from ticket" \ 3966 -s "a session has been resumed" \ 3967 -c "a session has been resumed" 3968 3969requires_cipher_enabled "CAMELLIA" "CCM" 3970requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3971run_test "Session resume using tickets: CAMELLIA-128-CCM" \ 3972 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ 3973 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3974 0 \ 3975 -c "client hello, adding session ticket extension" \ 3976 -s "found session ticket extension" \ 3977 -s "server hello, adding session ticket extension" \ 3978 -c "found session_ticket extension" \ 3979 -c "parse new session ticket" \ 3980 -S "session successfully restored from cache" \ 3981 -s "session successfully restored from ticket" \ 3982 -s "a session has been resumed" \ 3983 -c "a session has been resumed" 3984 3985requires_cipher_enabled "CAMELLIA" "CCM" 3986requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 3987run_test "Session resume using tickets: CAMELLIA-192-CCM" \ 3988 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ 3989 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3990 0 \ 3991 -c "client hello, adding session ticket extension" \ 3992 -s "found session ticket extension" \ 3993 -s "server hello, adding session ticket extension" \ 3994 -c "found session_ticket extension" \ 3995 -c "parse new session ticket" \ 3996 -S "session successfully restored from cache" \ 3997 -s "session successfully restored from ticket" \ 3998 -s "a session has been resumed" \ 3999 -c "a session has been resumed" 4000 4001requires_cipher_enabled "CAMELLIA" "CCM" 4002requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4003run_test "Session resume using tickets: CAMELLIA-256-CCM" \ 4004 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ 4005 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4006 0 \ 4007 -c "client hello, adding session ticket extension" \ 4008 -s "found session ticket extension" \ 4009 -s "server hello, adding session ticket extension" \ 4010 -c "found session_ticket extension" \ 4011 -c "parse new session ticket" \ 4012 -S "session successfully restored from cache" \ 4013 -s "session successfully restored from ticket" \ 4014 -s "a session has been resumed" \ 4015 -c "a session has been resumed" 4016 4017requires_cipher_enabled "ARIA" "GCM" 4018requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4019run_test "Session resume using tickets: ARIA-128-GCM" \ 4020 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ 4021 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4022 0 \ 4023 -c "client hello, adding session ticket extension" \ 4024 -s "found session ticket extension" \ 4025 -s "server hello, adding session ticket extension" \ 4026 -c "found session_ticket extension" \ 4027 -c "parse new session ticket" \ 4028 -S "session successfully restored from cache" \ 4029 -s "session successfully restored from ticket" \ 4030 -s "a session has been resumed" \ 4031 -c "a session has been resumed" 4032 4033requires_cipher_enabled "ARIA" "GCM" 4034requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4035run_test "Session resume using tickets: ARIA-192-GCM" \ 4036 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ 4037 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4038 0 \ 4039 -c "client hello, adding session ticket extension" \ 4040 -s "found session ticket extension" \ 4041 -s "server hello, adding session ticket extension" \ 4042 -c "found session_ticket extension" \ 4043 -c "parse new session ticket" \ 4044 -S "session successfully restored from cache" \ 4045 -s "session successfully restored from ticket" \ 4046 -s "a session has been resumed" \ 4047 -c "a session has been resumed" 4048 4049requires_cipher_enabled "ARIA" "GCM" 4050requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4051run_test "Session resume using tickets: ARIA-256-GCM" \ 4052 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ 4053 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4054 0 \ 4055 -c "client hello, adding session ticket extension" \ 4056 -s "found session ticket extension" \ 4057 -s "server hello, adding session ticket extension" \ 4058 -c "found session_ticket extension" \ 4059 -c "parse new session ticket" \ 4060 -S "session successfully restored from cache" \ 4061 -s "session successfully restored from ticket" \ 4062 -s "a session has been resumed" \ 4063 -c "a session has been resumed" 4064 4065requires_cipher_enabled "ARIA" "CCM" 4066requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4067run_test "Session resume using tickets: ARIA-128-CCM" \ 4068 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ 4069 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4070 0 \ 4071 -c "client hello, adding session ticket extension" \ 4072 -s "found session ticket extension" \ 4073 -s "server hello, adding session ticket extension" \ 4074 -c "found session_ticket extension" \ 4075 -c "parse new session ticket" \ 4076 -S "session successfully restored from cache" \ 4077 -s "session successfully restored from ticket" \ 4078 -s "a session has been resumed" \ 4079 -c "a session has been resumed" 4080 4081requires_cipher_enabled "ARIA" "CCM" 4082requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4083run_test "Session resume using tickets: ARIA-192-CCM" \ 4084 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ 4085 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4086 0 \ 4087 -c "client hello, adding session ticket extension" \ 4088 -s "found session ticket extension" \ 4089 -s "server hello, adding session ticket extension" \ 4090 -c "found session_ticket extension" \ 4091 -c "parse new session ticket" \ 4092 -S "session successfully restored from cache" \ 4093 -s "session successfully restored from ticket" \ 4094 -s "a session has been resumed" \ 4095 -c "a session has been resumed" 4096 4097requires_cipher_enabled "ARIA" "CCM" 4098requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4099run_test "Session resume using tickets: ARIA-256-CCM" \ 4100 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ 4101 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4102 0 \ 4103 -c "client hello, adding session ticket extension" \ 4104 -s "found session ticket extension" \ 4105 -s "server hello, adding session ticket extension" \ 4106 -c "found session_ticket extension" \ 4107 -c "parse new session ticket" \ 4108 -S "session successfully restored from cache" \ 4109 -s "session successfully restored from ticket" \ 4110 -s "a session has been resumed" \ 4111 -c "a session has been resumed" 4112 4113requires_cipher_enabled "CHACHA20" 4114requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4115run_test "Session resume using tickets: CHACHA20-POLY1305" \ 4116 "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ 4117 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4118 0 \ 4119 -c "client hello, adding session ticket extension" \ 4120 -s "found session ticket extension" \ 4121 -s "server hello, adding session ticket extension" \ 4122 -c "found session_ticket extension" \ 4123 -c "parse new session ticket" \ 4124 -S "session successfully restored from cache" \ 4125 -s "session successfully restored from ticket" \ 4126 -s "a session has been resumed" \ 4127 -c "a session has been resumed" 4128 4129# Tests for Session Tickets with DTLS 4130 4131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4132requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4133run_test "Session resume using tickets, DTLS: basic" \ 4134 "$P_SRV debug_level=3 dtls=1 tickets=1" \ 4135 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 4136 0 \ 4137 -c "client hello, adding session ticket extension" \ 4138 -s "found session ticket extension" \ 4139 -s "server hello, adding session ticket extension" \ 4140 -c "found session_ticket extension" \ 4141 -c "parse new session ticket" \ 4142 -S "session successfully restored from cache" \ 4143 -s "session successfully restored from ticket" \ 4144 -s "a session has been resumed" \ 4145 -c "a session has been resumed" 4146 4147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4148requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4149run_test "Session resume using tickets, DTLS: cache disabled" \ 4150 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 4151 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 4152 0 \ 4153 -c "client hello, adding session ticket extension" \ 4154 -s "found session ticket extension" \ 4155 -s "server hello, adding session ticket extension" \ 4156 -c "found session_ticket extension" \ 4157 -c "parse new session ticket" \ 4158 -S "session successfully restored from cache" \ 4159 -s "session successfully restored from ticket" \ 4160 -s "a session has been resumed" \ 4161 -c "a session has been resumed" 4162 4163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4164requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4165run_test "Session resume using tickets, DTLS: timeout" \ 4166 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ 4167 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \ 4168 0 \ 4169 -c "client hello, adding session ticket extension" \ 4170 -s "found session ticket extension" \ 4171 -s "server hello, adding session ticket extension" \ 4172 -c "found session_ticket extension" \ 4173 -c "parse new session ticket" \ 4174 -S "session successfully restored from cache" \ 4175 -S "session successfully restored from ticket" \ 4176 -S "a session has been resumed" \ 4177 -C "a session has been resumed" 4178 4179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4180requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4181run_test "Session resume using tickets, DTLS: session copy" \ 4182 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 4183 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ 4184 0 \ 4185 -c "client hello, adding session ticket extension" \ 4186 -s "found session ticket extension" \ 4187 -s "server hello, adding session ticket extension" \ 4188 -c "found session_ticket extension" \ 4189 -c "parse new session ticket" \ 4190 -S "session successfully restored from cache" \ 4191 -s "session successfully restored from ticket" \ 4192 -s "a session has been resumed" \ 4193 -c "a session has been resumed" 4194 4195requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4196requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4197run_test "Session resume using tickets, DTLS: openssl server" \ 4198 "$O_SRV -dtls" \ 4199 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 4200 0 \ 4201 -c "client hello, adding session ticket extension" \ 4202 -c "found session_ticket extension" \ 4203 -c "parse new session ticket" \ 4204 -c "a session has been resumed" 4205 4206# For reasons that aren't fully understood, this test randomly fails with high 4207# probability with OpenSSL 1.0.2g on the CI, see #5012. 4208requires_openssl_next 4209requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4210requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4211run_test "Session resume using tickets, DTLS: openssl client" \ 4212 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 4213 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ 4214 $O_NEXT_CLI -dtls -sess_in $SESSION; \ 4215 rm -f $SESSION )" \ 4216 0 \ 4217 -s "found session ticket extension" \ 4218 -s "server hello, adding session ticket extension" \ 4219 -S "session successfully restored from cache" \ 4220 -s "session successfully restored from ticket" \ 4221 -s "a session has been resumed" 4222 4223# Tests for Session Resume based on session-ID and cache 4224 4225requires_config_enabled MBEDTLS_SSL_CACHE_C 4226requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4227run_test "Session resume using cache: tickets enabled on client" \ 4228 "$P_SRV debug_level=3 tickets=0" \ 4229 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4230 0 \ 4231 -c "client hello, adding session ticket extension" \ 4232 -s "found session ticket extension" \ 4233 -S "server hello, adding session ticket extension" \ 4234 -C "found session_ticket extension" \ 4235 -C "parse new session ticket" \ 4236 -s "session successfully restored from cache" \ 4237 -S "session successfully restored from ticket" \ 4238 -s "a session has been resumed" \ 4239 -c "a session has been resumed" 4240 4241requires_config_enabled MBEDTLS_SSL_CACHE_C 4242requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4243run_test "Session resume using cache: tickets enabled on server" \ 4244 "$P_SRV debug_level=3 tickets=1" \ 4245 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4246 0 \ 4247 -C "client hello, adding session ticket extension" \ 4248 -S "found session ticket extension" \ 4249 -S "server hello, adding session ticket extension" \ 4250 -C "found session_ticket extension" \ 4251 -C "parse new session ticket" \ 4252 -s "session successfully restored from cache" \ 4253 -S "session successfully restored from ticket" \ 4254 -s "a session has been resumed" \ 4255 -c "a session has been resumed" 4256 4257requires_config_enabled MBEDTLS_SSL_CACHE_C 4258run_test "Session resume using cache: cache_max=0" \ 4259 "$P_SRV debug_level=3 tickets=0 cache_max=0" \ 4260 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4261 0 \ 4262 -S "session successfully restored from cache" \ 4263 -S "session successfully restored from ticket" \ 4264 -S "a session has been resumed" \ 4265 -C "a session has been resumed" 4266 4267requires_config_enabled MBEDTLS_SSL_CACHE_C 4268run_test "Session resume using cache: cache_max=1" \ 4269 "$P_SRV debug_level=3 tickets=0 cache_max=1" \ 4270 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4271 0 \ 4272 -s "session successfully restored from cache" \ 4273 -S "session successfully restored from ticket" \ 4274 -s "a session has been resumed" \ 4275 -c "a session has been resumed" 4276 4277requires_config_enabled MBEDTLS_SSL_CACHE_C 4278run_test "Session resume using cache: cache removed" \ 4279 "$P_SRV debug_level=3 tickets=0 cache_remove=1" \ 4280 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4281 0 \ 4282 -C "client hello, adding session ticket extension" \ 4283 -S "found session ticket extension" \ 4284 -S "server hello, adding session ticket extension" \ 4285 -C "found session_ticket extension" \ 4286 -C "parse new session ticket" \ 4287 -S "session successfully restored from cache" \ 4288 -S "session successfully restored from ticket" \ 4289 -S "a session has been resumed" \ 4290 -C "a session has been resumed" 4291 4292requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4293requires_config_enabled MBEDTLS_SSL_CACHE_C 4294run_test "Session resume using cache: timeout > delay" \ 4295 "$P_SRV debug_level=3 tickets=0" \ 4296 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 4297 0 \ 4298 -s "session successfully restored from cache" \ 4299 -S "session successfully restored from ticket" \ 4300 -s "a session has been resumed" \ 4301 -c "a session has been resumed" 4302 4303requires_config_enabled MBEDTLS_SSL_CACHE_C 4304run_test "Session resume using cache: timeout < delay" \ 4305 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ 4306 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ 4307 0 \ 4308 -S "session successfully restored from cache" \ 4309 -S "session successfully restored from ticket" \ 4310 -S "a session has been resumed" \ 4311 -C "a session has been resumed" 4312 4313requires_config_enabled MBEDTLS_SSL_CACHE_C 4314run_test "Session resume using cache: no timeout" \ 4315 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ 4316 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ 4317 0 \ 4318 -s "session successfully restored from cache" \ 4319 -S "session successfully restored from ticket" \ 4320 -s "a session has been resumed" \ 4321 -c "a session has been resumed" 4322 4323requires_config_enabled MBEDTLS_SSL_CACHE_C 4324run_test "Session resume using cache: session copy" \ 4325 "$P_SRV debug_level=3 tickets=0" \ 4326 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ 4327 0 \ 4328 -s "session successfully restored from cache" \ 4329 -S "session successfully restored from ticket" \ 4330 -s "a session has been resumed" \ 4331 -c "a session has been resumed" 4332 4333requires_config_enabled MBEDTLS_SSL_CACHE_C 4334requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4335run_test "Session resume using cache: openssl client" \ 4336 "$P_SRV force_version=tls12 debug_level=3 tickets=0" \ 4337 "( $O_CLI -sess_out $SESSION; \ 4338 $O_CLI -sess_in $SESSION; \ 4339 rm -f $SESSION )" \ 4340 0 \ 4341 -s "found session ticket extension" \ 4342 -S "server hello, adding session ticket extension" \ 4343 -s "session successfully restored from cache" \ 4344 -S "session successfully restored from ticket" \ 4345 -s "a session has been resumed" 4346 4347requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4348requires_config_enabled MBEDTLS_SSL_CACHE_C 4349run_test "Session resume using cache: openssl server" \ 4350 "$O_SRV -tls1_2" \ 4351 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 4352 0 \ 4353 -C "found session_ticket extension" \ 4354 -C "parse new session ticket" \ 4355 -c "a session has been resumed" 4356 4357# Tests for Session resume and extensions 4358 4359requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4360requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 4361run_test "Session resume and connection ID" \ 4362 "$P_SRV debug_level=3 cid=1 cid_val=dead dtls=1 tickets=0" \ 4363 "$P_CLI debug_level=3 cid=1 cid_val=beef dtls=1 tickets=0 reconnect=1" \ 4364 0 \ 4365 -c "Enable use of CID extension." \ 4366 -s "Enable use of CID extension." \ 4367 -c "client hello, adding CID extension" \ 4368 -s "found CID extension" \ 4369 -s "Use of CID extension negotiated" \ 4370 -s "server hello, adding CID extension" \ 4371 -c "found CID extension" \ 4372 -c "Use of CID extension negotiated" \ 4373 -s "Copy CIDs into SSL transform" \ 4374 -c "Copy CIDs into SSL transform" \ 4375 -c "Peer CID (length 2 Bytes): de ad" \ 4376 -s "Peer CID (length 2 Bytes): be ef" \ 4377 -s "Use of Connection ID has been negotiated" \ 4378 -c "Use of Connection ID has been negotiated" 4379 4380# Tests for Session Resume based on session-ID and cache, DTLS 4381 4382requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4383requires_config_enabled MBEDTLS_SSL_CACHE_C 4384requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4385run_test "Session resume using cache, DTLS: tickets enabled on client" \ 4386 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4387 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ 4388 0 \ 4389 -c "client hello, adding session ticket extension" \ 4390 -s "found session ticket extension" \ 4391 -S "server hello, adding session ticket extension" \ 4392 -C "found session_ticket extension" \ 4393 -C "parse new session ticket" \ 4394 -s "session successfully restored from cache" \ 4395 -S "session successfully restored from ticket" \ 4396 -s "a session has been resumed" \ 4397 -c "a session has been resumed" 4398 4399requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4400requires_config_enabled MBEDTLS_SSL_CACHE_C 4401requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4402run_test "Session resume using cache, DTLS: tickets enabled on server" \ 4403 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 4404 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 4405 0 \ 4406 -C "client hello, adding session ticket extension" \ 4407 -S "found session ticket extension" \ 4408 -S "server hello, adding session ticket extension" \ 4409 -C "found session_ticket extension" \ 4410 -C "parse new session ticket" \ 4411 -s "session successfully restored from cache" \ 4412 -S "session successfully restored from ticket" \ 4413 -s "a session has been resumed" \ 4414 -c "a session has been resumed" 4415 4416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4417requires_config_enabled MBEDTLS_SSL_CACHE_C 4418run_test "Session resume using cache, DTLS: cache_max=0" \ 4419 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ 4420 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 4421 0 \ 4422 -S "session successfully restored from cache" \ 4423 -S "session successfully restored from ticket" \ 4424 -S "a session has been resumed" \ 4425 -C "a session has been resumed" 4426 4427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4428requires_config_enabled MBEDTLS_SSL_CACHE_C 4429run_test "Session resume using cache, DTLS: cache_max=1" \ 4430 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ 4431 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 4432 0 \ 4433 -s "session successfully restored from cache" \ 4434 -S "session successfully restored from ticket" \ 4435 -s "a session has been resumed" \ 4436 -c "a session has been resumed" 4437 4438requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4439requires_config_enabled MBEDTLS_SSL_CACHE_C 4440run_test "Session resume using cache, DTLS: timeout > delay" \ 4441 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4442 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ 4443 0 \ 4444 -s "session successfully restored from cache" \ 4445 -S "session successfully restored from ticket" \ 4446 -s "a session has been resumed" \ 4447 -c "a session has been resumed" 4448 4449requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4450requires_config_enabled MBEDTLS_SSL_CACHE_C 4451run_test "Session resume using cache, DTLS: timeout < delay" \ 4452 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ 4453 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ 4454 0 \ 4455 -S "session successfully restored from cache" \ 4456 -S "session successfully restored from ticket" \ 4457 -S "a session has been resumed" \ 4458 -C "a session has been resumed" 4459 4460requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4461requires_config_enabled MBEDTLS_SSL_CACHE_C 4462run_test "Session resume using cache, DTLS: no timeout" \ 4463 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ 4464 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ 4465 0 \ 4466 -s "session successfully restored from cache" \ 4467 -S "session successfully restored from ticket" \ 4468 -s "a session has been resumed" \ 4469 -c "a session has been resumed" 4470 4471requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4472requires_config_enabled MBEDTLS_SSL_CACHE_C 4473run_test "Session resume using cache, DTLS: session copy" \ 4474 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4475 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ 4476 0 \ 4477 -s "session successfully restored from cache" \ 4478 -S "session successfully restored from ticket" \ 4479 -s "a session has been resumed" \ 4480 -c "a session has been resumed" 4481 4482# For reasons that aren't fully understood, this test randomly fails with high 4483# probability with OpenSSL 1.0.2g on the CI, see #5012. 4484requires_openssl_next 4485requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4486requires_config_enabled MBEDTLS_SSL_CACHE_C 4487requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 4488run_test "Session resume using cache, DTLS: openssl client" \ 4489 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4490 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ 4491 $O_NEXT_CLI -dtls -sess_in $SESSION; \ 4492 rm -f $SESSION )" \ 4493 0 \ 4494 -s "found session ticket extension" \ 4495 -S "server hello, adding session ticket extension" \ 4496 -s "session successfully restored from cache" \ 4497 -S "session successfully restored from ticket" \ 4498 -s "a session has been resumed" 4499 4500requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4501requires_config_enabled MBEDTLS_SSL_CACHE_C 4502run_test "Session resume using cache, DTLS: openssl server" \ 4503 "$O_SRV -dtls" \ 4504 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 4505 0 \ 4506 -C "found session_ticket extension" \ 4507 -C "parse new session ticket" \ 4508 -c "a session has been resumed" 4509 4510# Tests for Max Fragment Length extension 4511 4512requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4514run_test "Max fragment length: enabled, default" \ 4515 "$P_SRV debug_level=3 force_version=tls12" \ 4516 "$P_CLI debug_level=3" \ 4517 0 \ 4518 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4519 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4520 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4521 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4522 -C "client hello, adding max_fragment_length extension" \ 4523 -S "found max fragment length extension" \ 4524 -S "server hello, max_fragment_length extension" \ 4525 -C "found max_fragment_length extension" 4526 4527requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4528requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4529run_test "Max fragment length: enabled, default, larger message" \ 4530 "$P_SRV debug_level=3 force_version=tls12" \ 4531 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4532 0 \ 4533 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4534 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4535 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4536 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4537 -C "client hello, adding max_fragment_length extension" \ 4538 -S "found max fragment length extension" \ 4539 -S "server hello, max_fragment_length extension" \ 4540 -C "found max_fragment_length extension" \ 4541 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 4542 -s "$MAX_CONTENT_LEN bytes read" \ 4543 -s "1 bytes read" 4544 4545requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4546requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4547run_test "Max fragment length, DTLS: enabled, default, larger message" \ 4548 "$P_SRV debug_level=3 dtls=1" \ 4549 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4550 1 \ 4551 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4552 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4553 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4554 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4555 -C "client hello, adding max_fragment_length extension" \ 4556 -S "found max fragment length extension" \ 4557 -S "server hello, max_fragment_length extension" \ 4558 -C "found max_fragment_length extension" \ 4559 -c "fragment larger than.*maximum " 4560 4561# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled 4562# (session fragment length will be 16384 regardless of mbedtls 4563# content length configuration.) 4564 4565requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4566requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4567run_test "Max fragment length: disabled, larger message" \ 4568 "$P_SRV debug_level=3 force_version=tls12" \ 4569 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4570 0 \ 4571 -C "Maximum incoming record payload length is 16384" \ 4572 -C "Maximum outgoing record payload length is 16384" \ 4573 -S "Maximum incoming record payload length is 16384" \ 4574 -S "Maximum outgoing record payload length is 16384" \ 4575 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 4576 -s "$MAX_CONTENT_LEN bytes read" \ 4577 -s "1 bytes read" 4578 4579requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4580requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4581run_test "Max fragment length, DTLS: disabled, larger message" \ 4582 "$P_SRV debug_level=3 dtls=1 force_version=tls12" \ 4583 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4584 1 \ 4585 -C "Maximum incoming record payload length is 16384" \ 4586 -C "Maximum outgoing record payload length is 16384" \ 4587 -S "Maximum incoming record payload length is 16384" \ 4588 -S "Maximum outgoing record payload length is 16384" \ 4589 -c "fragment larger than.*maximum " 4590 4591requires_max_content_len 4096 4592requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4593run_test "Max fragment length: used by client" \ 4594 "$P_SRV debug_level=3" \ 4595 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \ 4596 0 \ 4597 -c "Maximum incoming record payload length is 4096" \ 4598 -c "Maximum outgoing record payload length is 4096" \ 4599 -s "Maximum incoming record payload length is 4096" \ 4600 -s "Maximum outgoing record payload length is 4096" \ 4601 -c "client hello, adding max_fragment_length extension" \ 4602 -s "found max fragment length extension" \ 4603 -s "server hello, max_fragment_length extension" \ 4604 -c "found max_fragment_length extension" 4605 4606requires_max_content_len 1024 4607requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4608run_test "Max fragment length: client 512, server 1024" \ 4609 "$P_SRV debug_level=3 max_frag_len=1024" \ 4610 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ 4611 0 \ 4612 -c "Maximum incoming record payload length is 512" \ 4613 -c "Maximum outgoing record payload length is 512" \ 4614 -s "Maximum incoming record payload length is 512" \ 4615 -s "Maximum outgoing record payload length is 512" \ 4616 -c "client hello, adding max_fragment_length extension" \ 4617 -s "found max fragment length extension" \ 4618 -s "server hello, max_fragment_length extension" \ 4619 -c "found max_fragment_length extension" 4620 4621requires_max_content_len 2048 4622requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4623run_test "Max fragment length: client 512, server 2048" \ 4624 "$P_SRV debug_level=3 max_frag_len=2048" \ 4625 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ 4626 0 \ 4627 -c "Maximum incoming record payload length is 512" \ 4628 -c "Maximum outgoing record payload length is 512" \ 4629 -s "Maximum incoming record payload length is 512" \ 4630 -s "Maximum outgoing record payload length is 512" \ 4631 -c "client hello, adding max_fragment_length extension" \ 4632 -s "found max fragment length extension" \ 4633 -s "server hello, max_fragment_length extension" \ 4634 -c "found max_fragment_length extension" 4635 4636requires_max_content_len 4096 4637requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4638run_test "Max fragment length: client 512, server 4096" \ 4639 "$P_SRV debug_level=3 max_frag_len=4096" \ 4640 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ 4641 0 \ 4642 -c "Maximum incoming record payload length is 512" \ 4643 -c "Maximum outgoing record payload length is 512" \ 4644 -s "Maximum incoming record payload length is 512" \ 4645 -s "Maximum outgoing record payload length is 512" \ 4646 -c "client hello, adding max_fragment_length extension" \ 4647 -s "found max fragment length extension" \ 4648 -s "server hello, max_fragment_length extension" \ 4649 -c "found max_fragment_length extension" 4650 4651requires_max_content_len 1024 4652requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4653run_test "Max fragment length: client 1024, server 512" \ 4654 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ 4655 "$P_CLI debug_level=3 max_frag_len=1024" \ 4656 0 \ 4657 -c "Maximum incoming record payload length is 1024" \ 4658 -c "Maximum outgoing record payload length is 1024" \ 4659 -s "Maximum incoming record payload length is 1024" \ 4660 -s "Maximum outgoing record payload length is 512" \ 4661 -c "client hello, adding max_fragment_length extension" \ 4662 -s "found max fragment length extension" \ 4663 -s "server hello, max_fragment_length extension" \ 4664 -c "found max_fragment_length extension" 4665 4666requires_max_content_len 2048 4667requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4668run_test "Max fragment length: client 1024, server 2048" \ 4669 "$P_SRV debug_level=3 max_frag_len=2048" \ 4670 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ 4671 0 \ 4672 -c "Maximum incoming record payload length is 1024" \ 4673 -c "Maximum outgoing record payload length is 1024" \ 4674 -s "Maximum incoming record payload length is 1024" \ 4675 -s "Maximum outgoing record payload length is 1024" \ 4676 -c "client hello, adding max_fragment_length extension" \ 4677 -s "found max fragment length extension" \ 4678 -s "server hello, max_fragment_length extension" \ 4679 -c "found max_fragment_length extension" 4680 4681requires_max_content_len 4096 4682requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4683run_test "Max fragment length: client 1024, server 4096" \ 4684 "$P_SRV debug_level=3 max_frag_len=4096" \ 4685 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ 4686 0 \ 4687 -c "Maximum incoming record payload length is 1024" \ 4688 -c "Maximum outgoing record payload length is 1024" \ 4689 -s "Maximum incoming record payload length is 1024" \ 4690 -s "Maximum outgoing record payload length is 1024" \ 4691 -c "client hello, adding max_fragment_length extension" \ 4692 -s "found max fragment length extension" \ 4693 -s "server hello, max_fragment_length extension" \ 4694 -c "found max_fragment_length extension" 4695 4696requires_max_content_len 2048 4697requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4698run_test "Max fragment length: client 2048, server 512" \ 4699 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ 4700 "$P_CLI debug_level=3 max_frag_len=2048" \ 4701 0 \ 4702 -c "Maximum incoming record payload length is 2048" \ 4703 -c "Maximum outgoing record payload length is 2048" \ 4704 -s "Maximum incoming record payload length is 2048" \ 4705 -s "Maximum outgoing record payload length is 512" \ 4706 -c "client hello, adding max_fragment_length extension" \ 4707 -s "found max fragment length extension" \ 4708 -s "server hello, max_fragment_length extension" \ 4709 -c "found max_fragment_length extension" 4710 4711requires_max_content_len 2048 4712requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4713run_test "Max fragment length: client 2048, server 1024" \ 4714 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ 4715 "$P_CLI debug_level=3 max_frag_len=2048" \ 4716 0 \ 4717 -c "Maximum incoming record payload length is 2048" \ 4718 -c "Maximum outgoing record payload length is 2048" \ 4719 -s "Maximum incoming record payload length is 2048" \ 4720 -s "Maximum outgoing record payload length is 1024" \ 4721 -c "client hello, adding max_fragment_length extension" \ 4722 -s "found max fragment length extension" \ 4723 -s "server hello, max_fragment_length extension" \ 4724 -c "found max_fragment_length extension" 4725 4726requires_max_content_len 4096 4727requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4728run_test "Max fragment length: client 2048, server 4096" \ 4729 "$P_SRV debug_level=3 max_frag_len=4096" \ 4730 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \ 4731 0 \ 4732 -c "Maximum incoming record payload length is 2048" \ 4733 -c "Maximum outgoing record payload length is 2048" \ 4734 -s "Maximum incoming record payload length is 2048" \ 4735 -s "Maximum outgoing record payload length is 2048" \ 4736 -c "client hello, adding max_fragment_length extension" \ 4737 -s "found max fragment length extension" \ 4738 -s "server hello, max_fragment_length extension" \ 4739 -c "found max_fragment_length extension" 4740 4741requires_max_content_len 4096 4742requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4743run_test "Max fragment length: client 4096, server 512" \ 4744 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ 4745 "$P_CLI debug_level=3 max_frag_len=4096" \ 4746 0 \ 4747 -c "Maximum incoming record payload length is 4096" \ 4748 -c "Maximum outgoing record payload length is 4096" \ 4749 -s "Maximum incoming record payload length is 4096" \ 4750 -s "Maximum outgoing record payload length is 512" \ 4751 -c "client hello, adding max_fragment_length extension" \ 4752 -s "found max fragment length extension" \ 4753 -s "server hello, max_fragment_length extension" \ 4754 -c "found max_fragment_length extension" 4755 4756requires_max_content_len 4096 4757requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4758run_test "Max fragment length: client 4096, server 1024" \ 4759 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ 4760 "$P_CLI debug_level=3 max_frag_len=4096" \ 4761 0 \ 4762 -c "Maximum incoming record payload length is 4096" \ 4763 -c "Maximum outgoing record payload length is 4096" \ 4764 -s "Maximum incoming record payload length is 4096" \ 4765 -s "Maximum outgoing record payload length is 1024" \ 4766 -c "client hello, adding max_fragment_length extension" \ 4767 -s "found max fragment length extension" \ 4768 -s "server hello, max_fragment_length extension" \ 4769 -c "found max_fragment_length extension" 4770 4771requires_max_content_len 4096 4772requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4773run_test "Max fragment length: client 4096, server 2048" \ 4774 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \ 4775 "$P_CLI debug_level=3 max_frag_len=4096" \ 4776 0 \ 4777 -c "Maximum incoming record payload length is 4096" \ 4778 -c "Maximum outgoing record payload length is 4096" \ 4779 -s "Maximum incoming record payload length is 4096" \ 4780 -s "Maximum outgoing record payload length is 2048" \ 4781 -c "client hello, adding max_fragment_length extension" \ 4782 -s "found max fragment length extension" \ 4783 -s "server hello, max_fragment_length extension" \ 4784 -c "found max_fragment_length extension" 4785 4786requires_max_content_len 4096 4787requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4788run_test "Max fragment length: used by server" \ 4789 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \ 4790 "$P_CLI debug_level=3" \ 4791 0 \ 4792 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4793 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4794 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4795 -s "Maximum outgoing record payload length is 4096" \ 4796 -C "client hello, adding max_fragment_length extension" \ 4797 -S "found max fragment length extension" \ 4798 -S "server hello, max_fragment_length extension" \ 4799 -C "found max_fragment_length extension" 4800 4801requires_max_content_len 4096 4802requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4803requires_gnutls 4804requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4805run_test "Max fragment length: gnutls server" \ 4806 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 4807 "$P_CLI debug_level=3 max_frag_len=4096" \ 4808 0 \ 4809 -c "Maximum incoming record payload length is 4096" \ 4810 -c "Maximum outgoing record payload length is 4096" \ 4811 -c "client hello, adding max_fragment_length extension" \ 4812 -c "found max_fragment_length extension" 4813 4814requires_max_content_len 2048 4815requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4816run_test "Max fragment length: client, message just fits" \ 4817 "$P_SRV debug_level=3" \ 4818 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \ 4819 0 \ 4820 -c "Maximum incoming record payload length is 2048" \ 4821 -c "Maximum outgoing record payload length is 2048" \ 4822 -s "Maximum incoming record payload length is 2048" \ 4823 -s "Maximum outgoing record payload length is 2048" \ 4824 -c "client hello, adding max_fragment_length extension" \ 4825 -s "found max fragment length extension" \ 4826 -s "server hello, max_fragment_length extension" \ 4827 -c "found max_fragment_length extension" \ 4828 -c "2048 bytes written in 1 fragments" \ 4829 -s "2048 bytes read" 4830 4831requires_max_content_len 2048 4832requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4833run_test "Max fragment length: client, larger message" \ 4834 "$P_SRV debug_level=3" \ 4835 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \ 4836 0 \ 4837 -c "Maximum incoming record payload length is 2048" \ 4838 -c "Maximum outgoing record payload length is 2048" \ 4839 -s "Maximum incoming record payload length is 2048" \ 4840 -s "Maximum outgoing record payload length is 2048" \ 4841 -c "client hello, adding max_fragment_length extension" \ 4842 -s "found max fragment length extension" \ 4843 -s "server hello, max_fragment_length extension" \ 4844 -c "found max_fragment_length extension" \ 4845 -c "2345 bytes written in 2 fragments" \ 4846 -s "2048 bytes read" \ 4847 -s "297 bytes read" 4848 4849requires_max_content_len 2048 4850requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4851requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4852run_test "Max fragment length: DTLS client, larger message" \ 4853 "$P_SRV debug_level=3 dtls=1" \ 4854 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 4855 1 \ 4856 -c "Maximum incoming record payload length is 2048" \ 4857 -c "Maximum outgoing record payload length is 2048" \ 4858 -s "Maximum incoming record payload length is 2048" \ 4859 -s "Maximum outgoing record payload length is 2048" \ 4860 -c "client hello, adding max_fragment_length extension" \ 4861 -s "found max fragment length extension" \ 4862 -s "server hello, max_fragment_length extension" \ 4863 -c "found max_fragment_length extension" \ 4864 -c "fragment larger than.*maximum" 4865 4866# Tests for Record Size Limit extension 4867 4868requires_gnutls_tls1_3 4869requires_gnutls_record_size_limit 4870requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 4871requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4873run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ 4874 "$P_SRV debug_level=3 force_version=tls13" \ 4875 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ 4876 0 \ 4877 -s "RecordSizeLimit: 16385 Bytes" \ 4878 -s "ClientHello: record_size_limit(28) extension exists." \ 4879 -s "Maximum outgoing record payload length is 16383" \ 4880 -s "bytes written in 1 fragments" 4881 4882requires_gnutls_tls1_3 4883requires_gnutls_record_size_limit 4884requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 4885requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4886requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4887run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ 4888 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \ 4889 "$P_CLI debug_level=4 force_version=tls13" \ 4890 0 \ 4891 -c "Sent RecordSizeLimit: 16384 Bytes" \ 4892 -c "ClientHello: record_size_limit(28) extension exists." \ 4893 -c "EncryptedExtensions: record_size_limit(28) extension received." \ 4894 -c "RecordSizeLimit: 16385 Bytes" \ 4895 4896# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the 4897# maximum record size using gnutls_record_set_max_size() 4898# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size). 4899# There is currently a lower limit of 512, caused by gnutls_record_set_max_size() 4900# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the 4901# more recent function gnutls_record_set_max_recv_size() 4902# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size). 4903# There is currently an upper limit of 4096, caused by the cli arg parser: 4904# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. 4905# Thus, these tests are currently limited to the value range 512-4096. 4906# Also, the value sent in the extension will be one larger than the value 4907# set at the command line: 4908# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 4909 4910# Currently test certificates being used do not fit in 513 record size limit 4911# so for 513 record size limit tests we use preshared key to avoid sending 4912# the certificate. 4913 4914requires_gnutls_tls1_3 4915requires_gnutls_record_size_limit 4916requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 4917requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 4919run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ 4920 "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ 4921 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ 4922 response_size=256" \ 4923 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ 4924 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 4925 0 \ 4926 -s "RecordSizeLimit: 513 Bytes" \ 4927 -s "ClientHello: record_size_limit(28) extension exists." \ 4928 -s "Sent RecordSizeLimit: 16384 Bytes" \ 4929 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 4930 -s "Maximum outgoing record payload length is 511" \ 4931 -s "256 bytes written in 1 fragments" 4932 4933requires_gnutls_tls1_3 4934requires_gnutls_record_size_limit 4935requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 4936requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 4938run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ 4939 "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ 4940 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ 4941 response_size=768" \ 4942 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ 4943 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 4944 0 \ 4945 -s "RecordSizeLimit: 513 Bytes" \ 4946 -s "ClientHello: record_size_limit(28) extension exists." \ 4947 -s "Sent RecordSizeLimit: 16384 Bytes" \ 4948 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 4949 -s "Maximum outgoing record payload length is 511" \ 4950 -s "768 bytes written in 2 fragments" 4951 4952requires_gnutls_tls1_3 4953requires_gnutls_record_size_limit 4954requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 4955requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 4957run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ 4958 "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ 4959 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ 4960 response_size=1280" \ 4961 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ 4962 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 4963 0 \ 4964 -s "RecordSizeLimit: 513 Bytes" \ 4965 -s "ClientHello: record_size_limit(28) extension exists." \ 4966 -s "Sent RecordSizeLimit: 16384 Bytes" \ 4967 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 4968 -s "Maximum outgoing record payload length is 511" \ 4969 -s "1280 bytes written in 3 fragments" 4970 4971requires_gnutls_tls1_3 4972requires_gnutls_record_size_limit 4973requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 4974requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4976run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ 4977 "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ 4978 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 4979 0 \ 4980 -s "RecordSizeLimit: 1024 Bytes" \ 4981 -s "ClientHello: record_size_limit(28) extension exists." \ 4982 -s "Sent RecordSizeLimit: 16384 Bytes" \ 4983 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 4984 -s "Maximum outgoing record payload length is 1023" \ 4985 -s "512 bytes written in 1 fragments" 4986 4987requires_gnutls_tls1_3 4988requires_gnutls_record_size_limit 4989requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 4990requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4992run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ 4993 "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ 4994 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 4995 0 \ 4996 -s "RecordSizeLimit: 1024 Bytes" \ 4997 -s "ClientHello: record_size_limit(28) extension exists." \ 4998 -s "Sent RecordSizeLimit: 16384 Bytes" \ 4999 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 5000 -s "Maximum outgoing record payload length is 1023" \ 5001 -s "1536 bytes written in 2 fragments" 5002 5003requires_gnutls_tls1_3 5004requires_gnutls_record_size_limit 5005requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 5006requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5007requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5008run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ 5009 "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ 5010 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 5011 0 \ 5012 -s "RecordSizeLimit: 1024 Bytes" \ 5013 -s "ClientHello: record_size_limit(28) extension exists." \ 5014 -s "Sent RecordSizeLimit: 16384 Bytes" \ 5015 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 5016 -s "Maximum outgoing record payload length is 1023" \ 5017 -s "2560 bytes written in 3 fragments" 5018 5019requires_gnutls_tls1_3 5020requires_gnutls_record_size_limit 5021requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 5022requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5024run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ 5025 "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ 5026 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 5027 0 \ 5028 -s "RecordSizeLimit: 4096 Bytes" \ 5029 -s "ClientHello: record_size_limit(28) extension exists." \ 5030 -s "Sent RecordSizeLimit: 16384 Bytes" \ 5031 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 5032 -s "Maximum outgoing record payload length is 4095" \ 5033 -s "2048 bytes written in 1 fragments" 5034 5035requires_gnutls_tls1_3 5036requires_gnutls_record_size_limit 5037requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 5038requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5040run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ 5041 "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ 5042 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 5043 0 \ 5044 -s "RecordSizeLimit: 4096 Bytes" \ 5045 -s "ClientHello: record_size_limit(28) extension exists." \ 5046 -s "Sent RecordSizeLimit: 16384 Bytes" \ 5047 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 5048 -s "Maximum outgoing record payload length is 4095" \ 5049 -s "6144 bytes written in 2 fragments" 5050 5051requires_gnutls_tls1_3 5052requires_gnutls_record_size_limit 5053requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 5054requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5056run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ 5057 "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ 5058 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 5059 0 \ 5060 -s "RecordSizeLimit: 4096 Bytes" \ 5061 -s "ClientHello: record_size_limit(28) extension exists." \ 5062 -s "Sent RecordSizeLimit: 16384 Bytes" \ 5063 -s "EncryptedExtensions: record_size_limit(28) extension exists." \ 5064 -s "Maximum outgoing record payload length is 4095" \ 5065 -s "10240 bytes written in 3 fragments" 5066 5067requires_gnutls_tls1_3 5068requires_gnutls_record_size_limit 5069requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5070requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5072run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \ 5073 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ 5074 "$P_CLI debug_level=4 force_version=tls13 request_size=256" \ 5075 0 \ 5076 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5077 -c "ClientHello: record_size_limit(28) extension exists." \ 5078 -c "RecordSizeLimit: 513 Bytes" \ 5079 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5080 -c "Maximum outgoing record payload length is 511" \ 5081 -c "256 bytes written in 1 fragments" 5082 5083requires_gnutls_tls1_3 5084requires_gnutls_record_size_limit 5085requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5086requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5088run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \ 5089 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ 5090 "$P_CLI debug_level=4 force_version=tls13 request_size=768" \ 5091 0 \ 5092 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5093 -c "ClientHello: record_size_limit(28) extension exists." \ 5094 -c "RecordSizeLimit: 513 Bytes" \ 5095 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5096 -c "Maximum outgoing record payload length is 511" \ 5097 -c "768 bytes written in 2 fragments" 5098 5099requires_gnutls_tls1_3 5100requires_gnutls_record_size_limit 5101requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5102requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5103requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5104run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \ 5105 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ 5106 "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \ 5107 0 \ 5108 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5109 -c "ClientHello: record_size_limit(28) extension exists." \ 5110 -c "RecordSizeLimit: 513 Bytes" \ 5111 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5112 -c "Maximum outgoing record payload length is 511" \ 5113 -c "1280 bytes written in 3 fragments" 5114 5115requires_gnutls_tls1_3 5116requires_gnutls_record_size_limit 5117requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5118requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5120run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \ 5121 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ 5122 "$P_CLI debug_level=4 force_version=tls13 request_size=512" \ 5123 0 \ 5124 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5125 -c "ClientHello: record_size_limit(28) extension exists." \ 5126 -c "RecordSizeLimit: 1024 Bytes" \ 5127 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5128 -c "Maximum outgoing record payload length is 1023" \ 5129 -c "512 bytes written in 1 fragments" 5130 5131requires_gnutls_tls1_3 5132requires_gnutls_record_size_limit 5133requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5134requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5136run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \ 5137 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ 5138 "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \ 5139 0 \ 5140 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5141 -c "ClientHello: record_size_limit(28) extension exists." \ 5142 -c "RecordSizeLimit: 1024 Bytes" \ 5143 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5144 -c "Maximum outgoing record payload length is 1023" \ 5145 -c "1536 bytes written in 2 fragments" 5146 5147requires_gnutls_tls1_3 5148requires_gnutls_record_size_limit 5149requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5150requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5152run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \ 5153 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ 5154 "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \ 5155 0 \ 5156 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5157 -c "ClientHello: record_size_limit(28) extension exists." \ 5158 -c "RecordSizeLimit: 1024 Bytes" \ 5159 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5160 -c "Maximum outgoing record payload length is 1023" \ 5161 -c "2560 bytes written in 3 fragments" 5162 5163requires_gnutls_tls1_3 5164requires_gnutls_record_size_limit 5165requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5166requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5167requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5168run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \ 5169 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ 5170 "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \ 5171 0 \ 5172 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5173 -c "ClientHello: record_size_limit(28) extension exists." \ 5174 -c "RecordSizeLimit: 4096 Bytes" \ 5175 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5176 -c "Maximum outgoing record payload length is 4095" \ 5177 -c "2048 bytes written in 1 fragments" 5178 5179requires_gnutls_tls1_3 5180requires_gnutls_record_size_limit 5181requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5182requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5184run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \ 5185 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ 5186 "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \ 5187 0 \ 5188 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5189 -c "ClientHello: record_size_limit(28) extension exists." \ 5190 -c "RecordSizeLimit: 4096 Bytes" \ 5191 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5192 -c "Maximum outgoing record payload length is 4095" \ 5193 -c "6144 bytes written in 2 fragments" 5194 5195requires_gnutls_tls1_3 5196requires_gnutls_record_size_limit 5197requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C 5198requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5200run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \ 5201 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ 5202 "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \ 5203 0 \ 5204 -c "Sent RecordSizeLimit: 16384 Bytes" \ 5205 -c "ClientHello: record_size_limit(28) extension exists." \ 5206 -c "RecordSizeLimit: 4096 Bytes" \ 5207 -c "EncryptedExtensions: record_size_limit(28) extension exists." \ 5208 -c "Maximum outgoing record payload length is 4095" \ 5209 -c "10240 bytes written in 3 fragments" 5210 5211# TODO: For time being, we send fixed value of RecordSizeLimit defined by 5212# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of 5213# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. 5214requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384 5215requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 5216requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 5217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5218run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \ 5219 "$P_SRV debug_level=4 force_version=tls13" \ 5220 "$P_CLI debug_level=4" \ 5221 0 \ 5222 -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ 5223 -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \ 5224 -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \ 5225 -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ 5226 -s "Maximum outgoing record payload length is 16383" \ 5227 -s "Maximum incoming record payload length is 16384" 5228 5229# End of Record size limit tests 5230 5231# Tests for renegotiation 5232 5233# G_NEXT_SRV is used in renegotiation tests becuase of the increased 5234# extensions limit since we exceed the limit in G_SRV when we send 5235# TLS 1.3 extensions in the initial handshake. 5236 5237# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION 5238run_test "Renegotiation: none, for reference" \ 5239 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ 5240 "$P_CLI force_version=tls12 debug_level=3 exchanges=2" \ 5241 0 \ 5242 -C "client hello, adding renegotiation extension" \ 5243 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5244 -S "found renegotiation extension" \ 5245 -s "server hello, secure renegotiation extension" \ 5246 -c "found renegotiation extension" \ 5247 -C "=> renegotiate" \ 5248 -S "=> renegotiate" \ 5249 -S "write hello request" 5250 5251requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5252run_test "Renegotiation: client-initiated" \ 5253 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 5254 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 5255 0 \ 5256 -c "client hello, adding renegotiation extension" \ 5257 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5258 -s "found renegotiation extension" \ 5259 -s "server hello, secure renegotiation extension" \ 5260 -c "found renegotiation extension" \ 5261 -c "=> renegotiate" \ 5262 -s "=> renegotiate" \ 5263 -S "write hello request" 5264 5265requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5266run_test "Renegotiation: server-initiated" \ 5267 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 5268 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 5269 0 \ 5270 -c "client hello, adding renegotiation extension" \ 5271 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5272 -s "found renegotiation extension" \ 5273 -s "server hello, secure renegotiation extension" \ 5274 -c "found renegotiation extension" \ 5275 -c "=> renegotiate" \ 5276 -s "=> renegotiate" \ 5277 -s "write hello request" 5278 5279# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 5280# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 5281# algorithm stronger than SHA-1 is enabled in mbedtls_config.h 5282requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5283run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ 5284 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 5285 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 5286 0 \ 5287 -c "client hello, adding renegotiation extension" \ 5288 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5289 -s "found renegotiation extension" \ 5290 -s "server hello, secure renegotiation extension" \ 5291 -c "found renegotiation extension" \ 5292 -c "=> renegotiate" \ 5293 -s "=> renegotiate" \ 5294 -S "write hello request" \ 5295 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 5296 5297# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 5298# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 5299# algorithm stronger than SHA-1 is enabled in mbedtls_config.h 5300requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5301run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ 5302 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 5303 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 5304 0 \ 5305 -c "client hello, adding renegotiation extension" \ 5306 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5307 -s "found renegotiation extension" \ 5308 -s "server hello, secure renegotiation extension" \ 5309 -c "found renegotiation extension" \ 5310 -c "=> renegotiate" \ 5311 -s "=> renegotiate" \ 5312 -s "write hello request" \ 5313 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 5314 5315requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5316run_test "Renegotiation: double" \ 5317 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 5318 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 5319 0 \ 5320 -c "client hello, adding renegotiation extension" \ 5321 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5322 -s "found renegotiation extension" \ 5323 -s "server hello, secure renegotiation extension" \ 5324 -c "found renegotiation extension" \ 5325 -c "=> renegotiate" \ 5326 -s "=> renegotiate" \ 5327 -s "write hello request" 5328 5329requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5330requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 5331requires_max_content_len 2048 5332run_test "Renegotiation with max fragment length: client 2048, server 512" \ 5333 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ 5334 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 5335 0 \ 5336 -c "Maximum incoming record payload length is 2048" \ 5337 -c "Maximum outgoing record payload length is 2048" \ 5338 -s "Maximum incoming record payload length is 2048" \ 5339 -s "Maximum outgoing record payload length is 512" \ 5340 -c "client hello, adding max_fragment_length extension" \ 5341 -s "found max fragment length extension" \ 5342 -s "server hello, max_fragment_length extension" \ 5343 -c "found max_fragment_length extension" \ 5344 -c "client hello, adding renegotiation extension" \ 5345 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5346 -s "found renegotiation extension" \ 5347 -s "server hello, secure renegotiation extension" \ 5348 -c "found renegotiation extension" \ 5349 -c "=> renegotiate" \ 5350 -s "=> renegotiate" \ 5351 -s "write hello request" 5352 5353requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5354run_test "Renegotiation: client-initiated, server-rejected" \ 5355 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ 5356 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 5357 1 \ 5358 -c "client hello, adding renegotiation extension" \ 5359 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5360 -S "found renegotiation extension" \ 5361 -s "server hello, secure renegotiation extension" \ 5362 -c "found renegotiation extension" \ 5363 -c "=> renegotiate" \ 5364 -S "=> renegotiate" \ 5365 -S "write hello request" \ 5366 -c "SSL - Unexpected message at ServerHello in renegotiation" \ 5367 -c "failed" 5368 5369requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5370run_test "Renegotiation: server-initiated, client-rejected, default" \ 5371 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 5372 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 5373 0 \ 5374 -C "client hello, adding renegotiation extension" \ 5375 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5376 -S "found renegotiation extension" \ 5377 -s "server hello, secure renegotiation extension" \ 5378 -c "found renegotiation extension" \ 5379 -C "=> renegotiate" \ 5380 -S "=> renegotiate" \ 5381 -s "write hello request" \ 5382 -S "SSL - An unexpected message was received from our peer" \ 5383 -S "failed" 5384 5385requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5386run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ 5387 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 5388 renego_delay=-1 auth_mode=optional" \ 5389 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 5390 0 \ 5391 -C "client hello, adding renegotiation extension" \ 5392 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5393 -S "found renegotiation extension" \ 5394 -s "server hello, secure renegotiation extension" \ 5395 -c "found renegotiation extension" \ 5396 -C "=> renegotiate" \ 5397 -S "=> renegotiate" \ 5398 -s "write hello request" \ 5399 -S "SSL - An unexpected message was received from our peer" \ 5400 -S "failed" 5401 5402# delay 2 for 1 alert record + 1 application data record 5403requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5404run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ 5405 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 5406 renego_delay=2 auth_mode=optional" \ 5407 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 5408 0 \ 5409 -C "client hello, adding renegotiation extension" \ 5410 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5411 -S "found renegotiation extension" \ 5412 -s "server hello, secure renegotiation extension" \ 5413 -c "found renegotiation extension" \ 5414 -C "=> renegotiate" \ 5415 -S "=> renegotiate" \ 5416 -s "write hello request" \ 5417 -S "SSL - An unexpected message was received from our peer" \ 5418 -S "failed" 5419 5420requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5421run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ 5422 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 5423 renego_delay=0 auth_mode=optional" \ 5424 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 5425 0 \ 5426 -C "client hello, adding renegotiation extension" \ 5427 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5428 -S "found renegotiation extension" \ 5429 -s "server hello, secure renegotiation extension" \ 5430 -c "found renegotiation extension" \ 5431 -C "=> renegotiate" \ 5432 -S "=> renegotiate" \ 5433 -s "write hello request" \ 5434 -s "SSL - An unexpected message was received from our peer" 5435 5436requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5437run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ 5438 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 5439 renego_delay=0 auth_mode=optional" \ 5440 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 5441 0 \ 5442 -c "client hello, adding renegotiation extension" \ 5443 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5444 -s "found renegotiation extension" \ 5445 -s "server hello, secure renegotiation extension" \ 5446 -c "found renegotiation extension" \ 5447 -c "=> renegotiate" \ 5448 -s "=> renegotiate" \ 5449 -s "write hello request" \ 5450 -S "SSL - An unexpected message was received from our peer" \ 5451 -S "failed" 5452 5453requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5454run_test "Renegotiation: periodic, just below period" \ 5455 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 5456 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1" \ 5457 0 \ 5458 -C "client hello, adding renegotiation extension" \ 5459 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5460 -S "found renegotiation extension" \ 5461 -s "server hello, secure renegotiation extension" \ 5462 -c "found renegotiation extension" \ 5463 -S "record counter limit reached: renegotiate" \ 5464 -C "=> renegotiate" \ 5465 -S "=> renegotiate" \ 5466 -S "write hello request" \ 5467 -S "SSL - An unexpected message was received from our peer" \ 5468 -S "failed" 5469 5470# one extra exchange to be able to complete renego 5471requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5472run_test "Renegotiation: periodic, just above period" \ 5473 "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 5474 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 5475 0 \ 5476 -c "client hello, adding renegotiation extension" \ 5477 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5478 -s "found renegotiation extension" \ 5479 -s "server hello, secure renegotiation extension" \ 5480 -c "found renegotiation extension" \ 5481 -s "record counter limit reached: renegotiate" \ 5482 -c "=> renegotiate" \ 5483 -s "=> renegotiate" \ 5484 -s "write hello request" \ 5485 -S "SSL - An unexpected message was received from our peer" \ 5486 -S "failed" 5487 5488requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5489run_test "Renegotiation: periodic, two times period" \ 5490 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 5491 "$P_CLI force_version=tls12 debug_level=3 exchanges=7 renegotiation=1" \ 5492 0 \ 5493 -c "client hello, adding renegotiation extension" \ 5494 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5495 -s "found renegotiation extension" \ 5496 -s "server hello, secure renegotiation extension" \ 5497 -c "found renegotiation extension" \ 5498 -s "record counter limit reached: renegotiate" \ 5499 -c "=> renegotiate" \ 5500 -s "=> renegotiate" \ 5501 -s "write hello request" \ 5502 -S "SSL - An unexpected message was received from our peer" \ 5503 -S "failed" 5504 5505requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5506run_test "Renegotiation: periodic, above period, disabled" \ 5507 "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ 5508 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 5509 0 \ 5510 -C "client hello, adding renegotiation extension" \ 5511 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5512 -S "found renegotiation extension" \ 5513 -s "server hello, secure renegotiation extension" \ 5514 -c "found renegotiation extension" \ 5515 -S "record counter limit reached: renegotiate" \ 5516 -C "=> renegotiate" \ 5517 -S "=> renegotiate" \ 5518 -S "write hello request" \ 5519 -S "SSL - An unexpected message was received from our peer" \ 5520 -S "failed" 5521 5522requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5523run_test "Renegotiation: nbio, client-initiated" \ 5524 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ 5525 "$P_CLI force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ 5526 0 \ 5527 -c "client hello, adding renegotiation extension" \ 5528 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5529 -s "found renegotiation extension" \ 5530 -s "server hello, secure renegotiation extension" \ 5531 -c "found renegotiation extension" \ 5532 -c "=> renegotiate" \ 5533 -s "=> renegotiate" \ 5534 -S "write hello request" 5535 5536requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5537run_test "Renegotiation: nbio, server-initiated" \ 5538 "$P_SRV force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 5539 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ 5540 0 \ 5541 -c "client hello, adding renegotiation extension" \ 5542 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5543 -s "found renegotiation extension" \ 5544 -s "server hello, secure renegotiation extension" \ 5545 -c "found renegotiation extension" \ 5546 -c "=> renegotiate" \ 5547 -s "=> renegotiate" \ 5548 -s "write hello request" 5549 5550requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5551requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5552run_test "Renegotiation: openssl server, client-initiated" \ 5553 "$O_SRV -www -tls1_2" \ 5554 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 5555 0 \ 5556 -c "client hello, adding renegotiation extension" \ 5557 -c "found renegotiation extension" \ 5558 -c "=> renegotiate" \ 5559 -C "ssl_handshake() returned" \ 5560 -C "error" \ 5561 -c "HTTP/1.0 200 [Oo][Kk]" 5562 5563requires_gnutls 5564requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5566run_test "Renegotiation: gnutls server strict, client-initiated" \ 5567 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ 5568 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 5569 0 \ 5570 -c "client hello, adding renegotiation extension" \ 5571 -c "found renegotiation extension" \ 5572 -c "=> renegotiate" \ 5573 -C "ssl_handshake() returned" \ 5574 -C "error" \ 5575 -c "HTTP/1.0 200 [Oo][Kk]" 5576 5577requires_gnutls 5578requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5579requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5580run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ 5581 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5582 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 5583 1 \ 5584 -c "client hello, adding renegotiation extension" \ 5585 -C "found renegotiation extension" \ 5586 -c "=> renegotiate" \ 5587 -c "mbedtls_ssl_handshake() returned" \ 5588 -c "error" \ 5589 -C "HTTP/1.0 200 [Oo][Kk]" 5590 5591requires_gnutls 5592requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5593requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5594run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ 5595 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5596 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 5597 allow_legacy=0" \ 5598 1 \ 5599 -c "client hello, adding renegotiation extension" \ 5600 -C "found renegotiation extension" \ 5601 -c "=> renegotiate" \ 5602 -c "mbedtls_ssl_handshake() returned" \ 5603 -c "error" \ 5604 -C "HTTP/1.0 200 [Oo][Kk]" 5605 5606requires_gnutls 5607requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5608requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5609run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ 5610 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5611 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 5612 allow_legacy=1" \ 5613 0 \ 5614 -c "client hello, adding renegotiation extension" \ 5615 -C "found renegotiation extension" \ 5616 -c "=> renegotiate" \ 5617 -C "ssl_handshake() returned" \ 5618 -C "error" \ 5619 -c "HTTP/1.0 200 [Oo][Kk]" 5620 5621requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5622requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5623run_test "Renegotiation: DTLS, client-initiated" \ 5624 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ 5625 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 5626 0 \ 5627 -c "client hello, adding renegotiation extension" \ 5628 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5629 -s "found renegotiation extension" \ 5630 -s "server hello, secure renegotiation extension" \ 5631 -c "found renegotiation extension" \ 5632 -c "=> renegotiate" \ 5633 -s "=> renegotiate" \ 5634 -S "write hello request" 5635 5636requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5637requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5638run_test "Renegotiation: DTLS, server-initiated" \ 5639 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 5640 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ 5641 read_timeout=1000 max_resend=2" \ 5642 0 \ 5643 -c "client hello, adding renegotiation extension" \ 5644 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5645 -s "found renegotiation extension" \ 5646 -s "server hello, secure renegotiation extension" \ 5647 -c "found renegotiation extension" \ 5648 -c "=> renegotiate" \ 5649 -s "=> renegotiate" \ 5650 -s "write hello request" 5651 5652requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5653requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5654run_test "Renegotiation: DTLS, renego_period overflow" \ 5655 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ 5656 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ 5657 0 \ 5658 -c "client hello, adding renegotiation extension" \ 5659 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5660 -s "found renegotiation extension" \ 5661 -s "server hello, secure renegotiation extension" \ 5662 -s "record counter limit reached: renegotiate" \ 5663 -c "=> renegotiate" \ 5664 -s "=> renegotiate" \ 5665 -s "write hello request" 5666 5667requires_gnutls 5668requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5669requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5670run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ 5671 "$G_NEXT_SRV -u --mtu 4096" \ 5672 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 5673 0 \ 5674 -c "client hello, adding renegotiation extension" \ 5675 -c "found renegotiation extension" \ 5676 -c "=> renegotiate" \ 5677 -C "mbedtls_ssl_handshake returned" \ 5678 -C "error" \ 5679 -s "Extra-header:" 5680 5681# Test for the "secure renegotiation" extension only (no actual renegotiation) 5682 5683requires_gnutls 5684requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5686run_test "Renego ext: gnutls server strict, client default" \ 5687 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ 5688 "$P_CLI debug_level=3" \ 5689 0 \ 5690 -c "found renegotiation extension" \ 5691 -C "error" \ 5692 -c "HTTP/1.0 200 [Oo][Kk]" 5693 5694requires_gnutls 5695requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5697run_test "Renego ext: gnutls server unsafe, client default" \ 5698 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5699 "$P_CLI debug_level=3" \ 5700 0 \ 5701 -C "found renegotiation extension" \ 5702 -C "error" \ 5703 -c "HTTP/1.0 200 [Oo][Kk]" 5704 5705requires_gnutls 5706requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5707requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5708run_test "Renego ext: gnutls server unsafe, client break legacy" \ 5709 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5710 "$P_CLI debug_level=3 allow_legacy=-1" \ 5711 1 \ 5712 -C "found renegotiation extension" \ 5713 -c "error" \ 5714 -C "HTTP/1.0 200 [Oo][Kk]" 5715 5716requires_gnutls 5717requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5718requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5719run_test "Renego ext: gnutls client strict, server default" \ 5720 "$P_SRV debug_level=3" \ 5721 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \ 5722 0 \ 5723 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 5724 -s "server hello, secure renegotiation extension" 5725 5726requires_gnutls 5727requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5728requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5729run_test "Renego ext: gnutls client unsafe, server default" \ 5730 "$P_SRV debug_level=3" \ 5731 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ 5732 0 \ 5733 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 5734 -S "server hello, secure renegotiation extension" 5735 5736requires_gnutls 5737requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5738requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5739run_test "Renego ext: gnutls client unsafe, server break legacy" \ 5740 "$P_SRV debug_level=3 allow_legacy=-1" \ 5741 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ 5742 1 \ 5743 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 5744 -S "server hello, secure renegotiation extension" 5745 5746# Tests for silently dropping trailing extra bytes in .der certificates 5747 5748requires_gnutls 5749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5750run_test "DER format: no trailing bytes" \ 5751 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der0.crt \ 5752 key_file=$DATA_FILES_PATH/server5.key" \ 5753 "$G_CLI localhost" \ 5754 0 \ 5755 -c "Handshake was completed" \ 5756 5757requires_gnutls 5758requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5759run_test "DER format: with a trailing zero byte" \ 5760 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1a.crt \ 5761 key_file=$DATA_FILES_PATH/server5.key" \ 5762 "$G_CLI localhost" \ 5763 0 \ 5764 -c "Handshake was completed" \ 5765 5766requires_gnutls 5767requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5768run_test "DER format: with a trailing random byte" \ 5769 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1b.crt \ 5770 key_file=$DATA_FILES_PATH/server5.key" \ 5771 "$G_CLI localhost" \ 5772 0 \ 5773 -c "Handshake was completed" \ 5774 5775requires_gnutls 5776requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5777run_test "DER format: with 2 trailing random bytes" \ 5778 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der2.crt \ 5779 key_file=$DATA_FILES_PATH/server5.key" \ 5780 "$G_CLI localhost" \ 5781 0 \ 5782 -c "Handshake was completed" \ 5783 5784requires_gnutls 5785requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5786run_test "DER format: with 4 trailing random bytes" \ 5787 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der4.crt \ 5788 key_file=$DATA_FILES_PATH/server5.key" \ 5789 "$G_CLI localhost" \ 5790 0 \ 5791 -c "Handshake was completed" \ 5792 5793requires_gnutls 5794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5795run_test "DER format: with 8 trailing random bytes" \ 5796 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der8.crt \ 5797 key_file=$DATA_FILES_PATH/server5.key" \ 5798 "$G_CLI localhost" \ 5799 0 \ 5800 -c "Handshake was completed" \ 5801 5802requires_gnutls 5803requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5804run_test "DER format: with 9 trailing random bytes" \ 5805 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der9.crt \ 5806 key_file=$DATA_FILES_PATH/server5.key" \ 5807 "$G_CLI localhost" \ 5808 0 \ 5809 -c "Handshake was completed" \ 5810 5811# Tests for auth_mode, there are duplicated tests using ca callback for authentication 5812# When updating these tests, modify the matching authentication tests accordingly 5813 5814# The next 4 cases test the 3 auth modes with a badly signed server cert. 5815requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5816run_test "Authentication: server badcert, client required" \ 5817 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 5818 key_file=$DATA_FILES_PATH/server5.key" \ 5819 "$P_CLI debug_level=3 auth_mode=required" \ 5820 1 \ 5821 -c "x509_verify_cert() returned" \ 5822 -c "! The certificate is not correctly signed by the trusted CA" \ 5823 -c "! mbedtls_ssl_handshake returned" \ 5824 -c "send alert level=2 message=48" \ 5825 -c "X509 - Certificate verification failed" 5826 # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 5827# We don't check that the server receives the alert because it might 5828# detect that its write end of the connection is closed and abort 5829# before reading the alert message. 5830 5831run_test "Authentication: server badcert, client required (1.2)" \ 5832 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 5833 key_file=$DATA_FILES_PATH/server5.key" \ 5834 "$P_CLI force_version=tls12 debug_level=3 auth_mode=required" \ 5835 1 \ 5836 -c "x509_verify_cert() returned" \ 5837 -c "! The certificate is not correctly signed by the trusted CA" \ 5838 -c "! mbedtls_ssl_handshake returned" \ 5839 -c "send alert level=2 message=48" \ 5840 -c "X509 - Certificate verification failed" 5841 # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 5842 5843run_test "Authentication: server badcert, client optional" \ 5844 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 5845 key_file=$DATA_FILES_PATH/server5.key" \ 5846 "$P_CLI force_version=tls13 debug_level=3 auth_mode=optional" \ 5847 0 \ 5848 -c "x509_verify_cert() returned" \ 5849 -c "! The certificate is not correctly signed by the trusted CA" \ 5850 -C "! mbedtls_ssl_handshake returned" \ 5851 -C "send alert level=2 message=48" \ 5852 -C "X509 - Certificate verification failed" 5853 5854run_test "Authentication: server badcert, client optional (1.2)" \ 5855 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 5856 key_file=$DATA_FILES_PATH/server5.key" \ 5857 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional" \ 5858 0 \ 5859 -c "x509_verify_cert() returned" \ 5860 -c "! The certificate is not correctly signed by the trusted CA" \ 5861 -C "! mbedtls_ssl_handshake returned" \ 5862 -C "send alert level=2 message=48" \ 5863 -C "X509 - Certificate verification failed" 5864 5865run_test "Authentication: server badcert, client none" \ 5866 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 5867 key_file=$DATA_FILES_PATH/server5.key" \ 5868 "$P_CLI debug_level=3 auth_mode=none" \ 5869 0 \ 5870 -C "x509_verify_cert() returned" \ 5871 -C "! The certificate is not correctly signed by the trusted CA" \ 5872 -C "! mbedtls_ssl_handshake returned" \ 5873 -C "send alert level=2 message=48" \ 5874 -C "X509 - Certificate verification failed" 5875 5876run_test "Authentication: server badcert, client none (1.2)" \ 5877 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 5878 key_file=$DATA_FILES_PATH/server5.key" \ 5879 "$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \ 5880 0 \ 5881 -C "x509_verify_cert() returned" \ 5882 -C "! The certificate is not correctly signed by the trusted CA" \ 5883 -C "! mbedtls_ssl_handshake returned" \ 5884 -C "send alert level=2 message=48" \ 5885 -C "X509 - Certificate verification failed" 5886 5887requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5888run_test "Authentication: server goodcert, client required, no trusted CA" \ 5889 "$P_SRV" \ 5890 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 5891 1 \ 5892 -c "x509_verify_cert() returned" \ 5893 -c "! The certificate is not correctly signed by the trusted CA" \ 5894 -c "! Certificate verification flags"\ 5895 -c "! mbedtls_ssl_handshake returned" \ 5896 -c "SSL - No CA Chain is set, but required to operate" 5897 5898requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5899run_test "Authentication: server goodcert, client required, no trusted CA (1.2)" \ 5900 "$P_SRV force_version=tls12" \ 5901 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 5902 1 \ 5903 -c "x509_verify_cert() returned" \ 5904 -c "! The certificate is not correctly signed by the trusted CA" \ 5905 -c "! Certificate verification flags"\ 5906 -c "! mbedtls_ssl_handshake returned" \ 5907 -c "SSL - No CA Chain is set, but required to operate" 5908 5909requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5910run_test "Authentication: server goodcert, client optional, no trusted CA" \ 5911 "$P_SRV" \ 5912 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 5913 0 \ 5914 -c "x509_verify_cert() returned" \ 5915 -c "! The certificate is not correctly signed by the trusted CA" \ 5916 -c "! Certificate verification flags"\ 5917 -C "! mbedtls_ssl_handshake returned" \ 5918 -C "X509 - Certificate verification failed" \ 5919 -C "SSL - No CA Chain is set, but required to operate" 5920 5921requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5922run_test "Authentication: server goodcert, client optional, no trusted CA (1.2)" \ 5923 "$P_SRV" \ 5924 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 5925 0 \ 5926 -c "x509_verify_cert() returned" \ 5927 -c "! The certificate is not correctly signed by the trusted CA" \ 5928 -c "! Certificate verification flags"\ 5929 -C "! mbedtls_ssl_handshake returned" \ 5930 -C "X509 - Certificate verification failed" \ 5931 -C "SSL - No CA Chain is set, but required to operate" 5932 5933requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5934run_test "Authentication: server goodcert, client none, no trusted CA" \ 5935 "$P_SRV" \ 5936 "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \ 5937 0 \ 5938 -C "x509_verify_cert() returned" \ 5939 -C "! The certificate is not correctly signed by the trusted CA" \ 5940 -C "! Certificate verification flags"\ 5941 -C "! mbedtls_ssl_handshake returned" \ 5942 -C "X509 - Certificate verification failed" \ 5943 -C "SSL - No CA Chain is set, but required to operate" 5944 5945requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5946run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \ 5947 "$P_SRV" \ 5948 "$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \ 5949 0 \ 5950 -C "x509_verify_cert() returned" \ 5951 -C "! The certificate is not correctly signed by the trusted CA" \ 5952 -C "! Certificate verification flags"\ 5953 -C "! mbedtls_ssl_handshake returned" \ 5954 -C "X509 - Certificate verification failed" \ 5955 -C "SSL - No CA Chain is set, but required to operate" 5956 5957# The purpose of the next two tests is to test the client's behaviour when receiving a server 5958# certificate with an unsupported elliptic curve. This should usually not happen because 5959# the client informs the server about the supported curves - it does, though, in the 5960# corner case of a static ECDH suite, because the server doesn't check the curve on that 5961# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 5962# different means to have the server ignoring the client's supported curve list. 5963 5964run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ 5965 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ 5966 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ 5967 "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ 5968 1 \ 5969 -c "bad certificate (EC key curve)"\ 5970 -c "! Certificate verification flags"\ 5971 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 5972 5973run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ 5974 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ 5975 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ 5976 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ 5977 1 \ 5978 -c "bad certificate (EC key curve)"\ 5979 -c "! Certificate verification flags"\ 5980 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 5981 5982requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5983run_test "Authentication: client SHA256, server required" \ 5984 "$P_SRV auth_mode=required" \ 5985 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ 5986 key_file=$DATA_FILES_PATH/server6.key \ 5987 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 5988 0 \ 5989 -c "Supported Signature Algorithm found: 04 " \ 5990 -c "Supported Signature Algorithm found: 05 " 5991 5992requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5993run_test "Authentication: client SHA384, server required" \ 5994 "$P_SRV auth_mode=required" \ 5995 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ 5996 key_file=$DATA_FILES_PATH/server6.key \ 5997 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 5998 0 \ 5999 -c "Supported Signature Algorithm found: 04 " \ 6000 -c "Supported Signature Algorithm found: 05 " 6001 6002requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6003run_test "Authentication: client has no cert, server required (TLS)" \ 6004 "$P_SRV debug_level=3 auth_mode=required" \ 6005 "$P_CLI debug_level=3 crt_file=none \ 6006 key_file=$DATA_FILES_PATH/server5.key" \ 6007 1 \ 6008 -S "skip write certificate request" \ 6009 -C "skip parse certificate request" \ 6010 -c "got a certificate request" \ 6011 -c "= write certificate$" \ 6012 -C "skip write certificate$" \ 6013 -S "x509_verify_cert() returned" \ 6014 -s "peer has no certificate" \ 6015 -s "! mbedtls_ssl_handshake returned" \ 6016 -s "No client certification received from the client, but required by the authentication mode" 6017 6018requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6019run_test "Authentication: client badcert, server required" \ 6020 "$P_SRV debug_level=3 auth_mode=required" \ 6021 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6022 key_file=$DATA_FILES_PATH/server5.key" \ 6023 1 \ 6024 -S "skip write certificate request" \ 6025 -C "skip parse certificate request" \ 6026 -c "got a certificate request" \ 6027 -C "skip write certificate" \ 6028 -C "skip write certificate verify" \ 6029 -S "skip parse certificate verify" \ 6030 -s "x509_verify_cert() returned" \ 6031 -s "! The certificate is not correctly signed by the trusted CA" \ 6032 -s "! mbedtls_ssl_handshake returned" \ 6033 -s "send alert level=2 message=48" \ 6034 -s "X509 - Certificate verification failed" 6035# We don't check that the client receives the alert because it might 6036# detect that its write end of the connection is closed and abort 6037# before reading the alert message. 6038 6039requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6040run_test "Authentication: client cert self-signed and trusted, server required" \ 6041 "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \ 6042 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ 6043 key_file=$DATA_FILES_PATH/server5.key" \ 6044 0 \ 6045 -S "skip write certificate request" \ 6046 -C "skip parse certificate request" \ 6047 -c "got a certificate request" \ 6048 -C "skip write certificate" \ 6049 -C "skip write certificate verify" \ 6050 -S "skip parse certificate verify" \ 6051 -S "x509_verify_cert() returned" \ 6052 -S "! The certificate is not correctly signed" \ 6053 -S "X509 - Certificate verification failed" 6054 6055requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6056run_test "Authentication: client cert not trusted, server required" \ 6057 "$P_SRV debug_level=3 auth_mode=required" \ 6058 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ 6059 key_file=$DATA_FILES_PATH/server5.key" \ 6060 1 \ 6061 -S "skip write certificate request" \ 6062 -C "skip parse certificate request" \ 6063 -c "got a certificate request" \ 6064 -C "skip write certificate" \ 6065 -C "skip write certificate verify" \ 6066 -S "skip parse certificate verify" \ 6067 -s "x509_verify_cert() returned" \ 6068 -s "! The certificate is not correctly signed by the trusted CA" \ 6069 -s "! mbedtls_ssl_handshake returned" \ 6070 -s "X509 - Certificate verification failed" 6071 6072requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6073run_test "Authentication: client badcert, server optional" \ 6074 "$P_SRV debug_level=3 auth_mode=optional" \ 6075 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6076 key_file=$DATA_FILES_PATH/server5.key" \ 6077 0 \ 6078 -S "skip write certificate request" \ 6079 -C "skip parse certificate request" \ 6080 -c "got a certificate request" \ 6081 -C "skip write certificate" \ 6082 -C "skip write certificate verify" \ 6083 -S "skip parse certificate verify" \ 6084 -s "x509_verify_cert() returned" \ 6085 -s "! The certificate is not correctly signed by the trusted CA" \ 6086 -S "! mbedtls_ssl_handshake returned" \ 6087 -C "! mbedtls_ssl_handshake returned" \ 6088 -S "X509 - Certificate verification failed" 6089 6090requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6091run_test "Authentication: client badcert, server none" \ 6092 "$P_SRV debug_level=3 auth_mode=none" \ 6093 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6094 key_file=$DATA_FILES_PATH/server5.key" \ 6095 0 \ 6096 -s "skip write certificate request" \ 6097 -C "skip parse certificate request" \ 6098 -c "got no certificate request" \ 6099 -c "skip write certificate" \ 6100 -c "skip write certificate verify" \ 6101 -s "skip parse certificate verify" \ 6102 -S "x509_verify_cert() returned" \ 6103 -S "! The certificate is not correctly signed by the trusted CA" \ 6104 -S "! mbedtls_ssl_handshake returned" \ 6105 -C "! mbedtls_ssl_handshake returned" \ 6106 -S "X509 - Certificate verification failed" 6107 6108requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6109run_test "Authentication: client no cert, server optional" \ 6110 "$P_SRV debug_level=3 auth_mode=optional" \ 6111 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 6112 0 \ 6113 -S "skip write certificate request" \ 6114 -C "skip parse certificate request" \ 6115 -c "got a certificate request" \ 6116 -C "skip write certificate$" \ 6117 -C "got no certificate to send" \ 6118 -c "skip write certificate verify" \ 6119 -s "skip parse certificate verify" \ 6120 -s "! Certificate was missing" \ 6121 -S "! mbedtls_ssl_handshake returned" \ 6122 -C "! mbedtls_ssl_handshake returned" \ 6123 -S "X509 - Certificate verification failed" 6124 6125requires_openssl_tls1_3_with_compatible_ephemeral 6126requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6127run_test "Authentication: openssl client no cert, server optional" \ 6128 "$P_SRV debug_level=3 auth_mode=optional" \ 6129 "$O_NEXT_CLI_NO_CERT -no_middlebox" \ 6130 0 \ 6131 -S "skip write certificate request" \ 6132 -s "skip parse certificate verify" \ 6133 -s "! Certificate was missing" \ 6134 -S "! mbedtls_ssl_handshake returned" \ 6135 -S "X509 - Certificate verification failed" 6136 6137requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6138run_test "Authentication: client no cert, openssl server optional" \ 6139 "$O_SRV -verify 10 -tls1_2" \ 6140 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 6141 0 \ 6142 -C "skip parse certificate request" \ 6143 -c "got a certificate request" \ 6144 -C "skip write certificate$" \ 6145 -c "skip write certificate verify" \ 6146 -C "! mbedtls_ssl_handshake returned" 6147 6148requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6149run_test "Authentication: client no cert, openssl server required" \ 6150 "$O_SRV -Verify 10 -tls1_2" \ 6151 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 6152 1 \ 6153 -C "skip parse certificate request" \ 6154 -c "got a certificate request" \ 6155 -C "skip write certificate$" \ 6156 -c "skip write certificate verify" \ 6157 -c "! mbedtls_ssl_handshake returned" 6158 6159# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default 6160# value, defined here as MAX_IM_CA. Some test cases will be skipped if the 6161# library is configured with a different value. 6162 6163MAX_IM_CA='8' 6164 6165# The tests for the max_int tests can pass with any number higher than MAX_IM_CA 6166# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 6167# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions 6168# are in place so that the semantics are consistent with the test description. 6169requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6170requires_full_size_output_buffer 6171run_test "Authentication: server max_int chain, client default" \ 6172 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ 6173 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ 6174 "$P_CLI server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 6175 0 \ 6176 -C "X509 - A fatal error occurred" 6177 6178requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6179requires_full_size_output_buffer 6180run_test "Authentication: server max_int+1 chain, client default" \ 6181 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6182 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6183 "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 6184 1 \ 6185 -c "X509 - A fatal error occurred" 6186 6187requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6188requires_full_size_output_buffer 6189run_test "Authentication: server max_int+1 chain, client optional" \ 6190 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6191 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6192 "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ 6193 auth_mode=optional" \ 6194 1 \ 6195 -c "X509 - A fatal error occurred" 6196 6197requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6198requires_full_size_output_buffer 6199run_test "Authentication: server max_int+1 chain, client none" \ 6200 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6201 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6202 "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ 6203 auth_mode=none" \ 6204 0 \ 6205 -C "X509 - A fatal error occurred" 6206 6207requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6208requires_full_size_output_buffer 6209run_test "Authentication: client max_int+1 chain, server default" \ 6210 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 6211 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6212 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6213 0 \ 6214 -S "X509 - A fatal error occurred" 6215 6216requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6217requires_full_size_output_buffer 6218run_test "Authentication: client max_int+1 chain, server optional" \ 6219 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ 6220 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6221 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6222 1 \ 6223 -s "X509 - A fatal error occurred" 6224 6225requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6226requires_full_size_output_buffer 6227run_test "Authentication: client max_int+1 chain, server required" \ 6228 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ 6229 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6230 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6231 1 \ 6232 -s "X509 - A fatal error occurred" 6233 6234requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6235requires_full_size_output_buffer 6236run_test "Authentication: client max_int chain, server required" \ 6237 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ 6238 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ 6239 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ 6240 0 \ 6241 -S "X509 - A fatal error occurred" 6242 6243# Tests for CA list in CertificateRequest messages 6244 6245requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6246run_test "Authentication: send CA list in CertificateRequest (default)" \ 6247 "$P_SRV debug_level=3 auth_mode=required" \ 6248 "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ 6249 key_file=$DATA_FILES_PATH/server6.key" \ 6250 0 \ 6251 -s "requested DN" 6252 6253requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6254run_test "Authentication: do not send CA list in CertificateRequest" \ 6255 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 6256 "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ 6257 key_file=$DATA_FILES_PATH/server6.key" \ 6258 0 \ 6259 -S "requested DN" 6260 6261run_test "Authentication: send CA list in CertificateRequest, client self signed" \ 6262 "$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \ 6263 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ 6264 key_file=$DATA_FILES_PATH/server5.key" \ 6265 1 \ 6266 -S "requested DN" \ 6267 -s "x509_verify_cert() returned" \ 6268 -s "! The certificate is not correctly signed by the trusted CA" \ 6269 -s "! mbedtls_ssl_handshake returned" \ 6270 -c "! mbedtls_ssl_handshake returned" \ 6271 -s "X509 - Certificate verification failed" 6272 6273requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6274run_test "Authentication: send alt conf DN hints in CertificateRequest" \ 6275 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ 6276 crt_file2=$DATA_FILES_PATH/server1.crt \ 6277 key_file2=$DATA_FILES_PATH/server1.key" \ 6278 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ 6279 crt_file=$DATA_FILES_PATH/server6.crt \ 6280 key_file=$DATA_FILES_PATH/server6.key" \ 6281 0 \ 6282 -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" 6283 6284requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6285run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ 6286 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ 6287 crt_file2=$DATA_FILES_PATH/server2.crt \ 6288 key_file2=$DATA_FILES_PATH/server2.key" \ 6289 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ 6290 crt_file=$DATA_FILES_PATH/server6.crt \ 6291 key_file=$DATA_FILES_PATH/server6.key" \ 6292 0 \ 6293 -c "DN hint: C=NL, O=PolarSSL, CN=localhost" 6294 6295requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6296run_test "Authentication: send alt hs DN hints in CertificateRequest" \ 6297 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \ 6298 crt_file2=$DATA_FILES_PATH/server1.crt \ 6299 key_file2=$DATA_FILES_PATH/server1.key" \ 6300 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ 6301 crt_file=$DATA_FILES_PATH/server6.crt \ 6302 key_file=$DATA_FILES_PATH/server6.key" \ 6303 0 \ 6304 -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" 6305 6306# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests 6307# When updating these tests, modify the matching authentication tests accordingly 6308 6309requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6310run_test "Authentication, CA callback: server badcert, client required" \ 6311 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6312 key_file=$DATA_FILES_PATH/server5.key" \ 6313 "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ 6314 1 \ 6315 -c "use CA callback for X.509 CRT verification" \ 6316 -c "x509_verify_cert() returned" \ 6317 -c "! The certificate is not correctly signed by the trusted CA" \ 6318 -c "! mbedtls_ssl_handshake returned" \ 6319 -c "X509 - Certificate verification failed" 6320 6321requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6322run_test "Authentication, CA callback: server badcert, client optional" \ 6323 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6324 key_file=$DATA_FILES_PATH/server5.key" \ 6325 "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ 6326 0 \ 6327 -c "use CA callback for X.509 CRT verification" \ 6328 -c "x509_verify_cert() returned" \ 6329 -c "! The certificate is not correctly signed by the trusted CA" \ 6330 -C "! mbedtls_ssl_handshake returned" \ 6331 -C "X509 - Certificate verification failed" 6332 6333requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6334run_test "Authentication, CA callback: server badcert, client none" \ 6335 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6336 key_file=$DATA_FILES_PATH/server5.key" \ 6337 "$P_CLI ca_callback=1 debug_level=3 auth_mode=none" \ 6338 0 \ 6339 -C "use CA callback for X.509 CRT verification" \ 6340 -C "x509_verify_cert() returned" \ 6341 -C "! The certificate is not correctly signed by the trusted CA" \ 6342 -C "! mbedtls_ssl_handshake returned" \ 6343 -C "X509 - Certificate verification failed" 6344 6345# The purpose of the next two tests is to test the client's behaviour when receiving a server 6346# certificate with an unsupported elliptic curve. This should usually not happen because 6347# the client informs the server about the supported curves - it does, though, in the 6348# corner case of a static ECDH suite, because the server doesn't check the curve on that 6349# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 6350# different means to have the server ignoring the client's supported curve list. 6351 6352requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6353run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ 6354 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ 6355 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ 6356 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ 6357 1 \ 6358 -c "use CA callback for X.509 CRT verification" \ 6359 -c "bad certificate (EC key curve)" \ 6360 -c "! Certificate verification flags" \ 6361 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 6362 6363requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6364run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ 6365 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ 6366 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ 6367 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ 6368 1 \ 6369 -c "use CA callback for X.509 CRT verification" \ 6370 -c "bad certificate (EC key curve)"\ 6371 -c "! Certificate verification flags"\ 6372 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 6373 6374requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6375requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6376run_test "Authentication, CA callback: client SHA384, server required" \ 6377 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 6378 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ 6379 key_file=$DATA_FILES_PATH/server6.key \ 6380 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 6381 0 \ 6382 -s "use CA callback for X.509 CRT verification" \ 6383 -c "Supported Signature Algorithm found: 04 " \ 6384 -c "Supported Signature Algorithm found: 05 " 6385 6386requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6387requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6388run_test "Authentication, CA callback: client SHA256, server required" \ 6389 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 6390 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ 6391 key_file=$DATA_FILES_PATH/server6.key \ 6392 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 6393 0 \ 6394 -s "use CA callback for X.509 CRT verification" \ 6395 -c "Supported Signature Algorithm found: 04 " \ 6396 -c "Supported Signature Algorithm found: 05 " 6397 6398requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6399run_test "Authentication, CA callback: client badcert, server required" \ 6400 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 6401 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6402 key_file=$DATA_FILES_PATH/server5.key" \ 6403 1 \ 6404 -s "use CA callback for X.509 CRT verification" \ 6405 -S "skip write certificate request" \ 6406 -C "skip parse certificate request" \ 6407 -c "got a certificate request" \ 6408 -C "skip write certificate" \ 6409 -C "skip write certificate verify" \ 6410 -S "skip parse certificate verify" \ 6411 -s "x509_verify_cert() returned" \ 6412 -s "! The certificate is not correctly signed by the trusted CA" \ 6413 -s "! mbedtls_ssl_handshake returned" \ 6414 -s "send alert level=2 message=48" \ 6415 -s "X509 - Certificate verification failed" 6416# We don't check that the client receives the alert because it might 6417# detect that its write end of the connection is closed and abort 6418# before reading the alert message. 6419 6420requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6421run_test "Authentication, CA callback: client cert not trusted, server required" \ 6422 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 6423 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ 6424 key_file=$DATA_FILES_PATH/server5.key" \ 6425 1 \ 6426 -s "use CA callback for X.509 CRT verification" \ 6427 -S "skip write certificate request" \ 6428 -C "skip parse certificate request" \ 6429 -c "got a certificate request" \ 6430 -C "skip write certificate" \ 6431 -C "skip write certificate verify" \ 6432 -S "skip parse certificate verify" \ 6433 -s "x509_verify_cert() returned" \ 6434 -s "! The certificate is not correctly signed by the trusted CA" \ 6435 -s "! mbedtls_ssl_handshake returned" \ 6436 -s "X509 - Certificate verification failed" 6437 6438requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6439run_test "Authentication, CA callback: client badcert, server optional" \ 6440 "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ 6441 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 6442 key_file=$DATA_FILES_PATH/server5.key" \ 6443 0 \ 6444 -s "use CA callback for X.509 CRT verification" \ 6445 -S "skip write certificate request" \ 6446 -C "skip parse certificate request" \ 6447 -c "got a certificate request" \ 6448 -C "skip write certificate" \ 6449 -C "skip write certificate verify" \ 6450 -S "skip parse certificate verify" \ 6451 -s "x509_verify_cert() returned" \ 6452 -s "! The certificate is not correctly signed by the trusted CA" \ 6453 -S "! mbedtls_ssl_handshake returned" \ 6454 -C "! mbedtls_ssl_handshake returned" \ 6455 -S "X509 - Certificate verification failed" 6456 6457requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6458requires_full_size_output_buffer 6459requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6460run_test "Authentication, CA callback: server max_int chain, client default" \ 6461 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ 6462 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ 6463 "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 6464 0 \ 6465 -c "use CA callback for X.509 CRT verification" \ 6466 -C "X509 - A fatal error occurred" 6467 6468requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6469requires_full_size_output_buffer 6470requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6471run_test "Authentication, CA callback: server max_int+1 chain, client default" \ 6472 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6473 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6474 "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ 6475 1 \ 6476 -c "use CA callback for X.509 CRT verification" \ 6477 -c "X509 - A fatal error occurred" 6478 6479requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6480requires_full_size_output_buffer 6481requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6482run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ 6483 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6484 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6485 "$P_CLI ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ 6486 debug_level=3 auth_mode=optional" \ 6487 1 \ 6488 -c "use CA callback for X.509 CRT verification" \ 6489 -c "X509 - A fatal error occurred" 6490 6491requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6492requires_full_size_output_buffer 6493requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6494run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ 6495 "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ 6496 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6497 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6498 1 \ 6499 -s "use CA callback for X.509 CRT verification" \ 6500 -s "X509 - A fatal error occurred" 6501 6502requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6503requires_full_size_output_buffer 6504requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6505run_test "Authentication, CA callback: client max_int+1 chain, server required" \ 6506 "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ 6507 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ 6508 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ 6509 1 \ 6510 -s "use CA callback for X.509 CRT verification" \ 6511 -s "X509 - A fatal error occurred" 6512 6513requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 6514requires_full_size_output_buffer 6515requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 6516run_test "Authentication, CA callback: client max_int chain, server required" \ 6517 "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ 6518 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ 6519 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ 6520 0 \ 6521 -s "use CA callback for X.509 CRT verification" \ 6522 -S "X509 - A fatal error occurred" 6523 6524# Tests for certificate selection based on SHA version 6525 6526requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6527run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ 6528 "$P_SRV force_version=tls12 crt_file=$DATA_FILES_PATH/server5.crt \ 6529 key_file=$DATA_FILES_PATH/server5.key \ 6530 crt_file2=$DATA_FILES_PATH/server5-sha1.crt \ 6531 key_file2=$DATA_FILES_PATH/server5.key" \ 6532 "$P_CLI" \ 6533 0 \ 6534 -c "signed using.*ECDSA with SHA256" \ 6535 -C "signed using.*ECDSA with SHA1" 6536 6537# tests for SNI 6538 6539requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6540requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6541run_test "SNI: no SNI callback" \ 6542 "$P_SRV debug_level=3 \ 6543 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ 6544 "$P_CLI server_name=localhost" \ 6545 0 \ 6546 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 6547 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 6548 6549requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6550requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6551run_test "SNI: matching cert 1" \ 6552 "$P_SRV debug_level=3 \ 6553 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6554 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 6555 "$P_CLI server_name=localhost" \ 6556 0 \ 6557 -s "parse ServerName extension" \ 6558 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6559 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 6560 6561requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6562requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6563run_test "SNI: matching cert 2" \ 6564 "$P_SRV debug_level=3 \ 6565 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6566 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 6567 "$P_CLI server_name=polarssl.example" \ 6568 0 \ 6569 -s "parse ServerName extension" \ 6570 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6571 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 6572 6573requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6574requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6575run_test "SNI: no matching cert" \ 6576 "$P_SRV debug_level=3 \ 6577 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6578 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 6579 "$P_CLI server_name=nonesuch.example" \ 6580 1 \ 6581 -s "parse ServerName extension" \ 6582 -s "ssl_sni_wrapper() returned" \ 6583 -s "mbedtls_ssl_handshake returned" \ 6584 -c "mbedtls_ssl_handshake returned" \ 6585 -c "SSL - A fatal alert message was received from our peer" 6586 6587requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6588run_test "SNI: client auth no override: optional" \ 6589 "$P_SRV debug_level=3 auth_mode=optional \ 6590 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6591 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ 6592 "$P_CLI debug_level=3 server_name=localhost" \ 6593 0 \ 6594 -S "skip write certificate request" \ 6595 -C "skip parse certificate request" \ 6596 -c "got a certificate request" \ 6597 -C "skip write certificate" \ 6598 -C "skip write certificate verify" \ 6599 -S "skip parse certificate verify" 6600 6601requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6602run_test "SNI: client auth override: none -> optional" \ 6603 "$P_SRV debug_level=3 auth_mode=none \ 6604 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6605 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ 6606 "$P_CLI debug_level=3 server_name=localhost" \ 6607 0 \ 6608 -S "skip write certificate request" \ 6609 -C "skip parse certificate request" \ 6610 -c "got a certificate request" \ 6611 -C "skip write certificate" \ 6612 -C "skip write certificate verify" \ 6613 -S "skip parse certificate verify" 6614 6615requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6616run_test "SNI: client auth override: optional -> none" \ 6617 "$P_SRV debug_level=3 auth_mode=optional \ 6618 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6619 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ 6620 "$P_CLI debug_level=3 server_name=localhost" \ 6621 0 \ 6622 -s "skip write certificate request" \ 6623 -C "skip parse certificate request" \ 6624 -c "got no certificate request" \ 6625 -c "skip write certificate" 6626 6627requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6628run_test "SNI: CA no override" \ 6629 "$P_SRV debug_level=3 auth_mode=optional \ 6630 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6631 ca_file=$DATA_FILES_PATH/test-ca.crt \ 6632 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ 6633 "$P_CLI debug_level=3 server_name=localhost \ 6634 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 6635 1 \ 6636 -S "skip write certificate request" \ 6637 -C "skip parse certificate request" \ 6638 -c "got a certificate request" \ 6639 -C "skip write certificate" \ 6640 -C "skip write certificate verify" \ 6641 -S "skip parse certificate verify" \ 6642 -s "x509_verify_cert() returned" \ 6643 -s "! The certificate is not correctly signed by the trusted CA" \ 6644 -S "The certificate has been revoked (is on a CRL)" 6645 6646requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6647run_test "SNI: CA override" \ 6648 "$P_SRV debug_level=3 auth_mode=optional \ 6649 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6650 ca_file=$DATA_FILES_PATH/test-ca.crt \ 6651 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ 6652 "$P_CLI debug_level=3 server_name=localhost \ 6653 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 6654 0 \ 6655 -S "skip write certificate request" \ 6656 -C "skip parse certificate request" \ 6657 -c "got a certificate request" \ 6658 -C "skip write certificate" \ 6659 -C "skip write certificate verify" \ 6660 -S "skip parse certificate verify" \ 6661 -S "x509_verify_cert() returned" \ 6662 -S "! The certificate is not correctly signed by the trusted CA" \ 6663 -S "The certificate has been revoked (is on a CRL)" 6664 6665requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6666run_test "SNI: CA override with CRL" \ 6667 "$P_SRV debug_level=3 auth_mode=optional \ 6668 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6669 ca_file=$DATA_FILES_PATH/test-ca.crt \ 6670 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ 6671 "$P_CLI debug_level=3 server_name=localhost \ 6672 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 6673 1 \ 6674 -S "skip write certificate request" \ 6675 -C "skip parse certificate request" \ 6676 -c "got a certificate request" \ 6677 -C "skip write certificate" \ 6678 -C "skip write certificate verify" \ 6679 -S "skip parse certificate verify" \ 6680 -s "x509_verify_cert() returned" \ 6681 -S "! The certificate is not correctly signed by the trusted CA" \ 6682 -s "send alert level=2 message=44" \ 6683 -s "The certificate has been revoked (is on a CRL)" 6684 # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 6685 6686# Tests for SNI and DTLS 6687 6688requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6689requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6690run_test "SNI: DTLS, no SNI callback" \ 6691 "$P_SRV debug_level=3 dtls=1 \ 6692 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ 6693 "$P_CLI server_name=localhost dtls=1" \ 6694 0 \ 6695 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 6696 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 6697 6698requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6699requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6700run_test "SNI: DTLS, matching cert 1" \ 6701 "$P_SRV debug_level=3 dtls=1 \ 6702 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6703 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 6704 "$P_CLI server_name=localhost dtls=1" \ 6705 0 \ 6706 -s "parse ServerName extension" \ 6707 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6708 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 6709 6710requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6711requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6712run_test "SNI: DTLS, matching cert 2" \ 6713 "$P_SRV debug_level=3 dtls=1 \ 6714 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6715 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 6716 "$P_CLI server_name=polarssl.example dtls=1" \ 6717 0 \ 6718 -s "parse ServerName extension" \ 6719 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6720 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 6721 6722requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6723run_test "SNI: DTLS, no matching cert" \ 6724 "$P_SRV debug_level=3 dtls=1 \ 6725 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6726 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 6727 "$P_CLI server_name=nonesuch.example dtls=1" \ 6728 1 \ 6729 -s "parse ServerName extension" \ 6730 -s "ssl_sni_wrapper() returned" \ 6731 -s "mbedtls_ssl_handshake returned" \ 6732 -c "mbedtls_ssl_handshake returned" \ 6733 -c "SSL - A fatal alert message was received from our peer" 6734 6735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6736run_test "SNI: DTLS, client auth no override: optional" \ 6737 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6738 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6739 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ 6740 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 6741 0 \ 6742 -S "skip write certificate request" \ 6743 -C "skip parse certificate request" \ 6744 -c "got a certificate request" \ 6745 -C "skip write certificate" \ 6746 -C "skip write certificate verify" \ 6747 -S "skip parse certificate verify" 6748 6749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6750run_test "SNI: DTLS, client auth override: none -> optional" \ 6751 "$P_SRV debug_level=3 auth_mode=none dtls=1 \ 6752 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6753 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ 6754 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 6755 0 \ 6756 -S "skip write certificate request" \ 6757 -C "skip parse certificate request" \ 6758 -c "got a certificate request" \ 6759 -C "skip write certificate" \ 6760 -C "skip write certificate verify" \ 6761 -S "skip parse certificate verify" 6762 6763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6764run_test "SNI: DTLS, client auth override: optional -> none" \ 6765 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6766 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6767 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ 6768 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 6769 0 \ 6770 -s "skip write certificate request" \ 6771 -C "skip parse certificate request" \ 6772 -c "got no certificate request" \ 6773 -c "skip write certificate" \ 6774 -c "skip write certificate verify" \ 6775 -s "skip parse certificate verify" 6776 6777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6778run_test "SNI: DTLS, CA no override" \ 6779 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6780 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6781 ca_file=$DATA_FILES_PATH/test-ca.crt \ 6782 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ 6783 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 6784 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 6785 1 \ 6786 -S "skip write certificate request" \ 6787 -C "skip parse certificate request" \ 6788 -c "got a certificate request" \ 6789 -C "skip write certificate" \ 6790 -C "skip write certificate verify" \ 6791 -S "skip parse certificate verify" \ 6792 -s "x509_verify_cert() returned" \ 6793 -s "! The certificate is not correctly signed by the trusted CA" \ 6794 -S "The certificate has been revoked (is on a CRL)" 6795 6796requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6797run_test "SNI: DTLS, CA override" \ 6798 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6799 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 6800 ca_file=$DATA_FILES_PATH/test-ca.crt \ 6801 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ 6802 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 6803 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 6804 0 \ 6805 -S "skip write certificate request" \ 6806 -C "skip parse certificate request" \ 6807 -c "got a certificate request" \ 6808 -C "skip write certificate" \ 6809 -C "skip write certificate verify" \ 6810 -S "skip parse certificate verify" \ 6811 -S "x509_verify_cert() returned" \ 6812 -S "! The certificate is not correctly signed by the trusted CA" \ 6813 -S "The certificate has been revoked (is on a CRL)" 6814 6815requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6816run_test "SNI: DTLS, CA override with CRL" \ 6817 "$P_SRV debug_level=3 auth_mode=optional \ 6818 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key dtls=1 \ 6819 ca_file=$DATA_FILES_PATH/test-ca.crt \ 6820 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ 6821 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 6822 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ 6823 1 \ 6824 -S "skip write certificate request" \ 6825 -C "skip parse certificate request" \ 6826 -c "got a certificate request" \ 6827 -C "skip write certificate" \ 6828 -C "skip write certificate verify" \ 6829 -S "skip parse certificate verify" \ 6830 -s "x509_verify_cert() returned" \ 6831 -S "! The certificate is not correctly signed by the trusted CA" \ 6832 -s "send alert level=2 message=44" \ 6833 -s "The certificate has been revoked (is on a CRL)" 6834 # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 6835 6836# Tests for non-blocking I/O: exercise a variety of handshake flows 6837 6838requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6839run_test "Non-blocking I/O: basic handshake" \ 6840 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 6841 "$P_CLI nbio=2 tickets=0" \ 6842 0 \ 6843 -S "mbedtls_ssl_handshake returned" \ 6844 -C "mbedtls_ssl_handshake returned" \ 6845 -c "Read from server: .* bytes read" 6846 6847requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6848run_test "Non-blocking I/O: client auth" \ 6849 "$P_SRV nbio=2 tickets=0 auth_mode=required" \ 6850 "$P_CLI nbio=2 tickets=0" \ 6851 0 \ 6852 -S "mbedtls_ssl_handshake returned" \ 6853 -C "mbedtls_ssl_handshake returned" \ 6854 -c "Read from server: .* bytes read" 6855 6856requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6857requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6858run_test "Non-blocking I/O: ticket" \ 6859 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 6860 "$P_CLI nbio=2 tickets=1" \ 6861 0 \ 6862 -S "mbedtls_ssl_handshake returned" \ 6863 -C "mbedtls_ssl_handshake returned" \ 6864 -c "Read from server: .* bytes read" 6865 6866requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6867requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6868run_test "Non-blocking I/O: ticket + client auth" \ 6869 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 6870 "$P_CLI nbio=2 tickets=1" \ 6871 0 \ 6872 -S "mbedtls_ssl_handshake returned" \ 6873 -C "mbedtls_ssl_handshake returned" \ 6874 -c "Read from server: .* bytes read" 6875 6876requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6877requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6878run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \ 6879 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 6880 "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ 6881 0 \ 6882 -S "mbedtls_ssl_handshake returned" \ 6883 -C "mbedtls_ssl_handshake returned" \ 6884 -c "Read from server: .* bytes read" 6885 6886requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6889requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6890run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \ 6891 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 6892 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 6893 0 \ 6894 -S "mbedtls_ssl_handshake returned" \ 6895 -C "mbedtls_ssl_handshake returned" \ 6896 -c "Read from server: .* bytes read" 6897 6898requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6899requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6900run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \ 6901 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 6902 "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ 6903 0 \ 6904 -S "mbedtls_ssl_handshake returned" \ 6905 -C "mbedtls_ssl_handshake returned" \ 6906 -c "Read from server: .* bytes read" 6907 6908requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6911requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6912run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \ 6913 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 6914 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 6915 0 \ 6916 -S "mbedtls_ssl_handshake returned" \ 6917 -C "mbedtls_ssl_handshake returned" \ 6918 -c "Read from server: .* bytes read" 6919 6920requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6921run_test "Non-blocking I/O: session-id resume" \ 6922 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 6923 "$P_CLI force_version=tls12 nbio=2 tickets=0 reconnect=1" \ 6924 0 \ 6925 -S "mbedtls_ssl_handshake returned" \ 6926 -C "mbedtls_ssl_handshake returned" \ 6927 -c "Read from server: .* bytes read" 6928 6929# Tests for event-driven I/O: exercise a variety of handshake flows 6930 6931requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6932run_test "Event-driven I/O: basic handshake" \ 6933 "$P_SRV event=1 tickets=0 auth_mode=none" \ 6934 "$P_CLI event=1 tickets=0" \ 6935 0 \ 6936 -S "mbedtls_ssl_handshake returned" \ 6937 -C "mbedtls_ssl_handshake returned" \ 6938 -c "Read from server: .* bytes read" 6939 6940requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6941run_test "Event-driven I/O: client auth" \ 6942 "$P_SRV event=1 tickets=0 auth_mode=required" \ 6943 "$P_CLI event=1 tickets=0" \ 6944 0 \ 6945 -S "mbedtls_ssl_handshake returned" \ 6946 -C "mbedtls_ssl_handshake returned" \ 6947 -c "Read from server: .* bytes read" 6948 6949requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6950requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6951run_test "Event-driven I/O: ticket" \ 6952 "$P_SRV event=1 tickets=1 auth_mode=none" \ 6953 "$P_CLI event=1 tickets=1" \ 6954 0 \ 6955 -S "mbedtls_ssl_handshake returned" \ 6956 -C "mbedtls_ssl_handshake returned" \ 6957 -c "Read from server: .* bytes read" 6958 6959requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6960requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6961run_test "Event-driven I/O: ticket + client auth" \ 6962 "$P_SRV event=1 tickets=1 auth_mode=required" \ 6963 "$P_CLI event=1 tickets=1" \ 6964 0 \ 6965 -S "mbedtls_ssl_handshake returned" \ 6966 -C "mbedtls_ssl_handshake returned" \ 6967 -c "Read from server: .* bytes read" 6968 6969requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6970requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6971run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \ 6972 "$P_SRV event=1 tickets=1 auth_mode=required" \ 6973 "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ 6974 0 \ 6975 -S "mbedtls_ssl_handshake returned" \ 6976 -C "mbedtls_ssl_handshake returned" \ 6977 -c "Read from server: .* bytes read" 6978 6979requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6981requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6982requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6983run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \ 6984 "$P_SRV event=1 tickets=1 auth_mode=required" \ 6985 "$P_CLI event=1 tickets=1 reconnect=1" \ 6986 0 \ 6987 -S "mbedtls_ssl_handshake returned" \ 6988 -C "mbedtls_ssl_handshake returned" \ 6989 -c "Read from server: .* bytes read" 6990 6991requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6992requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 6993run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \ 6994 "$P_SRV event=1 tickets=1 auth_mode=none" \ 6995 "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ 6996 0 \ 6997 -S "mbedtls_ssl_handshake returned" \ 6998 -C "mbedtls_ssl_handshake returned" \ 6999 -c "Read from server: .* bytes read" 7000 7001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 7004requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 7005run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \ 7006 "$P_SRV event=1 tickets=1 auth_mode=none" \ 7007 "$P_CLI event=1 tickets=1 reconnect=1" \ 7008 0 \ 7009 -S "mbedtls_ssl_handshake returned" \ 7010 -C "mbedtls_ssl_handshake returned" \ 7011 -c "Read from server: .* bytes read" 7012 7013requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7014run_test "Event-driven I/O: session-id resume" \ 7015 "$P_SRV event=1 tickets=0 auth_mode=none" \ 7016 "$P_CLI force_version=tls12 event=1 tickets=0 reconnect=1" \ 7017 0 \ 7018 -S "mbedtls_ssl_handshake returned" \ 7019 -C "mbedtls_ssl_handshake returned" \ 7020 -c "Read from server: .* bytes read" 7021 7022requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7023run_test "Event-driven I/O, DTLS: basic handshake" \ 7024 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 7025 "$P_CLI dtls=1 event=1 tickets=0" \ 7026 0 \ 7027 -c "Read from server: .* bytes read" 7028 7029requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7030run_test "Event-driven I/O, DTLS: client auth" \ 7031 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 7032 "$P_CLI dtls=1 event=1 tickets=0" \ 7033 0 \ 7034 -c "Read from server: .* bytes read" 7035 7036requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7037requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 7038run_test "Event-driven I/O, DTLS: ticket" \ 7039 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 7040 "$P_CLI dtls=1 event=1 tickets=1" \ 7041 0 \ 7042 -c "Read from server: .* bytes read" 7043 7044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7045requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 7046run_test "Event-driven I/O, DTLS: ticket + client auth" \ 7047 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 7048 "$P_CLI dtls=1 event=1 tickets=1" \ 7049 0 \ 7050 -c "Read from server: .* bytes read" 7051 7052requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7053requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 7054run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ 7055 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 7056 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 7057 0 \ 7058 -c "Read from server: .* bytes read" 7059 7060requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7061requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 7062run_test "Event-driven I/O, DTLS: ticket + resume" \ 7063 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 7064 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 7065 0 \ 7066 -c "Read from server: .* bytes read" 7067 7068requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7069run_test "Event-driven I/O, DTLS: session-id resume" \ 7070 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 7071 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 7072 0 \ 7073 -c "Read from server: .* bytes read" 7074 7075# This test demonstrates the need for the mbedtls_ssl_check_pending function. 7076# During session resumption, the client will send its ApplicationData record 7077# within the same datagram as the Finished messages. In this situation, the 7078# server MUST NOT idle on the underlying transport after handshake completion, 7079# because the ApplicationData request has already been queued internally. 7080requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7081run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ 7082 -p "$P_PXY pack=50" \ 7083 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 7084 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 7085 0 \ 7086 -c "Read from server: .* bytes read" 7087 7088# Tests for version negotiation. Some information to ease the understanding 7089# of the version negotiation test titles below: 7090# . 1.2/1.3 means that only TLS 1.2/TLS 1.3 is enabled. 7091# . 1.2+1.3 means that both TLS 1.2 and TLS 1.3 are enabled. 7092# . 1.2+(1.3)/(1.2)+1.3 means that TLS 1.2/1.3 is enabled and that 7093# TLS 1.3/1.2 may be enabled or not. 7094# . max=1.2 means that both TLS 1.2 and TLS 1.3 are enabled at build time but 7095# TLS 1.3 is disabled at runtime (maximum negotiable version is TLS 1.2). 7096# . min=1.3 means that both TLS 1.2 and TLS 1.3 are enabled at build time but 7097# TLS 1.2 is disabled at runtime (minimum negotiable version is TLS 1.3). 7098 7099# Tests for version negotiation, MbedTLS client and server 7100 7101requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C 7102requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 7103requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7104run_test "Version nego m->m: cli 1.2, srv 1.2 -> 1.2" \ 7105 "$P_SRV" \ 7106 "$P_CLI" \ 7107 0 \ 7108 -S "mbedtls_ssl_handshake returned" \ 7109 -C "mbedtls_ssl_handshake returned" \ 7110 -s "Protocol is TLSv1.2" \ 7111 -c "Protocol is TLSv1.2" 7112 7113requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7114 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7115requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7116run_test "Version nego m->m: cli max=1.2, srv max=1.2 -> 1.2" \ 7117 "$P_SRV max_version=tls12" \ 7118 "$P_CLI max_version=tls12" \ 7119 0 \ 7120 -S "mbedtls_ssl_handshake returned" \ 7121 -C "mbedtls_ssl_handshake returned" \ 7122 -s "Protocol is TLSv1.2" \ 7123 -c "Protocol is TLSv1.2" 7124 7125requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7126 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7127requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 7128run_test "Version nego m->m: cli 1.3, srv 1.3 -> 1.3" \ 7129 "$P_SRV" \ 7130 "$P_CLI" \ 7131 0 \ 7132 -S "mbedtls_ssl_handshake returned" \ 7133 -C "mbedtls_ssl_handshake returned" \ 7134 -s "Protocol is TLSv1.3" \ 7135 -c "Protocol is TLSv1.3" 7136 7137requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7138 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7139 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7140run_test "Version nego m->m: cli min=1.3, srv min=1.3 -> 1.3" \ 7141 "$P_SRV min_version=tls13" \ 7142 "$P_CLI min_version=tls13" \ 7143 0 \ 7144 -S "mbedtls_ssl_handshake returned" \ 7145 -C "mbedtls_ssl_handshake returned" \ 7146 -s "Protocol is TLSv1.3" \ 7147 -c "Protocol is TLSv1.3" 7148 7149requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7150 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7151 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7152run_test "Version nego m->m: cli 1.2+1.3, srv 1.2+1.3 -> 1.3" \ 7153 "$P_SRV" \ 7154 "$P_CLI" \ 7155 0 \ 7156 -S "mbedtls_ssl_handshake returned" \ 7157 -C "mbedtls_ssl_handshake returned" \ 7158 -s "Protocol is TLSv1.3" \ 7159 -c "Protocol is TLSv1.3" 7160 7161requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7162 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7163 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7164run_test "Version nego m->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ 7165 "$P_SRV min_version=tls13" \ 7166 "$P_CLI" \ 7167 0 \ 7168 -S "mbedtls_ssl_handshake returned" \ 7169 -C "mbedtls_ssl_handshake returned" \ 7170 -s "Protocol is TLSv1.3" \ 7171 -c "Protocol is TLSv1.3" 7172 7173requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7174 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7175requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7176run_test "Version nego m->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \ 7177 "$P_SRV max_version=tls12" \ 7178 "$P_CLI" \ 7179 0 \ 7180 -S "mbedtls_ssl_handshake returned" \ 7181 -C "mbedtls_ssl_handshake returned" \ 7182 -s "Protocol is TLSv1.2" \ 7183 -c "Protocol is TLSv1.2" 7184 7185requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7186 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7187requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7188run_test "Version nego m->m: cli max=1.2, srv 1.2+1.3 -> 1.2" \ 7189 "$P_SRV" \ 7190 "$P_CLI max_version=tls12" \ 7191 0 \ 7192 -S "mbedtls_ssl_handshake returned" \ 7193 -C "mbedtls_ssl_handshake returned" \ 7194 -s "Protocol is TLSv1.2" \ 7195 -c "Protocol is TLSv1.2" 7196 7197requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7198 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7199 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7200run_test "Version nego m->m: cli min=1.3, srv 1.2+1.3 -> 1.3" \ 7201 "$P_SRV" \ 7202 "$P_CLI min_version=tls13" \ 7203 0 \ 7204 -S "mbedtls_ssl_handshake returned" \ 7205 -C "mbedtls_ssl_handshake returned" \ 7206 -s "Protocol is TLSv1.3" \ 7207 -c "Protocol is TLSv1.3" 7208 7209requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7210 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7211run_test "Not supported version m->m: cli max=1.2, srv min=1.3" \ 7212 "$P_SRV min_version=tls13" \ 7213 "$P_CLI max_version=tls12" \ 7214 1 \ 7215 -s "Handshake protocol not within min/max boundaries" \ 7216 -S "Protocol is TLSv1.2" \ 7217 -C "Protocol is TLSv1.2" \ 7218 -S "Protocol is TLSv1.3" \ 7219 -C "Protocol is TLSv1.3" 7220 7221requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 7222 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7223run_test "Not supported version m->m: cli min=1.3, srv max=1.2" \ 7224 "$P_SRV max_version=tls12" \ 7225 "$P_CLI min_version=tls13" \ 7226 1 \ 7227 -s "The handshake negotiation failed" \ 7228 -S "Protocol is TLSv1.2" \ 7229 -C "Protocol is TLSv1.2" \ 7230 -S "Protocol is TLSv1.3" \ 7231 -C "Protocol is TLSv1.3" 7232 7233# Tests of version negotiation on server side against GnuTLS client 7234 7235requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2 7236requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7237run_test "Server version nego G->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \ 7238 "$P_SRV" \ 7239 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 7240 0 \ 7241 -S "mbedtls_ssl_handshake returned" \ 7242 -s "Protocol is TLSv1.2" 7243 7244requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7245 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7246requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7247run_test "Server version nego G->m: cli 1.2, srv max=1.2 -> 1.2" \ 7248 "$P_SRV max_version=tls12" \ 7249 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 7250 0 \ 7251 -S "mbedtls_ssl_handshake returned" \ 7252 -s "Protocol is TLSv1.2" 7253 7254requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \ 7255 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7256 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7257run_test "Server version nego G->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \ 7258 "$P_SRV" \ 7259 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ 7260 0 \ 7261 -S "mbedtls_ssl_handshake returned" \ 7262 -s "Protocol is TLSv1.3" 7263 7264requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7265 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7266 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7267 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7268run_test "Server version nego G->m: cli 1.3, srv min=1.3 -> 1.3" \ 7269 "$P_SRV min_version=tls13" \ 7270 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ 7271 0 \ 7272 -S "mbedtls_ssl_handshake returned" \ 7273 -s "Protocol is TLSv1.3" 7274 7275requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \ 7276 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7277 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7278run_test "Server version nego G->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ 7279 "$P_SRV" \ 7280 "$G_NEXT_CLI localhost --priority=NORMAL" \ 7281 0 \ 7282 -S "mbedtls_ssl_handshake returned" \ 7283 -s "Protocol is TLSv1.3" 7284 7285requires_gnutls_next_disable_tls13_compat 7286requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \ 7287 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7288run_test "Server version nego G->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ 7289 "$P_SRV" \ 7290 "$G_NEXT_CLI localhost --priority=NORMAL:%DISABLE_TLS13_COMPAT_MODE" \ 7291 0 \ 7292 -S "mbedtls_ssl_handshake returned" \ 7293 -s "Protocol is TLSv1.3" 7294 7295# GnuTLS can be setup to send a ClientHello containing a supported versions 7296# extension proposing TLS 1.2 (preferred) and then TLS 1.3. In that case, 7297# a TLS 1.3 and TLS 1.2 capable server is supposed to negotiate TLS 1.2 and 7298# to indicate in the ServerHello that it downgrades from TLS 1.3. The GnuTLS 7299# client then detects the downgrade indication and aborts the handshake even 7300# if TLS 1.2 was its preferred version. Keeping the test even if the 7301# handshake fails eventually as it exercices parts of the Mbed TLS 7302# implementation that are otherwise not exercised. 7303requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7304 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7305 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7306run_test "Server version nego G->m: cli 1.2+1.3 (1.2 preferred!), srv 1.2+1.3 -> 1.2" \ 7307 "$P_SRV" \ 7308 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \ 7309 1 \ 7310 -c "Detected downgrade to TLS 1.2 from TLS 1.3" 7311 7312requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7313 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7314 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7315 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7316run_test "Server version nego G->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ 7317 "$P_SRV min_version=tls13" \ 7318 "$G_NEXT_CLI localhost --priority=NORMAL" \ 7319 0 \ 7320 -S "mbedtls_ssl_handshake returned" \ 7321 -s "Protocol is TLSv1.3" 7322 7323requires_config_enabled MBEDTLS_SSL_SRV_C 7324requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 7325requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7326run_test "Server version nego G->m: cli 1.2+1.3, srv 1.2 -> 1.2" \ 7327 "$P_SRV" \ 7328 "$G_NEXT_CLI localhost --priority=NORMAL" \ 7329 0 \ 7330 -S "mbedtls_ssl_handshake returned" \ 7331 -s "Protocol is TLSv1.2" 7332 7333requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7334 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7335requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7336run_test "Server version nego G->m: cli 1.2+1.3, max=1.2 -> 1.2" \ 7337 "$P_SRV max_version=tls12" \ 7338 "$G_NEXT_CLI localhost --priority=NORMAL" \ 7339 0 \ 7340 -S "mbedtls_ssl_handshake returned" \ 7341 -s "Protocol is TLSv1.2" 7342 7343requires_config_enabled MBEDTLS_SSL_SRV_C 7344run_test "Not supported version G->m: cli 1.0, (1.2)+(1.3)" \ 7345 "$P_SRV" \ 7346 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \ 7347 1 \ 7348 -s "Handshake protocol not within min/max boundaries" \ 7349 -S "Protocol is TLSv1.0" 7350 7351requires_config_enabled MBEDTLS_SSL_SRV_C 7352run_test "Not supported version G->m: cli 1.1, (1.2)+(1.3)" \ 7353 "$P_SRV" \ 7354 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \ 7355 1 \ 7356 -s "Handshake protocol not within min/max boundaries" \ 7357 -S "Protocol is TLSv1.1" 7358 7359requires_config_enabled MBEDTLS_SSL_SRV_C 7360requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 7361run_test "Not supported version G->m: cli 1.2, srv 1.3" \ 7362 "$P_SRV" \ 7363 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 7364 1 \ 7365 -s "Handshake protocol not within min/max boundaries" \ 7366 -S "Protocol is TLSv1.2" 7367 7368requires_config_enabled MBEDTLS_SSL_SRV_C 7369requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 7370run_test "Not supported version G->m: cli 1.3, srv 1.2" \ 7371 "$P_SRV" \ 7372 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ 7373 1 \ 7374 -S "Handshake protocol not within min/max boundaries" \ 7375 -s "The handshake negotiation failed" \ 7376 -S "Protocol is TLSv1.3" 7377 7378requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7379 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7380run_test "Not supported version G->m: cli 1.2, srv min=1.3" \ 7381 "$P_SRV min_version=tls13" \ 7382 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 7383 1 \ 7384 -s "Handshake protocol not within min/max boundaries" \ 7385 -S "Protocol is TLSv1.2" 7386 7387requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7388 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7389run_test "Not supported version G->m: cli 1.3, srv max=1.2" \ 7390 "$P_SRV max_version=tls12" \ 7391 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ 7392 1 \ 7393 -S "Handshake protocol not within min/max boundaries" \ 7394 -s "The handshake negotiation failed" \ 7395 -S "Protocol is TLSv1.3" 7396 7397# Tests of version negotiation on server side against OpenSSL client 7398 7399requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2 7400requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7401run_test "Server version nego O->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \ 7402 "$P_SRV" \ 7403 "$O_NEXT_CLI -tls1_2" \ 7404 0 \ 7405 -S "mbedtls_ssl_handshake returned" \ 7406 -s "Protocol is TLSv1.2" 7407 7408requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7409 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7410requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7411run_test "Server version nego O->m: cli 1.2, srv max=1.2 -> 1.2" \ 7412 "$P_SRV max_version=tls12" \ 7413 "$O_NEXT_CLI -tls1_2" \ 7414 0 \ 7415 -S "mbedtls_ssl_handshake returned" \ 7416 -s "Protocol is TLSv1.2" 7417 7418requires_openssl_tls1_3_with_compatible_ephemeral 7419requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \ 7420 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7421 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7422run_test "Server version nego O->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \ 7423 "$P_SRV" \ 7424 "$O_NEXT_CLI -tls1_3" \ 7425 0 \ 7426 -S "mbedtls_ssl_handshake returned" \ 7427 -s "Protocol is TLSv1.3" 7428 7429requires_openssl_tls1_3_with_compatible_ephemeral 7430requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7431 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7432 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7433 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7434run_test "Server version nego O->m: cli 1.3, srv min=1.3 -> 1.3" \ 7435 "$P_SRV min_version=tls13" \ 7436 "$O_NEXT_CLI -tls1_3" \ 7437 0 \ 7438 -S "mbedtls_ssl_handshake returned" \ 7439 -s "Protocol is TLSv1.3" 7440 7441requires_openssl_tls1_3_with_compatible_ephemeral 7442requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \ 7443 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7444 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7445run_test "Server version nego O->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ 7446 "$P_SRV" \ 7447 "$O_NEXT_CLI" \ 7448 0 \ 7449 -S "mbedtls_ssl_handshake returned" \ 7450 -s "Protocol is TLSv1.3" 7451 7452requires_openssl_tls1_3_with_compatible_ephemeral 7453requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \ 7454 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7455run_test "Server version nego O->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ 7456 "$P_SRV" \ 7457 "$O_NEXT_CLI -no_middlebox" \ 7458 0 \ 7459 -S "mbedtls_ssl_handshake returned" \ 7460 -s "Protocol is TLSv1.3" 7461 7462requires_openssl_tls1_3_with_compatible_ephemeral 7463requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7464 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \ 7465 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 7466 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 7467run_test "Server version nego O->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ 7468 "$P_SRV min_version=tls13" \ 7469 "$O_NEXT_CLI" \ 7470 0 \ 7471 -S "mbedtls_ssl_handshake returned" \ 7472 -s "Protocol is TLSv1.3" 7473 7474requires_config_enabled MBEDTLS_SSL_SRV_C 7475requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 7476requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7477run_test "Server version nego O->m: cli 1.2+1.3, srv 1.2 -> 1.2" \ 7478 "$P_SRV" \ 7479 "$O_NEXT_CLI" \ 7480 0 \ 7481 -S "mbedtls_ssl_handshake returned" \ 7482 -s "Protocol is TLSv1.2" 7483 7484requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7485 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7486requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 7487run_test "Server version nego O->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \ 7488 "$P_SRV max_version=tls12" \ 7489 "$O_NEXT_CLI" \ 7490 0 \ 7491 -S "mbedtls_ssl_handshake returned" \ 7492 -s "Protocol is TLSv1.2" 7493 7494requires_config_enabled MBEDTLS_SSL_SRV_C 7495run_test "Not supported version O->m: cli 1.0, srv (1.2)+(1.3)" \ 7496 "$P_SRV" \ 7497 "$O_CLI -tls1" \ 7498 1 \ 7499 -s "Handshake protocol not within min/max boundaries" \ 7500 -S "Protocol is TLSv1.0" 7501 7502requires_config_enabled MBEDTLS_SSL_SRV_C 7503run_test "Not supported version O->m: cli 1.1, srv (1.2)+(1.3)" \ 7504 "$P_SRV" \ 7505 "$O_CLI -tls1_1" \ 7506 1 \ 7507 -s "Handshake protocol not within min/max boundaries" \ 7508 -S "Protocol is TLSv1.1" 7509 7510requires_config_enabled MBEDTLS_SSL_SRV_C 7511requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 7512run_test "Not supported version O->m: cli 1.2, srv 1.3" \ 7513 "$P_SRV" \ 7514 "$O_NEXT_CLI -tls1_2" \ 7515 1 \ 7516 -s "Handshake protocol not within min/max boundaries" \ 7517 -S "Protocol is TLSv1.2" 7518 7519requires_config_enabled MBEDTLS_SSL_SRV_C 7520requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 7521run_test "Not supported version O->m: cli 1.3, srv 1.2" \ 7522 "$P_SRV" \ 7523 "$O_NEXT_CLI -tls1_3" \ 7524 1 \ 7525 -S "Handshake protocol not within min/max boundaries" \ 7526 -s "The handshake negotiation failed" \ 7527 -S "Protocol is TLSv1.3" 7528 7529requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7530 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7531run_test "Not supported version O->m: cli 1.2, srv min=1.3" \ 7532 "$P_SRV min_version=tls13" \ 7533 "$O_NEXT_CLI -tls1_2" \ 7534 1 \ 7535 -s "Handshake protocol not within min/max boundaries" \ 7536 -S "Protocol is TLSv1.2" 7537 7538requires_all_configs_enabled MBEDTLS_SSL_SRV_C \ 7539 MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 7540run_test "Not supported version O->m: cli 1.3, srv max=1.2" \ 7541 "$P_SRV max_version=tls12" \ 7542 "$O_NEXT_CLI -tls1_3" \ 7543 1 \ 7544 -S "Handshake protocol not within min/max boundaries" \ 7545 -s "The handshake negotiation failed" \ 7546 -S "Protocol is TLSv1.3" 7547 7548# Tests of version negotiation on client side against GnuTLS and OpenSSL server 7549 7550requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7551run_test "Not supported version: srv max TLS 1.0" \ 7552 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ 7553 "$P_CLI" \ 7554 1 \ 7555 -s "Error in protocol version" \ 7556 -c "Handshake protocol not within min/max boundaries" \ 7557 -S "Version: TLS1.0" \ 7558 -C "Protocol is TLSv1.0" 7559 7560requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7561run_test "Not supported version: srv max TLS 1.1" \ 7562 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ 7563 "$P_CLI" \ 7564 1 \ 7565 -s "Error in protocol version" \ 7566 -c "Handshake protocol not within min/max boundaries" \ 7567 -S "Version: TLS1.1" \ 7568 -C "Protocol is TLSv1.1" 7569 7570requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7571requires_config_enabled MBEDTLS_DEBUG_C 7572requires_config_enabled MBEDTLS_SSL_CLI_C 7573skip_handshake_stage_check 7574requires_gnutls_tls1_3 7575run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.0" \ 7576 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \ 7577 "$P_CLI debug_level=4" \ 7578 1 \ 7579 -s "Client's version: 3.3" \ 7580 -S "Version: TLS1.0" \ 7581 -C "Protocol is TLSv1.0" 7582 7583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7584requires_config_enabled MBEDTLS_DEBUG_C 7585requires_config_enabled MBEDTLS_SSL_CLI_C 7586skip_handshake_stage_check 7587requires_gnutls_tls1_3 7588run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.1" \ 7589 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \ 7590 "$P_CLI debug_level=4" \ 7591 1 \ 7592 -s "Client's version: 3.3" \ 7593 -S "Version: TLS1.1" \ 7594 -C "Protocol is TLSv1.1" 7595 7596requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7597requires_config_enabled MBEDTLS_DEBUG_C 7598requires_config_enabled MBEDTLS_SSL_CLI_C 7599skip_handshake_stage_check 7600requires_gnutls_tls1_3 7601run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.2" \ 7602 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \ 7603 "$P_CLI force_version=tls13 debug_level=4" \ 7604 1 \ 7605 -s "Client's version: 3.3" \ 7606 -c "is a fatal alert message (msg 40)" \ 7607 -S "Version: TLS1.2" \ 7608 -C "Protocol is TLSv1.2" 7609 7610requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7611requires_config_enabled MBEDTLS_DEBUG_C 7612requires_config_enabled MBEDTLS_SSL_CLI_C 7613skip_handshake_stage_check 7614requires_openssl_next 7615run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.0" \ 7616 "$O_NEXT_SRV -msg -tls1" \ 7617 "$P_CLI debug_level=4" \ 7618 1 \ 7619 -s "fatal protocol_version" \ 7620 -c "is a fatal alert message (msg 70)" \ 7621 -S "Version: TLS1.0" \ 7622 -C "Protocol : TLSv1.0" 7623 7624requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7625requires_config_enabled MBEDTLS_DEBUG_C 7626requires_config_enabled MBEDTLS_SSL_CLI_C 7627skip_handshake_stage_check 7628requires_openssl_next 7629run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.1" \ 7630 "$O_NEXT_SRV -msg -tls1_1" \ 7631 "$P_CLI debug_level=4" \ 7632 1 \ 7633 -s "fatal protocol_version" \ 7634 -c "is a fatal alert message (msg 70)" \ 7635 -S "Version: TLS1.1" \ 7636 -C "Protocol : TLSv1.1" 7637 7638requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 7639requires_config_enabled MBEDTLS_DEBUG_C 7640requires_config_enabled MBEDTLS_SSL_CLI_C 7641skip_handshake_stage_check 7642requires_openssl_next 7643run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.2" \ 7644 "$O_NEXT_SRV -msg -tls1_2" \ 7645 "$P_CLI force_version=tls13 debug_level=4" \ 7646 1 \ 7647 -s "fatal protocol_version" \ 7648 -c "is a fatal alert message (msg 70)" \ 7649 -S "Version: TLS1.2" \ 7650 -C "Protocol : TLSv1.2" 7651 7652# Tests for ALPN extension 7653 7654requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7655run_test "ALPN: none" \ 7656 "$P_SRV debug_level=3" \ 7657 "$P_CLI debug_level=3" \ 7658 0 \ 7659 -C "client hello, adding alpn extension" \ 7660 -S "found alpn extension" \ 7661 -C "got an alert message, type: \\[2:120]" \ 7662 -S "server side, adding alpn extension" \ 7663 -C "found alpn extension " \ 7664 -C "Application Layer Protocol is" \ 7665 -S "Application Layer Protocol is" 7666 7667requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7668run_test "ALPN: client only" \ 7669 "$P_SRV debug_level=3" \ 7670 "$P_CLI debug_level=3 alpn=abc,1234" \ 7671 0 \ 7672 -c "client hello, adding alpn extension" \ 7673 -s "found alpn extension" \ 7674 -C "got an alert message, type: \\[2:120]" \ 7675 -S "server side, adding alpn extension" \ 7676 -C "found alpn extension " \ 7677 -c "Application Layer Protocol is (none)" \ 7678 -S "Application Layer Protocol is" 7679 7680requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7681run_test "ALPN: server only" \ 7682 "$P_SRV debug_level=3 alpn=abc,1234" \ 7683 "$P_CLI debug_level=3" \ 7684 0 \ 7685 -C "client hello, adding alpn extension" \ 7686 -S "found alpn extension" \ 7687 -C "got an alert message, type: \\[2:120]" \ 7688 -S "server side, adding alpn extension" \ 7689 -C "found alpn extension " \ 7690 -C "Application Layer Protocol is" \ 7691 -s "Application Layer Protocol is (none)" 7692 7693requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7694run_test "ALPN: both, common cli1-srv1" \ 7695 "$P_SRV debug_level=3 alpn=abc,1234" \ 7696 "$P_CLI debug_level=3 alpn=abc,1234" \ 7697 0 \ 7698 -c "client hello, adding alpn extension" \ 7699 -s "found alpn extension" \ 7700 -C "got an alert message, type: \\[2:120]" \ 7701 -s "server side, adding alpn extension" \ 7702 -c "found alpn extension" \ 7703 -c "Application Layer Protocol is abc" \ 7704 -s "Application Layer Protocol is abc" 7705 7706requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7707run_test "ALPN: both, common cli2-srv1" \ 7708 "$P_SRV debug_level=3 alpn=abc,1234" \ 7709 "$P_CLI debug_level=3 alpn=1234,abc" \ 7710 0 \ 7711 -c "client hello, adding alpn extension" \ 7712 -s "found alpn extension" \ 7713 -C "got an alert message, type: \\[2:120]" \ 7714 -s "server side, adding alpn extension" \ 7715 -c "found alpn extension" \ 7716 -c "Application Layer Protocol is abc" \ 7717 -s "Application Layer Protocol is abc" 7718 7719requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7720run_test "ALPN: both, common cli1-srv2" \ 7721 "$P_SRV debug_level=3 alpn=abc,1234" \ 7722 "$P_CLI debug_level=3 alpn=1234,abcde" \ 7723 0 \ 7724 -c "client hello, adding alpn extension" \ 7725 -s "found alpn extension" \ 7726 -C "got an alert message, type: \\[2:120]" \ 7727 -s "server side, adding alpn extension" \ 7728 -c "found alpn extension" \ 7729 -c "Application Layer Protocol is 1234" \ 7730 -s "Application Layer Protocol is 1234" 7731 7732requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 7733run_test "ALPN: both, no common" \ 7734 "$P_SRV debug_level=3 alpn=abc,123" \ 7735 "$P_CLI debug_level=3 alpn=1234,abcde" \ 7736 1 \ 7737 -c "client hello, adding alpn extension" \ 7738 -s "found alpn extension" \ 7739 -c "got an alert message, type: \\[2:120]" \ 7740 -S "server side, adding alpn extension" \ 7741 -C "found alpn extension" \ 7742 -C "Application Layer Protocol is 1234" \ 7743 -S "Application Layer Protocol is 1234" 7744 7745 7746# Tests for keyUsage in leaf certificates, part 1: 7747# server-side certificate/suite selection 7748# 7749# This is only about 1.2 (for 1.3, all key exchanges use signatures). 7750# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use 7751# signatures too, following the removal of RSA #8170 and static ECDH #9201. 7752 7753run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \ 7754 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ 7755 crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ 7756 "$P_CLI" \ 7757 0 \ 7758 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" 7759 7760run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ 7761 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ 7762 crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ 7763 "$P_CLI" \ 7764 0 \ 7765 -c "Ciphersuite is TLS-RSA-WITH-" 7766 7767run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ 7768 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ 7769 crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \ 7770 "$P_CLI" \ 7771 1 \ 7772 -C "Ciphersuite is " 7773 7774requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7775run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ 7776 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ 7777 crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \ 7778 "$P_CLI" \ 7779 0 \ 7780 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" 7781 7782 7783run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \ 7784 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ 7785 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ 7786 "$P_CLI" \ 7787 0 \ 7788 -c "Ciphersuite is TLS-ECDH-" 7789 7790run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ 7791 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ 7792 crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ 7793 "$P_CLI" \ 7794 1 \ 7795 -C "Ciphersuite is " 7796 7797# Tests for keyUsage in leaf certificates, part 2: 7798# client-side checking of server cert 7799# 7800# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange. 7801# In 4.0 this will probably change as all TLS 1.2 key exchanges will use 7802# signatures too, following the removal of RSA #8170 and static ECDH #9201. 7803 7804run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \ 7805 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7806 -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ 7807 "$P_CLI debug_level=1 \ 7808 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7809 0 \ 7810 -C "bad certificate (usage extensions)" \ 7811 -C "Processing of the Certificate handshake message failed" \ 7812 -c "Ciphersuite is TLS-" 7813 7814run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ 7815 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7816 -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ 7817 "$P_CLI debug_level=1 \ 7818 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 7819 0 \ 7820 -C "bad certificate (usage extensions)" \ 7821 -C "Processing of the Certificate handshake message failed" \ 7822 -c "Ciphersuite is TLS-" 7823 7824run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ 7825 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7826 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 7827 "$P_CLI debug_level=1 \ 7828 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7829 0 \ 7830 -C "bad certificate (usage extensions)" \ 7831 -C "Processing of the Certificate handshake message failed" \ 7832 -c "Ciphersuite is TLS-" 7833 7834run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \ 7835 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7836 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 7837 "$P_CLI debug_level=3 \ 7838 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 7839 1 \ 7840 -c "bad certificate (usage extensions)" \ 7841 -c "Processing of the Certificate handshake message failed" \ 7842 -C "Ciphersuite is TLS-" \ 7843 -c "send alert level=2 message=43" \ 7844 -c "! Usage does not match the keyUsage extension" 7845 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 7846 7847run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \ 7848 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7849 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 7850 "$P_CLI debug_level=3 auth_mode=optional \ 7851 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 7852 0 \ 7853 -c "bad certificate (usage extensions)" \ 7854 -C "Processing of the Certificate handshake message failed" \ 7855 -c "Ciphersuite is TLS-" \ 7856 -C "send alert level=2 message=43" \ 7857 -c "! Usage does not match the keyUsage extension" 7858 7859run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \ 7860 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7861 -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ 7862 "$P_CLI debug_level=1 \ 7863 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 7864 0 \ 7865 -C "bad certificate (usage extensions)" \ 7866 -C "Processing of the Certificate handshake message failed" \ 7867 -c "Ciphersuite is TLS-" 7868 7869run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \ 7870 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7871 -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ 7872 "$P_CLI debug_level=3 \ 7873 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7874 1 \ 7875 -c "bad certificate (usage extensions)" \ 7876 -c "Processing of the Certificate handshake message failed" \ 7877 -C "Ciphersuite is TLS-" \ 7878 -c "send alert level=2 message=43" \ 7879 -c "! Usage does not match the keyUsage extension" 7880 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 7881 7882run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \ 7883 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7884 -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ 7885 "$P_CLI debug_level=3 auth_mode=optional \ 7886 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7887 0 \ 7888 -c "bad certificate (usage extensions)" \ 7889 -C "Processing of the Certificate handshake message failed" \ 7890 -c "Ciphersuite is TLS-" \ 7891 -C "send alert level=2 message=43" \ 7892 -c "! Usage does not match the keyUsage extension" 7893 7894requires_openssl_tls1_3_with_compatible_ephemeral 7895requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7896 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7897run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \ 7898 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ 7899 -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ 7900 "$P_CLI debug_level=3" \ 7901 0 \ 7902 -C "bad certificate (usage extensions)" \ 7903 -C "Processing of the Certificate handshake message failed" \ 7904 -c "Ciphersuite is" 7905 7906requires_openssl_tls1_3_with_compatible_ephemeral 7907requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7908 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7909run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ 7910 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ 7911 -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ 7912 "$P_CLI debug_level=3" \ 7913 0 \ 7914 -C "bad certificate (usage extensions)" \ 7915 -C "Processing of the Certificate handshake message failed" \ 7916 -c "Ciphersuite is" 7917 7918requires_openssl_tls1_3_with_compatible_ephemeral 7919requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7920 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7921run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \ 7922 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ 7923 -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ 7924 "$P_CLI debug_level=3" \ 7925 1 \ 7926 -c "bad certificate (usage extensions)" \ 7927 -c "Processing of the Certificate handshake message failed" \ 7928 -C "Ciphersuite is" \ 7929 -c "send alert level=2 message=43" \ 7930 -c "! Usage does not match the keyUsage extension" 7931 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 7932 7933requires_openssl_tls1_3_with_compatible_ephemeral 7934requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7935 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7936run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \ 7937 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ 7938 -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ 7939 "$P_CLI debug_level=3" \ 7940 1 \ 7941 -c "bad certificate (usage extensions)" \ 7942 -c "Processing of the Certificate handshake message failed" \ 7943 -C "Ciphersuite is" \ 7944 -c "send alert level=2 message=43" \ 7945 -c "! Usage does not match the keyUsage extension" 7946 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 7947 7948requires_openssl_tls1_3_with_compatible_ephemeral 7949requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7950 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7951run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ 7952 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 7953 -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ 7954 "$P_CLI debug_level=3" \ 7955 0 \ 7956 -C "bad certificate (usage extensions)" \ 7957 -C "Processing of the Certificate handshake message failed" \ 7958 -c "Ciphersuite is" 7959 7960requires_openssl_tls1_3_with_compatible_ephemeral 7961requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7962 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7963run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \ 7964 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 7965 -cert $DATA_FILES_PATH/server5.ku-ke.crt" \ 7966 "$P_CLI debug_level=3" \ 7967 1 \ 7968 -c "bad certificate (usage extensions)" \ 7969 -c "Processing of the Certificate handshake message failed" \ 7970 -C "Ciphersuite is" \ 7971 -c "send alert level=2 message=43" \ 7972 -c "! Usage does not match the keyUsage extension" 7973 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 7974 7975requires_openssl_tls1_3_with_compatible_ephemeral 7976requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7977 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7978run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \ 7979 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 7980 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 7981 "$P_CLI debug_level=3" \ 7982 1 \ 7983 -c "bad certificate (usage extensions)" \ 7984 -c "Processing of the Certificate handshake message failed" \ 7985 -C "Ciphersuite is" \ 7986 -c "send alert level=2 message=43" \ 7987 -c "! Usage does not match the keyUsage extension" 7988 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 7989 7990# Tests for keyUsage in leaf certificates, part 3: 7991# server-side checking of client cert 7992# 7993# Here, both 1.2 and 1.3 only use signatures. 7994 7995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7996run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \ 7997 "$P_SRV debug_level=1 auth_mode=optional" \ 7998 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ 7999 -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ 8000 0 \ 8001 -s "Verifying peer X.509 certificate... ok" \ 8002 -S "bad certificate (usage extensions)" \ 8003 -S "Processing of the Certificate handshake message failed" 8004 8005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8006run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \ 8007 "$P_SRV debug_level=1 auth_mode=optional" \ 8008 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ 8009 -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ 8010 0 \ 8011 -s "Verifying peer X.509 certificate... ok" \ 8012 -S "bad certificate (usage extensions)" \ 8013 -S "Processing of the Certificate handshake message failed" 8014 8015requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8016run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \ 8017 "$P_SRV debug_level=3 auth_mode=optional" \ 8018 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ 8019 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 8020 0 \ 8021 -s "bad certificate (usage extensions)" \ 8022 -S "send alert level=2 message=43" \ 8023 -s "! Usage does not match the keyUsage extension" \ 8024 -S "Processing of the Certificate handshake message failed" 8025 8026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8027run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \ 8028 "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \ 8029 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ 8030 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 8031 1 \ 8032 -s "bad certificate (usage extensions)" \ 8033 -s "send alert level=2 message=43" \ 8034 -s "! Usage does not match the keyUsage extension" \ 8035 -s "Processing of the Certificate handshake message failed" 8036 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8037 8038requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8039run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \ 8040 "$P_SRV debug_level=1 auth_mode=optional" \ 8041 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8042 -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ 8043 0 \ 8044 -s "Verifying peer X.509 certificate... ok" \ 8045 -S "bad certificate (usage extensions)" \ 8046 -S "Processing of the Certificate handshake message failed" 8047 8048requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8049run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \ 8050 "$P_SRV debug_level=3 auth_mode=optional" \ 8051 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8052 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 8053 0 \ 8054 -s "bad certificate (usage extensions)" \ 8055 -S "send alert level=2 message=43" \ 8056 -s "! Usage does not match the keyUsage extension" \ 8057 -S "Processing of the Certificate handshake message failed" 8058 8059requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8060run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \ 8061 "$P_SRV debug_level=3 auth_mode=required" \ 8062 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8063 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 8064 1 \ 8065 -s "bad certificate (usage extensions)" \ 8066 -s "send alert level=2 message=43" \ 8067 -s "! Usage does not match the keyUsage extension" \ 8068 -s "Processing of the Certificate handshake message failed" 8069 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8070 8071requires_openssl_tls1_3_with_compatible_ephemeral 8072requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8073 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8074run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ 8075 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 8076 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ 8077 -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ 8078 0 \ 8079 -s "Verifying peer X.509 certificate... ok" \ 8080 -S "bad certificate (usage extensions)" \ 8081 -S "Processing of the Certificate handshake message failed" 8082 8083requires_openssl_tls1_3_with_compatible_ephemeral 8084requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8085 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8086run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \ 8087 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 8088 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ 8089 -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ 8090 0 \ 8091 -s "Verifying peer X.509 certificate... ok" \ 8092 -S "bad certificate (usage extensions)" \ 8093 -S "Processing of the Certificate handshake message failed" 8094 8095requires_openssl_tls1_3_with_compatible_ephemeral 8096requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8097 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8098run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ 8099 "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ 8100 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ 8101 -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ 8102 0 \ 8103 -s "bad certificate (usage extensions)" \ 8104 -S "send alert level=2 message=43" \ 8105 -s "! Usage does not match the keyUsage extension" \ 8106 -S "Processing of the Certificate handshake message failed" 8107 8108requires_openssl_tls1_3_with_compatible_ephemeral 8109requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8110 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8111run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ 8112 "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ 8113 "$P_CLI key_file=$DATA_FILES_PATH/server2.key \ 8114 crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ 8115 1 \ 8116 -s "bad certificate (usage extensions)" \ 8117 -s "Processing of the Certificate handshake message failed" \ 8118 -s "send alert level=2 message=43" \ 8119 -s "! Usage does not match the keyUsage extension" \ 8120 -s "! mbedtls_ssl_handshake returned" 8121 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8122 8123requires_openssl_tls1_3_with_compatible_ephemeral 8124requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8125 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8126run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ 8127 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 8128 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ 8129 -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ 8130 0 \ 8131 -s "Verifying peer X.509 certificate... ok" \ 8132 -S "bad certificate (usage extensions)" \ 8133 -S "Processing of the Certificate handshake message failed" 8134 8135requires_openssl_tls1_3_with_compatible_ephemeral 8136requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8137 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8138run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ 8139 "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ 8140 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ 8141 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 8142 0 \ 8143 -s "bad certificate (usage extensions)" \ 8144 -s "! Usage does not match the keyUsage extension" \ 8145 -S "Processing of the Certificate handshake message failed" 8146 8147requires_openssl_tls1_3_with_compatible_ephemeral 8148requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8149 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8150run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ 8151 "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ 8152 "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ 8153 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ 8154 1 \ 8155 -s "bad certificate (usage extensions)" \ 8156 -s "Processing of the Certificate handshake message failed" \ 8157 -s "send alert level=2 message=43" \ 8158 -s "! Usage does not match the keyUsage extension" \ 8159 -s "! mbedtls_ssl_handshake returned" 8160 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8161 8162# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection 8163 8164requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 8165run_test "extKeyUsage srv: serverAuth -> OK" \ 8166 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ 8167 crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ 8168 "$P_CLI" \ 8169 0 8170 8171requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 8172run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ 8173 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ 8174 crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ 8175 "$P_CLI" \ 8176 0 8177 8178requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 8179run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ 8180 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ 8181 crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \ 8182 "$P_CLI" \ 8183 0 8184 8185requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 8186run_test "extKeyUsage srv: codeSign -> fail" \ 8187 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ 8188 crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \ 8189 "$P_CLI" \ 8190 1 8191 8192# Tests for extendedKeyUsage, part 2: client-side checking of server cert 8193 8194requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8195run_test "extKeyUsage cli 1.2: serverAuth -> OK" \ 8196 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8197 -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ 8198 "$P_CLI debug_level=1" \ 8199 0 \ 8200 -C "bad certificate (usage extensions)" \ 8201 -C "Processing of the Certificate handshake message failed" \ 8202 -c "Ciphersuite is TLS-" 8203 8204requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8205run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \ 8206 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8207 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ 8208 "$P_CLI debug_level=1" \ 8209 0 \ 8210 -C "bad certificate (usage extensions)" \ 8211 -C "Processing of the Certificate handshake message failed" \ 8212 -c "Ciphersuite is TLS-" 8213 8214requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8215run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \ 8216 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8217 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ 8218 "$P_CLI debug_level=1" \ 8219 0 \ 8220 -C "bad certificate (usage extensions)" \ 8221 -C "Processing of the Certificate handshake message failed" \ 8222 -c "Ciphersuite is TLS-" 8223 8224requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8225run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \ 8226 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8227 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 8228 "$P_CLI debug_level=3 auth_mode=optional" \ 8229 0 \ 8230 -c "bad certificate (usage extensions)" \ 8231 -C "Processing of the Certificate handshake message failed" \ 8232 -c "Ciphersuite is TLS-" \ 8233 -C "send alert level=2 message=43" \ 8234 -c "! Usage does not match the extendedKeyUsage extension" 8235 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8236 8237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8238run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \ 8239 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8240 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 8241 "$P_CLI debug_level=3" \ 8242 1 \ 8243 -c "bad certificate (usage extensions)" \ 8244 -c "Processing of the Certificate handshake message failed" \ 8245 -C "Ciphersuite is TLS-" \ 8246 -c "send alert level=2 message=43" \ 8247 -c "! Usage does not match the extendedKeyUsage extension" 8248 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8249 8250requires_openssl_tls1_3_with_compatible_ephemeral 8251requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8252 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8253run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ 8254 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 8255 -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ 8256 "$P_CLI debug_level=1" \ 8257 0 \ 8258 -C "bad certificate (usage extensions)" \ 8259 -C "Processing of the Certificate handshake message failed" \ 8260 -c "Ciphersuite is" 8261 8262requires_openssl_tls1_3_with_compatible_ephemeral 8263requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8264 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8265run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ 8266 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 8267 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ 8268 "$P_CLI debug_level=1" \ 8269 0 \ 8270 -C "bad certificate (usage extensions)" \ 8271 -C "Processing of the Certificate handshake message failed" \ 8272 -c "Ciphersuite is" 8273 8274requires_openssl_tls1_3_with_compatible_ephemeral 8275requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8276 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8277run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ 8278 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 8279 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ 8280 "$P_CLI debug_level=1" \ 8281 0 \ 8282 -C "bad certificate (usage extensions)" \ 8283 -C "Processing of the Certificate handshake message failed" \ 8284 -c "Ciphersuite is" 8285 8286requires_openssl_tls1_3_with_compatible_ephemeral 8287requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8288 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8289run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \ 8290 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ 8291 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 8292 "$P_CLI debug_level=3" \ 8293 1 \ 8294 -c "bad certificate (usage extensions)" \ 8295 -c "Processing of the Certificate handshake message failed" \ 8296 -C "Ciphersuite is" \ 8297 -c "send alert level=2 message=43" \ 8298 -c "! Usage does not match the extendedKeyUsage extension" 8299 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8300 8301# Tests for extendedKeyUsage, part 3: server-side checking of client cert 8302 8303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8304run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \ 8305 "$P_SRV debug_level=1 auth_mode=optional" \ 8306 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8307 -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ 8308 0 \ 8309 -S "bad certificate (usage extensions)" \ 8310 -S "Processing of the Certificate handshake message failed" 8311 8312requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8313run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \ 8314 "$P_SRV debug_level=1 auth_mode=optional" \ 8315 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8316 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ 8317 0 \ 8318 -S "bad certificate (usage extensions)" \ 8319 -S "Processing of the Certificate handshake message failed" 8320 8321requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8322run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \ 8323 "$P_SRV debug_level=1 auth_mode=optional" \ 8324 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8325 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ 8326 0 \ 8327 -S "bad certificate (usage extensions)" \ 8328 -S "Processing of the Certificate handshake message failed" 8329 8330requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8331run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \ 8332 "$P_SRV debug_level=3 auth_mode=optional" \ 8333 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8334 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 8335 0 \ 8336 -s "bad certificate (usage extensions)" \ 8337 -S "send alert level=2 message=43" \ 8338 -s "! Usage does not match the extendedKeyUsage extension" \ 8339 -S "Processing of the Certificate handshake message failed" \ 8340 8341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8342run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \ 8343 "$P_SRV debug_level=3 auth_mode=required" \ 8344 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ 8345 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 8346 1 \ 8347 -s "bad certificate (usage extensions)" \ 8348 -s "send alert level=2 message=43" \ 8349 -s "! Usage does not match the extendedKeyUsage extension" \ 8350 -s "Processing of the Certificate handshake message failed" 8351 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8352 8353requires_openssl_tls1_3_with_compatible_ephemeral 8354requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8355 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8356run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ 8357 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 8358 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ 8359 -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ 8360 0 \ 8361 -S "bad certificate (usage extensions)" \ 8362 -S "Processing of the Certificate handshake message failed" 8363 8364requires_openssl_tls1_3_with_compatible_ephemeral 8365requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8366 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8367run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ 8368 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 8369 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ 8370 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ 8371 0 \ 8372 -S "bad certificate (usage extensions)" \ 8373 -S "Processing of the Certificate handshake message failed" 8374 8375requires_openssl_tls1_3_with_compatible_ephemeral 8376requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8377 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8378run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ 8379 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 8380 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ 8381 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ 8382 0 \ 8383 -S "bad certificate (usage extensions)" \ 8384 -S "Processing of the Certificate handshake message failed" 8385 8386requires_openssl_tls1_3_with_compatible_ephemeral 8387requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8388 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8389run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ 8390 "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ 8391 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ 8392 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 8393 0 \ 8394 -s "bad certificate (usage extensions)" \ 8395 -S "send alert level=2 message=43" \ 8396 -s "! Usage does not match the extendedKeyUsage extension" \ 8397 -S "Processing of the Certificate handshake message failed" 8398 8399requires_openssl_tls1_3_with_compatible_ephemeral 8400requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 8401 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8402run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \ 8403 "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ 8404 "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ 8405 crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \ 8406 1 \ 8407 -s "bad certificate (usage extensions)" \ 8408 -s "send alert level=2 message=43" \ 8409 -s "! Usage does not match the extendedKeyUsage extension" \ 8410 -s "Processing of the Certificate handshake message failed" 8411 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 8412 8413# Tests for DHM parameters loading 8414 8415run_test "DHM parameters: reference" \ 8416 "$P_SRV" \ 8417 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8418 debug_level=3" \ 8419 0 \ 8420 -c "value of 'DHM: P ' (2048 bits)" \ 8421 -c "value of 'DHM: G ' (2 bits)" 8422 8423run_test "DHM parameters: other parameters" \ 8424 "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ 8425 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8426 debug_level=3" \ 8427 0 \ 8428 -c "value of 'DHM: P ' (1024 bits)" \ 8429 -c "value of 'DHM: G ' (2 bits)" 8430 8431# Tests for DHM client-side size checking 8432 8433run_test "DHM size: server default, client default, OK" \ 8434 "$P_SRV" \ 8435 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8436 debug_level=1" \ 8437 0 \ 8438 -C "DHM prime too short:" 8439 8440run_test "DHM size: server default, client 2048, OK" \ 8441 "$P_SRV" \ 8442 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8443 debug_level=1 dhmlen=2048" \ 8444 0 \ 8445 -C "DHM prime too short:" 8446 8447run_test "DHM size: server 1024, client default, OK" \ 8448 "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ 8449 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8450 debug_level=1" \ 8451 0 \ 8452 -C "DHM prime too short:" 8453 8454run_test "DHM size: server 999, client 999, OK" \ 8455 "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ 8456 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8457 debug_level=1 dhmlen=999" \ 8458 0 \ 8459 -C "DHM prime too short:" 8460 8461run_test "DHM size: server 1000, client 1000, OK" \ 8462 "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ 8463 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8464 debug_level=1 dhmlen=1000" \ 8465 0 \ 8466 -C "DHM prime too short:" 8467 8468run_test "DHM size: server 1000, client default, rejected" \ 8469 "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ 8470 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8471 debug_level=1" \ 8472 1 \ 8473 -c "DHM prime too short:" 8474 8475run_test "DHM size: server 1000, client 1001, rejected" \ 8476 "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ 8477 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8478 debug_level=1 dhmlen=1001" \ 8479 1 \ 8480 -c "DHM prime too short:" 8481 8482run_test "DHM size: server 999, client 1000, rejected" \ 8483 "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ 8484 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8485 debug_level=1 dhmlen=1000" \ 8486 1 \ 8487 -c "DHM prime too short:" 8488 8489run_test "DHM size: server 998, client 999, rejected" \ 8490 "$P_SRV dhm_file=$DATA_FILES_PATH/dh.998.pem" \ 8491 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8492 debug_level=1 dhmlen=999" \ 8493 1 \ 8494 -c "DHM prime too short:" 8495 8496run_test "DHM size: server default, client 2049, rejected" \ 8497 "$P_SRV" \ 8498 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 8499 debug_level=1 dhmlen=2049" \ 8500 1 \ 8501 -c "DHM prime too short:" 8502 8503# Tests for PSK callback 8504 8505run_test "PSK callback: psk, no callback" \ 8506 "$P_SRV psk=73776f726466697368 psk_identity=foo" \ 8507 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8508 psk_identity=foo psk=73776f726466697368" \ 8509 0 \ 8510 -S "SSL - The handshake negotiation failed" \ 8511 -S "SSL - Unknown identity received" \ 8512 -S "SSL - Verification of the message MAC failed" 8513 8514requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8515run_test "PSK callback: opaque psk on client, no callback" \ 8516 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8517 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8518 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8519 0 \ 8520 -C "session hash for extended master secret"\ 8521 -S "session hash for extended master secret"\ 8522 -S "SSL - The handshake negotiation failed" \ 8523 -S "SSL - Unknown identity received" \ 8524 -S "SSL - Verification of the message MAC failed" 8525 8526requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8527run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ 8528 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8529 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 8530 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8531 0 \ 8532 -C "session hash for extended master secret"\ 8533 -S "session hash for extended master secret"\ 8534 -S "SSL - The handshake negotiation failed" \ 8535 -S "SSL - Unknown identity received" \ 8536 -S "SSL - Verification of the message MAC failed" 8537 8538requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8539run_test "PSK callback: opaque psk on client, no callback, EMS" \ 8540 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8541 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8542 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8543 0 \ 8544 -c "session hash for extended master secret"\ 8545 -s "session hash for extended master secret"\ 8546 -S "SSL - The handshake negotiation failed" \ 8547 -S "SSL - Unknown identity received" \ 8548 -S "SSL - Verification of the message MAC failed" 8549 8550requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8551run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ 8552 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8553 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 8554 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8555 0 \ 8556 -c "session hash for extended master secret"\ 8557 -s "session hash for extended master secret"\ 8558 -S "SSL - The handshake negotiation failed" \ 8559 -S "SSL - Unknown identity received" \ 8560 -S "SSL - Verification of the message MAC failed" 8561 8562requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8563run_test "PSK callback: opaque rsa-psk on client, no callback" \ 8564 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8565 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ 8566 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8567 0 \ 8568 -C "session hash for extended master secret"\ 8569 -S "session hash for extended master secret"\ 8570 -S "SSL - The handshake negotiation failed" \ 8571 -S "SSL - Unknown identity received" \ 8572 -S "SSL - Verification of the message MAC failed" 8573 8574requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8575run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ 8576 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8577 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 8578 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8579 0 \ 8580 -C "session hash for extended master secret"\ 8581 -S "session hash for extended master secret"\ 8582 -S "SSL - The handshake negotiation failed" \ 8583 -S "SSL - Unknown identity received" \ 8584 -S "SSL - Verification of the message MAC failed" 8585 8586requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8587run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ 8588 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8589 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 8590 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8591 0 \ 8592 -c "session hash for extended master secret"\ 8593 -s "session hash for extended master secret"\ 8594 -S "SSL - The handshake negotiation failed" \ 8595 -S "SSL - Unknown identity received" \ 8596 -S "SSL - Verification of the message MAC failed" 8597 8598requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8599run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \ 8600 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8601 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 8602 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8603 0 \ 8604 -c "session hash for extended master secret"\ 8605 -s "session hash for extended master secret"\ 8606 -S "SSL - The handshake negotiation failed" \ 8607 -S "SSL - Unknown identity received" \ 8608 -S "SSL - Verification of the message MAC failed" 8609 8610requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8611run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ 8612 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8613 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 8614 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8615 0 \ 8616 -C "session hash for extended master secret"\ 8617 -S "session hash for extended master secret"\ 8618 -S "SSL - The handshake negotiation failed" \ 8619 -S "SSL - Unknown identity received" \ 8620 -S "SSL - Verification of the message MAC failed" 8621 8622requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8623run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ 8624 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8625 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 8626 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8627 0 \ 8628 -C "session hash for extended master secret"\ 8629 -S "session hash for extended master secret"\ 8630 -S "SSL - The handshake negotiation failed" \ 8631 -S "SSL - Unknown identity received" \ 8632 -S "SSL - Verification of the message MAC failed" 8633 8634requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8635run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ 8636 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8637 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 8638 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8639 0 \ 8640 -c "session hash for extended master secret"\ 8641 -s "session hash for extended master secret"\ 8642 -S "SSL - The handshake negotiation failed" \ 8643 -S "SSL - Unknown identity received" \ 8644 -S "SSL - Verification of the message MAC failed" 8645 8646requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8647run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ 8648 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8649 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 8650 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8651 0 \ 8652 -c "session hash for extended master secret"\ 8653 -s "session hash for extended master secret"\ 8654 -S "SSL - The handshake negotiation failed" \ 8655 -S "SSL - Unknown identity received" \ 8656 -S "SSL - Verification of the message MAC failed" 8657 8658requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8659run_test "PSK callback: opaque dhe-psk on client, no callback" \ 8660 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8661 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ 8662 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8663 0 \ 8664 -C "session hash for extended master secret"\ 8665 -S "session hash for extended master secret"\ 8666 -S "SSL - The handshake negotiation failed" \ 8667 -S "SSL - Unknown identity received" \ 8668 -S "SSL - Verification of the message MAC failed" 8669 8670requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8671run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ 8672 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ 8673 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 8674 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8675 0 \ 8676 -C "session hash for extended master secret"\ 8677 -S "session hash for extended master secret"\ 8678 -S "SSL - The handshake negotiation failed" \ 8679 -S "SSL - Unknown identity received" \ 8680 -S "SSL - Verification of the message MAC failed" 8681 8682requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8683run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ 8684 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8685 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 8686 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8687 0 \ 8688 -c "session hash for extended master secret"\ 8689 -s "session hash for extended master secret"\ 8690 -S "SSL - The handshake negotiation failed" \ 8691 -S "SSL - Unknown identity received" \ 8692 -S "SSL - Verification of the message MAC failed" 8693 8694requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8695run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ 8696 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ 8697 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 8698 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 8699 0 \ 8700 -c "session hash for extended master secret"\ 8701 -s "session hash for extended master secret"\ 8702 -S "SSL - The handshake negotiation failed" \ 8703 -S "SSL - Unknown identity received" \ 8704 -S "SSL - Verification of the message MAC failed" 8705 8706requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8707run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ 8708 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 8709 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8710 psk_identity=foo psk=73776f726466697368" \ 8711 0 \ 8712 -C "session hash for extended master secret"\ 8713 -S "session hash for extended master secret"\ 8714 -S "SSL - The handshake negotiation failed" \ 8715 -S "SSL - Unknown identity received" \ 8716 -S "SSL - Verification of the message MAC failed" 8717 8718requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8719run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ 8720 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ 8721 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 8722 psk_identity=foo psk=73776f726466697368" \ 8723 0 \ 8724 -C "session hash for extended master secret"\ 8725 -S "session hash for extended master secret"\ 8726 -S "SSL - The handshake negotiation failed" \ 8727 -S "SSL - Unknown identity received" \ 8728 -S "SSL - Verification of the message MAC failed" 8729 8730requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8731run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ 8732 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8733 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 8734 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8735 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8736 0 \ 8737 -c "session hash for extended master secret"\ 8738 -s "session hash for extended master secret"\ 8739 -S "SSL - The handshake negotiation failed" \ 8740 -S "SSL - Unknown identity received" \ 8741 -S "SSL - Verification of the message MAC failed" 8742 8743requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8744run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ 8745 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8746 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 8747 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 8748 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8749 0 \ 8750 -c "session hash for extended master secret"\ 8751 -s "session hash for extended master secret"\ 8752 -S "SSL - The handshake negotiation failed" \ 8753 -S "SSL - Unknown identity received" \ 8754 -S "SSL - Verification of the message MAC failed" 8755 8756requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8757run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \ 8758 "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ 8759 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 8760 psk_identity=foo psk=73776f726466697368" \ 8761 0 \ 8762 -C "session hash for extended master secret"\ 8763 -S "session hash for extended master secret"\ 8764 -S "SSL - The handshake negotiation failed" \ 8765 -S "SSL - Unknown identity received" \ 8766 -S "SSL - Verification of the message MAC failed" 8767 8768requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8769run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \ 8770 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ 8771 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 8772 psk_identity=foo psk=73776f726466697368" \ 8773 0 \ 8774 -C "session hash for extended master secret"\ 8775 -S "session hash for extended master secret"\ 8776 -S "SSL - The handshake negotiation failed" \ 8777 -S "SSL - Unknown identity received" \ 8778 -S "SSL - Verification of the message MAC failed" 8779 8780requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8781run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \ 8782 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8783 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 8784 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 8785 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8786 0 \ 8787 -c "session hash for extended master secret"\ 8788 -s "session hash for extended master secret"\ 8789 -S "SSL - The handshake negotiation failed" \ 8790 -S "SSL - Unknown identity received" \ 8791 -S "SSL - Verification of the message MAC failed" 8792 8793requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8794run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \ 8795 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8796 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 8797 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 8798 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8799 0 \ 8800 -c "session hash for extended master secret"\ 8801 -s "session hash for extended master secret"\ 8802 -S "SSL - The handshake negotiation failed" \ 8803 -S "SSL - Unknown identity received" \ 8804 -S "SSL - Verification of the message MAC failed" 8805 8806requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8807run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ 8808 "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ 8809 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 8810 psk_identity=foo psk=73776f726466697368" \ 8811 0 \ 8812 -C "session hash for extended master secret"\ 8813 -S "session hash for extended master secret"\ 8814 -S "SSL - The handshake negotiation failed" \ 8815 -S "SSL - Unknown identity received" \ 8816 -S "SSL - Verification of the message MAC failed" 8817 8818requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8819run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ 8820 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ 8821 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 8822 psk_identity=foo psk=73776f726466697368" \ 8823 0 \ 8824 -C "session hash for extended master secret"\ 8825 -S "session hash for extended master secret"\ 8826 -S "SSL - The handshake negotiation failed" \ 8827 -S "SSL - Unknown identity received" \ 8828 -S "SSL - Verification of the message MAC failed" 8829 8830requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8831run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ 8832 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8833 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 8834 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 8835 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8836 0 \ 8837 -c "session hash for extended master secret"\ 8838 -s "session hash for extended master secret"\ 8839 -S "SSL - The handshake negotiation failed" \ 8840 -S "SSL - Unknown identity received" \ 8841 -S "SSL - Verification of the message MAC failed" 8842 8843requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8844run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ 8845 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8846 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 8847 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 8848 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8849 0 \ 8850 -c "session hash for extended master secret"\ 8851 -s "session hash for extended master secret"\ 8852 -S "SSL - The handshake negotiation failed" \ 8853 -S "SSL - Unknown identity received" \ 8854 -S "SSL - Verification of the message MAC failed" 8855 8856requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8857run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ 8858 "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ 8859 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 8860 psk_identity=foo psk=73776f726466697368" \ 8861 0 \ 8862 -C "session hash for extended master secret"\ 8863 -S "session hash for extended master secret"\ 8864 -S "SSL - The handshake negotiation failed" \ 8865 -S "SSL - Unknown identity received" \ 8866 -S "SSL - Verification of the message MAC failed" 8867 8868requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8869run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ 8870 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ 8871 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 8872 psk_identity=foo psk=73776f726466697368" \ 8873 0 \ 8874 -C "session hash for extended master secret"\ 8875 -S "session hash for extended master secret"\ 8876 -S "SSL - The handshake negotiation failed" \ 8877 -S "SSL - Unknown identity received" \ 8878 -S "SSL - Verification of the message MAC failed" 8879 8880requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8881run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ 8882 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8883 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 8884 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 8885 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8886 0 \ 8887 -c "session hash for extended master secret"\ 8888 -s "session hash for extended master secret"\ 8889 -S "SSL - The handshake negotiation failed" \ 8890 -S "SSL - Unknown identity received" \ 8891 -S "SSL - Verification of the message MAC failed" 8892 8893requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8894run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ 8895 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ 8896 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 8897 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 8898 psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 8899 0 \ 8900 -c "session hash for extended master secret"\ 8901 -s "session hash for extended master secret"\ 8902 -S "SSL - The handshake negotiation failed" \ 8903 -S "SSL - Unknown identity received" \ 8904 -S "SSL - Verification of the message MAC failed" 8905 8906requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8907run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ 8908 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 8909 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8910 psk_identity=def psk=beef" \ 8911 0 \ 8912 -C "session hash for extended master secret"\ 8913 -S "session hash for extended master secret"\ 8914 -S "SSL - The handshake negotiation failed" \ 8915 -S "SSL - Unknown identity received" \ 8916 -S "SSL - Verification of the message MAC failed" 8917 8918requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8919run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ 8920 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ 8921 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 8922 psk_identity=def psk=beef" \ 8923 0 \ 8924 -C "session hash for extended master secret"\ 8925 -S "session hash for extended master secret"\ 8926 -S "SSL - The handshake negotiation failed" \ 8927 -S "SSL - Unknown identity received" \ 8928 -S "SSL - Verification of the message MAC failed" 8929 8930requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8931run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ 8932 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 8933 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 8934 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 8935 psk_identity=abc psk=dead extended_ms=1" \ 8936 0 \ 8937 -c "session hash for extended master secret"\ 8938 -s "session hash for extended master secret"\ 8939 -S "SSL - The handshake negotiation failed" \ 8940 -S "SSL - Unknown identity received" \ 8941 -S "SSL - Verification of the message MAC failed" 8942 8943requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8944run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ 8945 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 8946 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 8947 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 8948 psk_identity=abc psk=dead extended_ms=1" \ 8949 0 \ 8950 -c "session hash for extended master secret"\ 8951 -s "session hash for extended master secret"\ 8952 -S "SSL - The handshake negotiation failed" \ 8953 -S "SSL - Unknown identity received" \ 8954 -S "SSL - Verification of the message MAC failed" 8955 8956requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8957run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback" \ 8958 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ 8959 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 8960 psk_identity=def psk=beef" \ 8961 0 \ 8962 -C "session hash for extended master secret"\ 8963 -S "session hash for extended master secret"\ 8964 -S "SSL - The handshake negotiation failed" \ 8965 -S "SSL - Unknown identity received" \ 8966 -S "SSL - Verification of the message MAC failed" 8967 8968requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8969run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, SHA-384" \ 8970 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ 8971 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 8972 psk_identity=def psk=beef" \ 8973 0 \ 8974 -C "session hash for extended master secret"\ 8975 -S "session hash for extended master secret"\ 8976 -S "SSL - The handshake negotiation failed" \ 8977 -S "SSL - Unknown identity received" \ 8978 -S "SSL - Verification of the message MAC failed" 8979 8980requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8981run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS" \ 8982 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 8983 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 8984 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 8985 psk_identity=abc psk=dead extended_ms=1" \ 8986 0 \ 8987 -c "session hash for extended master secret"\ 8988 -s "session hash for extended master secret"\ 8989 -S "SSL - The handshake negotiation failed" \ 8990 -S "SSL - Unknown identity received" \ 8991 -S "SSL - Verification of the message MAC failed" 8992 8993requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8994run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS, SHA384" \ 8995 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 8996 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 8997 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 8998 psk_identity=abc psk=dead extended_ms=1" \ 8999 0 \ 9000 -c "session hash for extended master secret"\ 9001 -s "session hash for extended master secret"\ 9002 -S "SSL - The handshake negotiation failed" \ 9003 -S "SSL - Unknown identity received" \ 9004 -S "SSL - Verification of the message MAC failed" 9005 9006requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9007run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ 9008 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ 9009 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 9010 psk_identity=def psk=beef" \ 9011 0 \ 9012 -C "session hash for extended master secret"\ 9013 -S "session hash for extended master secret"\ 9014 -S "SSL - The handshake negotiation failed" \ 9015 -S "SSL - Unknown identity received" \ 9016 -S "SSL - Verification of the message MAC failed" 9017 9018requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9019run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \ 9020 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ 9021 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 9022 psk_identity=def psk=beef" \ 9023 0 \ 9024 -C "session hash for extended master secret"\ 9025 -S "session hash for extended master secret"\ 9026 -S "SSL - The handshake negotiation failed" \ 9027 -S "SSL - Unknown identity received" \ 9028 -S "SSL - Verification of the message MAC failed" 9029 9030requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9031run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \ 9032 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 9033 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 9034 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 9035 psk_identity=abc psk=dead extended_ms=1" \ 9036 0 \ 9037 -c "session hash for extended master secret"\ 9038 -s "session hash for extended master secret"\ 9039 -S "SSL - The handshake negotiation failed" \ 9040 -S "SSL - Unknown identity received" \ 9041 -S "SSL - Verification of the message MAC failed" 9042 9043requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9044run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \ 9045 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 9046 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 9047 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 9048 psk_identity=abc psk=dead extended_ms=1" \ 9049 0 \ 9050 -c "session hash for extended master secret"\ 9051 -s "session hash for extended master secret"\ 9052 -S "SSL - The handshake negotiation failed" \ 9053 -S "SSL - Unknown identity received" \ 9054 -S "SSL - Verification of the message MAC failed" 9055 9056requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9057run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback" \ 9058 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ 9059 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 9060 psk_identity=def psk=beef" \ 9061 0 \ 9062 -C "session hash for extended master secret"\ 9063 -S "session hash for extended master secret"\ 9064 -S "SSL - The handshake negotiation failed" \ 9065 -S "SSL - Unknown identity received" \ 9066 -S "SSL - Verification of the message MAC failed" 9067 9068requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9069run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, SHA-384" \ 9070 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ 9071 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 9072 psk_identity=def psk=beef" \ 9073 0 \ 9074 -C "session hash for extended master secret"\ 9075 -S "session hash for extended master secret"\ 9076 -S "SSL - The handshake negotiation failed" \ 9077 -S "SSL - Unknown identity received" \ 9078 -S "SSL - Verification of the message MAC failed" 9079 9080requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9081run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS" \ 9082 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 9083 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 9084 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 9085 psk_identity=abc psk=dead extended_ms=1" \ 9086 0 \ 9087 -c "session hash for extended master secret"\ 9088 -s "session hash for extended master secret"\ 9089 -S "SSL - The handshake negotiation failed" \ 9090 -S "SSL - Unknown identity received" \ 9091 -S "SSL - Verification of the message MAC failed" 9092 9093requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9094run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS, SHA384" \ 9095 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 9096 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 9097 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 9098 psk_identity=abc psk=dead extended_ms=1" \ 9099 0 \ 9100 -c "session hash for extended master secret"\ 9101 -s "session hash for extended master secret"\ 9102 -S "SSL - The handshake negotiation failed" \ 9103 -S "SSL - Unknown identity received" \ 9104 -S "SSL - Verification of the message MAC failed" 9105 9106requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9107run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ 9108 "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 9109 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9110 psk_identity=def psk=beef" \ 9111 0 \ 9112 -C "session hash for extended master secret"\ 9113 -S "session hash for extended master secret"\ 9114 -S "SSL - The handshake negotiation failed" \ 9115 -S "SSL - Unknown identity received" \ 9116 -S "SSL - Verification of the message MAC failed" 9117 9118requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9119run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ 9120 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 9121 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9122 psk_identity=def psk=beef" \ 9123 0 \ 9124 -C "session hash for extended master secret"\ 9125 -S "session hash for extended master secret"\ 9126 -S "SSL - The handshake negotiation failed" \ 9127 -S "SSL - Unknown identity received" \ 9128 -S "SSL - Verification of the message MAC failed" 9129 9130requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9131run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ 9132 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 9133 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9134 psk_identity=def psk=beef" \ 9135 0 \ 9136 -C "session hash for extended master secret"\ 9137 -S "session hash for extended master secret"\ 9138 -S "SSL - The handshake negotiation failed" \ 9139 -S "SSL - Unknown identity received" \ 9140 -S "SSL - Verification of the message MAC failed" 9141 9142requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9143run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ 9144 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 9145 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9146 psk_identity=def psk=beef" \ 9147 0 \ 9148 -C "session hash for extended master secret"\ 9149 -S "session hash for extended master secret"\ 9150 -S "SSL - The handshake negotiation failed" \ 9151 -S "SSL - Unknown identity received" \ 9152 -S "SSL - Verification of the message MAC failed" 9153 9154requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9155run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ 9156 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 9157 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9158 psk_identity=def psk=beef" \ 9159 1 \ 9160 -s "SSL - Verification of the message MAC failed" 9161 9162run_test "PSK callback: no psk, no callback" \ 9163 "$P_SRV" \ 9164 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9165 psk_identity=foo psk=73776f726466697368" \ 9166 1 \ 9167 -s "SSL - The handshake negotiation failed" \ 9168 -S "SSL - Unknown identity received" \ 9169 -S "SSL - Verification of the message MAC failed" 9170 9171run_test "PSK callback: callback overrides other settings" \ 9172 "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \ 9173 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9174 psk_identity=foo psk=73776f726466697368" \ 9175 1 \ 9176 -S "SSL - The handshake negotiation failed" \ 9177 -s "SSL - Unknown identity received" \ 9178 -S "SSL - Verification of the message MAC failed" 9179 9180run_test "PSK callback: first id matches" \ 9181 "$P_SRV psk_list=abc,dead,def,beef" \ 9182 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9183 psk_identity=abc psk=dead" \ 9184 0 \ 9185 -S "SSL - The handshake negotiation failed" \ 9186 -S "SSL - Unknown identity received" \ 9187 -S "SSL - Verification of the message MAC failed" 9188 9189run_test "PSK callback: second id matches" \ 9190 "$P_SRV psk_list=abc,dead,def,beef" \ 9191 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9192 psk_identity=def psk=beef" \ 9193 0 \ 9194 -S "SSL - The handshake negotiation failed" \ 9195 -S "SSL - Unknown identity received" \ 9196 -S "SSL - Verification of the message MAC failed" 9197 9198run_test "PSK callback: no match" \ 9199 "$P_SRV psk_list=abc,dead,def,beef" \ 9200 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9201 psk_identity=ghi psk=beef" \ 9202 1 \ 9203 -S "SSL - The handshake negotiation failed" \ 9204 -s "SSL - Unknown identity received" \ 9205 -S "SSL - Verification of the message MAC failed" 9206 9207run_test "PSK callback: wrong key" \ 9208 "$P_SRV psk_list=abc,dead,def,beef" \ 9209 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 9210 psk_identity=abc psk=beef" \ 9211 1 \ 9212 -S "SSL - The handshake negotiation failed" \ 9213 -S "SSL - Unknown identity received" \ 9214 -s "SSL - Verification of the message MAC failed" 9215 9216# Tests for EC J-PAKE 9217 9218requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9220run_test "ECJPAKE: client not configured" \ 9221 "$P_SRV debug_level=3" \ 9222 "$P_CLI debug_level=3" \ 9223 0 \ 9224 -C "add ciphersuite: 0xc0ff" \ 9225 -C "adding ecjpake_kkpp extension" \ 9226 -S "found ecjpake kkpp extension" \ 9227 -S "skip ecjpake kkpp extension" \ 9228 -S "ciphersuite mismatch: ecjpake not configured" \ 9229 -S "server hello, ecjpake kkpp extension" \ 9230 -C "found ecjpake_kkpp extension" \ 9231 -S "SSL - The handshake negotiation failed" 9232 9233requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9234run_test "ECJPAKE: server not configured" \ 9235 "$P_SRV debug_level=3" \ 9236 "$P_CLI debug_level=3 ecjpake_pw=bla \ 9237 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9238 1 \ 9239 -c "add ciphersuite: c0ff" \ 9240 -c "adding ecjpake_kkpp extension" \ 9241 -s "found ecjpake kkpp extension" \ 9242 -s "skip ecjpake kkpp extension" \ 9243 -s "ciphersuite mismatch: ecjpake not configured" \ 9244 -S "server hello, ecjpake kkpp extension" \ 9245 -C "found ecjpake_kkpp extension" \ 9246 -s "SSL - The handshake negotiation failed" 9247 9248# Note: if the name of this test is changed, then please adjust the corresponding 9249# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") 9250requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9251run_test "ECJPAKE: working, TLS" \ 9252 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 9253 "$P_CLI debug_level=3 ecjpake_pw=bla \ 9254 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9255 0 \ 9256 -c "add ciphersuite: c0ff" \ 9257 -c "adding ecjpake_kkpp extension" \ 9258 -C "re-using cached ecjpake parameters" \ 9259 -s "found ecjpake kkpp extension" \ 9260 -S "skip ecjpake kkpp extension" \ 9261 -S "ciphersuite mismatch: ecjpake not configured" \ 9262 -s "server hello, ecjpake kkpp extension" \ 9263 -c "found ecjpake_kkpp extension" \ 9264 -S "SSL - The handshake negotiation failed" \ 9265 -S "SSL - Verification of the message MAC failed" 9266 9267requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9268requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9269run_test "ECJPAKE: opaque password client+server, working, TLS" \ 9270 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ 9271 "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ 9272 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9273 0 \ 9274 -c "add ciphersuite: c0ff" \ 9275 -c "adding ecjpake_kkpp extension" \ 9276 -c "using opaque password" \ 9277 -s "using opaque password" \ 9278 -C "re-using cached ecjpake parameters" \ 9279 -s "found ecjpake kkpp extension" \ 9280 -S "skip ecjpake kkpp extension" \ 9281 -S "ciphersuite mismatch: ecjpake not configured" \ 9282 -s "server hello, ecjpake kkpp extension" \ 9283 -c "found ecjpake_kkpp extension" \ 9284 -S "SSL - The handshake negotiation failed" \ 9285 -S "SSL - Verification of the message MAC failed" 9286 9287# Note: if the name of this test is changed, then please adjust the corresponding 9288# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") 9289requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9290requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9291run_test "ECJPAKE: opaque password client only, working, TLS" \ 9292 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 9293 "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ 9294 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9295 0 \ 9296 -c "add ciphersuite: c0ff" \ 9297 -c "adding ecjpake_kkpp extension" \ 9298 -c "using opaque password" \ 9299 -S "using opaque password" \ 9300 -C "re-using cached ecjpake parameters" \ 9301 -s "found ecjpake kkpp extension" \ 9302 -S "skip ecjpake kkpp extension" \ 9303 -S "ciphersuite mismatch: ecjpake not configured" \ 9304 -s "server hello, ecjpake kkpp extension" \ 9305 -c "found ecjpake_kkpp extension" \ 9306 -S "SSL - The handshake negotiation failed" \ 9307 -S "SSL - Verification of the message MAC failed" 9308 9309# Note: if the name of this test is changed, then please adjust the corresponding 9310# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") 9311requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9312requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9313run_test "ECJPAKE: opaque password server only, working, TLS" \ 9314 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ 9315 "$P_CLI debug_level=3 ecjpake_pw=bla\ 9316 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9317 0 \ 9318 -c "add ciphersuite: c0ff" \ 9319 -c "adding ecjpake_kkpp extension" \ 9320 -C "using opaque password" \ 9321 -s "using opaque password" \ 9322 -C "re-using cached ecjpake parameters" \ 9323 -s "found ecjpake kkpp extension" \ 9324 -S "skip ecjpake kkpp extension" \ 9325 -S "ciphersuite mismatch: ecjpake not configured" \ 9326 -s "server hello, ecjpake kkpp extension" \ 9327 -c "found ecjpake_kkpp extension" \ 9328 -S "SSL - The handshake negotiation failed" \ 9329 -S "SSL - Verification of the message MAC failed" 9330 9331server_needs_more_time 1 9332requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9333run_test "ECJPAKE: password mismatch, TLS" \ 9334 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 9335 "$P_CLI debug_level=3 ecjpake_pw=bad \ 9336 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9337 1 \ 9338 -C "re-using cached ecjpake parameters" \ 9339 -s "SSL - Verification of the message MAC failed" 9340 9341server_needs_more_time 1 9342requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9343requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9344run_test "ECJPAKE_OPAQUE_PW: opaque password mismatch, TLS" \ 9345 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ 9346 "$P_CLI debug_level=3 ecjpake_pw=bad ecjpake_pw_opaque=1 \ 9347 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9348 1 \ 9349 -c "using opaque password" \ 9350 -s "using opaque password" \ 9351 -C "re-using cached ecjpake parameters" \ 9352 -s "SSL - Verification of the message MAC failed" 9353 9354requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9355run_test "ECJPAKE: working, DTLS" \ 9356 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 9357 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 9358 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9359 0 \ 9360 -c "re-using cached ecjpake parameters" \ 9361 -S "SSL - Verification of the message MAC failed" 9362 9363requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9364run_test "ECJPAKE: working, DTLS, no cookie" \ 9365 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ 9366 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 9367 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9368 0 \ 9369 -C "re-using cached ecjpake parameters" \ 9370 -S "SSL - Verification of the message MAC failed" 9371 9372server_needs_more_time 1 9373requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9374run_test "ECJPAKE: password mismatch, DTLS" \ 9375 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 9376 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ 9377 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9378 1 \ 9379 -c "re-using cached ecjpake parameters" \ 9380 -s "SSL - Verification of the message MAC failed" 9381 9382# for tests with configs/config-thread.h 9383requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 9384run_test "ECJPAKE: working, DTLS, nolog" \ 9385 "$P_SRV dtls=1 ecjpake_pw=bla" \ 9386 "$P_CLI dtls=1 ecjpake_pw=bla \ 9387 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 9388 0 9389 9390# Test for ClientHello without extensions 9391 9392# Without extensions, ECC is impossible (no curve negotiation). 9393requires_config_enabled MBEDTLS_RSA_C 9394requires_gnutls 9395run_test "ClientHello without extensions: RSA" \ 9396 "$P_SRV force_version=tls12 debug_level=3" \ 9397 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 9398 0 \ 9399 -s "Ciphersuite is .*-RSA-WITH-.*" \ 9400 -S "Ciphersuite is .*-EC.*" \ 9401 -s "dumping 'client hello extensions' (0 bytes)" 9402 9403requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 9404requires_gnutls 9405run_test "ClientHello without extensions: PSK" \ 9406 "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ 9407 "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ 9408 0 \ 9409 -s "Ciphersuite is .*-PSK-.*" \ 9410 -S "Ciphersuite is .*-EC.*" \ 9411 -s "dumping 'client hello extensions' (0 bytes)" 9412 9413# Tests for mbedtls_ssl_get_bytes_avail() 9414 9415# The server first reads buffer_size-1 bytes, then reads the remainder. 9416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9417run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ 9418 "$P_SRV buffer_size=100" \ 9419 "$P_CLI request_size=100" \ 9420 0 \ 9421 -s "Read from client: 100 bytes read$" 9422 9423requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9424run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \ 9425 "$P_SRV buffer_size=100" \ 9426 "$P_CLI request_size=101" \ 9427 0 \ 9428 -s "Read from client: 101 bytes read (100 + 1)" 9429 9430requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9431requires_max_content_len 200 9432run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ 9433 "$P_SRV buffer_size=100" \ 9434 "$P_CLI request_size=200" \ 9435 0 \ 9436 -s "Read from client: 200 bytes read (100 + 100)" 9437 9438requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9439run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ 9440 "$P_SRV buffer_size=100 force_version=tls12" \ 9441 "$P_CLI request_size=$MAX_CONTENT_LEN" \ 9442 0 \ 9443 -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" 9444 9445# Tests for small client packets 9446 9447run_test "Small client packet TLS 1.2 BlockCipher" \ 9448 "$P_SRV force_version=tls12" \ 9449 "$P_CLI request_size=1 \ 9450 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9451 0 \ 9452 -s "Read from client: 1 bytes read" 9453 9454run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 9455 "$P_SRV force_version=tls12" \ 9456 "$P_CLI request_size=1 \ 9457 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 9458 0 \ 9459 -s "Read from client: 1 bytes read" 9460 9461run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 9462 "$P_SRV force_version=tls12" \ 9463 "$P_CLI request_size=1 \ 9464 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 9465 0 \ 9466 -s "Read from client: 1 bytes read" 9467 9468run_test "Small client packet TLS 1.2 AEAD" \ 9469 "$P_SRV force_version=tls12" \ 9470 "$P_CLI request_size=1 \ 9471 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 9472 0 \ 9473 -s "Read from client: 1 bytes read" 9474 9475run_test "Small client packet TLS 1.2 AEAD shorter tag" \ 9476 "$P_SRV force_version=tls12" \ 9477 "$P_CLI request_size=1 \ 9478 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 9479 0 \ 9480 -s "Read from client: 1 bytes read" 9481 9482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9483run_test "Small client packet TLS 1.3 AEAD" \ 9484 "$P_SRV" \ 9485 "$P_CLI request_size=1 \ 9486 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 9487 0 \ 9488 -s "Read from client: 1 bytes read" 9489 9490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9491run_test "Small client packet TLS 1.3 AEAD shorter tag" \ 9492 "$P_SRV" \ 9493 "$P_CLI request_size=1 \ 9494 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 9495 0 \ 9496 -s "Read from client: 1 bytes read" 9497 9498# Tests for small client packets in DTLS 9499 9500requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9501run_test "Small client packet DTLS 1.2" \ 9502 "$P_SRV dtls=1 force_version=dtls12" \ 9503 "$P_CLI dtls=1 request_size=1 \ 9504 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9505 0 \ 9506 -s "Read from client: 1 bytes read" 9507 9508requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9509run_test "Small client packet DTLS 1.2, without EtM" \ 9510 "$P_SRV dtls=1 force_version=dtls12 etm=0" \ 9511 "$P_CLI dtls=1 request_size=1 \ 9512 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9513 0 \ 9514 -s "Read from client: 1 bytes read" 9515 9516# Tests for small server packets 9517 9518run_test "Small server packet TLS 1.2 BlockCipher" \ 9519 "$P_SRV response_size=1 force_version=tls12" \ 9520 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9521 0 \ 9522 -c "Read from server: 1 bytes read" 9523 9524run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 9525 "$P_SRV response_size=1 force_version=tls12" \ 9526 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 9527 0 \ 9528 -c "Read from server: 1 bytes read" 9529 9530run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 9531 "$P_SRV response_size=1 force_version=tls12" \ 9532 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 9533 0 \ 9534 -c "Read from server: 1 bytes read" 9535 9536run_test "Small server packet TLS 1.2 AEAD" \ 9537 "$P_SRV response_size=1 force_version=tls12" \ 9538 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 9539 0 \ 9540 -c "Read from server: 1 bytes read" 9541 9542run_test "Small server packet TLS 1.2 AEAD shorter tag" \ 9543 "$P_SRV response_size=1 force_version=tls12" \ 9544 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 9545 0 \ 9546 -c "Read from server: 1 bytes read" 9547 9548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9549run_test "Small server packet TLS 1.3 AEAD" \ 9550 "$P_SRV response_size=1" \ 9551 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 9552 0 \ 9553 -c "Read from server: 1 bytes read" 9554 9555requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9556run_test "Small server packet TLS 1.3 AEAD shorter tag" \ 9557 "$P_SRV response_size=1" \ 9558 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 9559 0 \ 9560 -c "Read from server: 1 bytes read" 9561 9562# Tests for small server packets in DTLS 9563 9564requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9565run_test "Small server packet DTLS 1.2" \ 9566 "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ 9567 "$P_CLI dtls=1 \ 9568 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9569 0 \ 9570 -c "Read from server: 1 bytes read" 9571 9572requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9573run_test "Small server packet DTLS 1.2, without EtM" \ 9574 "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ 9575 "$P_CLI dtls=1 \ 9576 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9577 0 \ 9578 -c "Read from server: 1 bytes read" 9579 9580# Test for large client packets 9581 9582# How many fragments do we expect to write $1 bytes? 9583fragments_for_write() { 9584 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" 9585} 9586 9587run_test "Large client packet TLS 1.2 BlockCipher" \ 9588 "$P_SRV force_version=tls12" \ 9589 "$P_CLI request_size=16384 \ 9590 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9591 0 \ 9592 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 9593 -s "Read from client: $MAX_CONTENT_LEN bytes read" 9594 9595run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 9596 "$P_SRV force_version=tls12" \ 9597 "$P_CLI request_size=16384 etm=0 \ 9598 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9599 0 \ 9600 -s "Read from client: $MAX_CONTENT_LEN bytes read" 9601 9602run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ 9603 "$P_SRV force_version=tls12" \ 9604 "$P_CLI request_size=16384 \ 9605 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 9606 0 \ 9607 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 9608 -s "Read from client: $MAX_CONTENT_LEN bytes read" 9609 9610run_test "Large client packet TLS 1.2 AEAD" \ 9611 "$P_SRV force_version=tls12" \ 9612 "$P_CLI request_size=16384 \ 9613 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 9614 0 \ 9615 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 9616 -s "Read from client: $MAX_CONTENT_LEN bytes read" 9617 9618run_test "Large client packet TLS 1.2 AEAD shorter tag" \ 9619 "$P_SRV force_version=tls12" \ 9620 "$P_CLI request_size=16384 \ 9621 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 9622 0 \ 9623 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 9624 -s "Read from client: $MAX_CONTENT_LEN bytes read" 9625 9626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9627run_test "Large client packet TLS 1.3 AEAD" \ 9628 "$P_SRV" \ 9629 "$P_CLI request_size=16383 \ 9630 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 9631 0 \ 9632 -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ 9633 -s "Read from client: 16383 bytes read" 9634 9635requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9636run_test "Large client packet TLS 1.3 AEAD shorter tag" \ 9637 "$P_SRV" \ 9638 "$P_CLI request_size=16383 \ 9639 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 9640 0 \ 9641 -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ 9642 -s "Read from client: 16383 bytes read" 9643 9644# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. 9645run_test "Large server packet TLS 1.2 BlockCipher" \ 9646 "$P_SRV response_size=16384 force_version=tls12" \ 9647 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9648 0 \ 9649 -c "Read from server: 16384 bytes read" 9650 9651run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ 9652 "$P_SRV response_size=16384 force_version=tls12" \ 9653 "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 9654 0 \ 9655 -s "16384 bytes written in 1 fragments" \ 9656 -c "Read from server: 16384 bytes read" 9657 9658run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 9659 "$P_SRV response_size=16384 force_version=tls12" \ 9660 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 9661 0 \ 9662 -c "Read from server: 16384 bytes read" 9663 9664run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 9665 "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ 9666 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 9667 0 \ 9668 -s "16384 bytes written in 1 fragments" \ 9669 -c "Read from server: 16384 bytes read" 9670 9671run_test "Large server packet TLS 1.2 AEAD" \ 9672 "$P_SRV response_size=16384 force_version=tls12" \ 9673 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 9674 0 \ 9675 -c "Read from server: 16384 bytes read" 9676 9677run_test "Large server packet TLS 1.2 AEAD shorter tag" \ 9678 "$P_SRV response_size=16384 force_version=tls12" \ 9679 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 9680 0 \ 9681 -c "Read from server: 16384 bytes read" 9682 9683requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9684run_test "Large server packet TLS 1.3 AEAD" \ 9685 "$P_SRV response_size=16383" \ 9686 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 9687 0 \ 9688 -c "Read from server: 16383 bytes read" 9689 9690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9691run_test "Large server packet TLS 1.3 AEAD shorter tag" \ 9692 "$P_SRV response_size=16383" \ 9693 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 9694 0 \ 9695 -c "Read from server: 16383 bytes read" 9696 9697# Tests for restartable ECC 9698 9699# Force the use of a curve that supports restartable ECC (secp256r1). 9700 9701requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9702requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9703run_test "EC restart: TLS, default" \ 9704 "$P_SRV groups=secp256r1 auth_mode=required" \ 9705 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9706 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9707 debug_level=1" \ 9708 0 \ 9709 -C "x509_verify_cert.*4b00" \ 9710 -C "mbedtls_pk_verify.*4b00" \ 9711 -C "mbedtls_ecdh_make_public.*4b00" \ 9712 -C "mbedtls_pk_sign.*4b00" 9713 9714requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9715requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9716run_test "EC restart: TLS, max_ops=0" \ 9717 "$P_SRV groups=secp256r1 auth_mode=required" \ 9718 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9719 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9720 debug_level=1 ec_max_ops=0" \ 9721 0 \ 9722 -C "x509_verify_cert.*4b00" \ 9723 -C "mbedtls_pk_verify.*4b00" \ 9724 -C "mbedtls_ecdh_make_public.*4b00" \ 9725 -C "mbedtls_pk_sign.*4b00" 9726 9727requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9728requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9729run_test "EC restart: TLS, max_ops=65535" \ 9730 "$P_SRV groups=secp256r1 auth_mode=required" \ 9731 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9732 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9733 debug_level=1 ec_max_ops=65535" \ 9734 0 \ 9735 -C "x509_verify_cert.*4b00" \ 9736 -C "mbedtls_pk_verify.*4b00" \ 9737 -C "mbedtls_ecdh_make_public.*4b00" \ 9738 -C "mbedtls_pk_sign.*4b00" 9739 9740# With USE_PSA disabled we expect full restartable behaviour. 9741requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9742requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9743requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9744run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ 9745 "$P_SRV groups=secp256r1 auth_mode=required" \ 9746 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9747 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9748 debug_level=1 ec_max_ops=1000" \ 9749 0 \ 9750 -c "x509_verify_cert.*4b00" \ 9751 -c "mbedtls_pk_verify.*4b00" \ 9752 -c "mbedtls_ecdh_make_public.*4b00" \ 9753 -c "mbedtls_pk_sign.*4b00" 9754 9755# With USE_PSA enabled we expect only partial restartable behaviour: 9756# everything except ECDH (where TLS calls PSA directly). 9757requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9758requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9759requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9760run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ 9761 "$P_SRV groups=secp256r1 auth_mode=required" \ 9762 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9763 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9764 debug_level=1 ec_max_ops=1000" \ 9765 0 \ 9766 -c "x509_verify_cert.*4b00" \ 9767 -c "mbedtls_pk_verify.*4b00" \ 9768 -C "mbedtls_ecdh_make_public.*4b00" \ 9769 -c "mbedtls_pk_sign.*4b00" 9770 9771# This works the same with & without USE_PSA as we never get to ECDH: 9772# we abort as soon as we determined the cert is bad. 9773requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9774requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9775run_test "EC restart: TLS, max_ops=1000, badsign" \ 9776 "$P_SRV groups=secp256r1 auth_mode=required \ 9777 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 9778 key_file=$DATA_FILES_PATH/server5.key" \ 9779 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9780 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9781 debug_level=1 ec_max_ops=1000" \ 9782 1 \ 9783 -c "x509_verify_cert.*4b00" \ 9784 -C "mbedtls_pk_verify.*4b00" \ 9785 -C "mbedtls_ecdh_make_public.*4b00" \ 9786 -C "mbedtls_pk_sign.*4b00" \ 9787 -c "! The certificate is not correctly signed by the trusted CA" \ 9788 -c "! mbedtls_ssl_handshake returned" \ 9789 -c "X509 - Certificate verification failed" 9790 9791# With USE_PSA disabled we expect full restartable behaviour. 9792requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9793requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9794requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9795run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ 9796 "$P_SRV groups=secp256r1 auth_mode=required \ 9797 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 9798 key_file=$DATA_FILES_PATH/server5.key" \ 9799 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9800 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9801 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 9802 0 \ 9803 -c "x509_verify_cert.*4b00" \ 9804 -c "mbedtls_pk_verify.*4b00" \ 9805 -c "mbedtls_ecdh_make_public.*4b00" \ 9806 -c "mbedtls_pk_sign.*4b00" \ 9807 -c "! The certificate is not correctly signed by the trusted CA" \ 9808 -C "! mbedtls_ssl_handshake returned" \ 9809 -C "X509 - Certificate verification failed" 9810 9811# With USE_PSA enabled we expect only partial restartable behaviour: 9812# everything except ECDH (where TLS calls PSA directly). 9813requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9814requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9815requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9816run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ 9817 "$P_SRV groups=secp256r1 auth_mode=required \ 9818 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 9819 key_file=$DATA_FILES_PATH/server5.key" \ 9820 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9821 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9822 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 9823 0 \ 9824 -c "x509_verify_cert.*4b00" \ 9825 -c "mbedtls_pk_verify.*4b00" \ 9826 -C "mbedtls_ecdh_make_public.*4b00" \ 9827 -c "mbedtls_pk_sign.*4b00" \ 9828 -c "! The certificate is not correctly signed by the trusted CA" \ 9829 -C "! mbedtls_ssl_handshake returned" \ 9830 -C "X509 - Certificate verification failed" 9831 9832# With USE_PSA disabled we expect full restartable behaviour. 9833requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9834requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9835requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9836run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ 9837 "$P_SRV groups=secp256r1 auth_mode=required \ 9838 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 9839 key_file=$DATA_FILES_PATH/server5.key" \ 9840 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9841 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9842 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 9843 0 \ 9844 -C "x509_verify_cert.*4b00" \ 9845 -c "mbedtls_pk_verify.*4b00" \ 9846 -c "mbedtls_ecdh_make_public.*4b00" \ 9847 -c "mbedtls_pk_sign.*4b00" \ 9848 -C "! The certificate is not correctly signed by the trusted CA" \ 9849 -C "! mbedtls_ssl_handshake returned" \ 9850 -C "X509 - Certificate verification failed" 9851 9852# With USE_PSA enabled we expect only partial restartable behaviour: 9853# everything except ECDH (where TLS calls PSA directly). 9854requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9855requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9856requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9857run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ 9858 "$P_SRV groups=secp256r1 auth_mode=required \ 9859 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ 9860 key_file=$DATA_FILES_PATH/server5.key" \ 9861 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9862 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9863 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 9864 0 \ 9865 -C "x509_verify_cert.*4b00" \ 9866 -c "mbedtls_pk_verify.*4b00" \ 9867 -C "mbedtls_ecdh_make_public.*4b00" \ 9868 -c "mbedtls_pk_sign.*4b00" \ 9869 -C "! The certificate is not correctly signed by the trusted CA" \ 9870 -C "! mbedtls_ssl_handshake returned" \ 9871 -C "X509 - Certificate verification failed" 9872 9873# With USE_PSA disabled we expect full restartable behaviour. 9874requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9875requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9876requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9877run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ 9878 "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ 9879 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9880 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9881 dtls=1 debug_level=1 ec_max_ops=1000" \ 9882 0 \ 9883 -c "x509_verify_cert.*4b00" \ 9884 -c "mbedtls_pk_verify.*4b00" \ 9885 -c "mbedtls_ecdh_make_public.*4b00" \ 9886 -c "mbedtls_pk_sign.*4b00" 9887 9888# With USE_PSA enabled we expect only partial restartable behaviour: 9889# everything except ECDH (where TLS calls PSA directly). 9890requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9891requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9892requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9893run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ 9894 "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ 9895 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9896 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9897 dtls=1 debug_level=1 ec_max_ops=1000" \ 9898 0 \ 9899 -c "x509_verify_cert.*4b00" \ 9900 -c "mbedtls_pk_verify.*4b00" \ 9901 -C "mbedtls_ecdh_make_public.*4b00" \ 9902 -c "mbedtls_pk_sign.*4b00" 9903 9904# With USE_PSA disabled we expect full restartable behaviour. 9905requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9906requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9907requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9908run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ 9909 "$P_SRV groups=secp256r1" \ 9910 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9911 debug_level=1 ec_max_ops=1000" \ 9912 0 \ 9913 -c "x509_verify_cert.*4b00" \ 9914 -c "mbedtls_pk_verify.*4b00" \ 9915 -c "mbedtls_ecdh_make_public.*4b00" \ 9916 -C "mbedtls_pk_sign.*4b00" 9917 9918 9919# With USE_PSA enabled we expect only partial restartable behaviour: 9920# everything except ECDH (where TLS calls PSA directly). 9921requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9922requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9923requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 9924run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ 9925 "$P_SRV groups=secp256r1" \ 9926 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9927 debug_level=1 ec_max_ops=1000" \ 9928 0 \ 9929 -c "x509_verify_cert.*4b00" \ 9930 -c "mbedtls_pk_verify.*4b00" \ 9931 -C "mbedtls_ecdh_make_public.*4b00" \ 9932 -C "mbedtls_pk_sign.*4b00" 9933 9934# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no 9935# restartable behaviour at all (not even client auth). 9936# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, 9937# and all 4 assertions negated. 9938requires_config_enabled MBEDTLS_ECP_RESTARTABLE 9939requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 9940run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ 9941 "$P_SRV groups=secp256r1 auth_mode=required" \ 9942 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ 9943 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 9944 debug_level=1 ec_max_ops=1000" \ 9945 0 \ 9946 -C "x509_verify_cert.*4b00" \ 9947 -C "mbedtls_pk_verify.*4b00" \ 9948 -C "mbedtls_ecdh_make_public.*4b00" \ 9949 -C "mbedtls_pk_sign.*4b00" 9950 9951# Tests of asynchronous private key support in SSL 9952 9953requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 9954run_test "SSL async private: sign, delay=0" \ 9955 "$P_SRV force_version=tls12 \ 9956 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 9957 "$P_CLI" \ 9958 0 \ 9959 -s "Async sign callback: using key slot " \ 9960 -s "Async resume (slot [0-9]): sign done, status=0" 9961 9962requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 9963run_test "SSL async private: sign, delay=1" \ 9964 "$P_SRV force_version=tls12 \ 9965 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 9966 "$P_CLI" \ 9967 0 \ 9968 -s "Async sign callback: using key slot " \ 9969 -s "Async resume (slot [0-9]): call 0 more times." \ 9970 -s "Async resume (slot [0-9]): sign done, status=0" 9971 9972requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 9973run_test "SSL async private: sign, delay=2" \ 9974 "$P_SRV force_version=tls12 \ 9975 async_operations=s async_private_delay1=2 async_private_delay2=2" \ 9976 "$P_CLI" \ 9977 0 \ 9978 -s "Async sign callback: using key slot " \ 9979 -U "Async sign callback: using key slot " \ 9980 -s "Async resume (slot [0-9]): call 1 more times." \ 9981 -s "Async resume (slot [0-9]): call 0 more times." \ 9982 -s "Async resume (slot [0-9]): sign done, status=0" 9983 9984requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 9985requires_config_disabled MBEDTLS_X509_REMOVE_INFO 9986run_test "SSL async private: sign, SNI" \ 9987 "$P_SRV force_version=tls12 debug_level=3 \ 9988 async_operations=s async_private_delay1=0 async_private_delay2=0 \ 9989 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 9990 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 9991 "$P_CLI server_name=polarssl.example" \ 9992 0 \ 9993 -s "Async sign callback: using key slot " \ 9994 -s "Async resume (slot [0-9]): sign done, status=0" \ 9995 -s "parse ServerName extension" \ 9996 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 9997 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 9998 9999requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10000run_test "SSL async private: decrypt, delay=0" \ 10001 "$P_SRV \ 10002 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 10003 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10004 0 \ 10005 -s "Async decrypt callback: using key slot " \ 10006 -s "Async resume (slot [0-9]): decrypt done, status=0" 10007 10008requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10009run_test "SSL async private: decrypt, delay=1" \ 10010 "$P_SRV \ 10011 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 10012 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10013 0 \ 10014 -s "Async decrypt callback: using key slot " \ 10015 -s "Async resume (slot [0-9]): call 0 more times." \ 10016 -s "Async resume (slot [0-9]): decrypt done, status=0" 10017 10018requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10019run_test "SSL async private: decrypt RSA-PSK, delay=0" \ 10020 "$P_SRV psk=73776f726466697368 \ 10021 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 10022 "$P_CLI psk=73776f726466697368 \ 10023 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 10024 0 \ 10025 -s "Async decrypt callback: using key slot " \ 10026 -s "Async resume (slot [0-9]): decrypt done, status=0" 10027 10028requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10029run_test "SSL async private: decrypt RSA-PSK, delay=1" \ 10030 "$P_SRV psk=73776f726466697368 \ 10031 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 10032 "$P_CLI psk=73776f726466697368 \ 10033 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 10034 0 \ 10035 -s "Async decrypt callback: using key slot " \ 10036 -s "Async resume (slot [0-9]): call 0 more times." \ 10037 -s "Async resume (slot [0-9]): decrypt done, status=0" 10038 10039requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10040run_test "SSL async private: sign callback not present" \ 10041 "$P_SRV \ 10042 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 10043 "$P_CLI force_version=tls12; [ \$? -eq 1 ] && 10044 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10045 0 \ 10046 -S "Async sign callback" \ 10047 -s "! mbedtls_ssl_handshake returned" \ 10048 -s "The own private key or pre-shared key is not set, but needed" \ 10049 -s "Async resume (slot [0-9]): decrypt done, status=0" \ 10050 -s "Successful connection" 10051 10052requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10053run_test "SSL async private: decrypt callback not present" \ 10054 "$P_SRV debug_level=1 \ 10055 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 10056 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; 10057 [ \$? -eq 1 ] && $P_CLI force_version=tls12" \ 10058 0 \ 10059 -S "Async decrypt callback" \ 10060 -s "! mbedtls_ssl_handshake returned" \ 10061 -s "got no RSA private key" \ 10062 -s "Async resume (slot [0-9]): sign done, status=0" \ 10063 -s "Successful connection" 10064 10065# key1: ECDSA, key2: RSA; use key1 from slot 0 10066requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10067run_test "SSL async private: slot 0 used with key1" \ 10068 "$P_SRV \ 10069 async_operations=s async_private_delay1=1 \ 10070 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 10071 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ 10072 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 10073 0 \ 10074 -s "Async sign callback: using key slot 0," \ 10075 -s "Async resume (slot 0): call 0 more times." \ 10076 -s "Async resume (slot 0): sign done, status=0" 10077 10078# key1: ECDSA, key2: RSA; use key2 from slot 0 10079requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10080run_test "SSL async private: slot 0 used with key2" \ 10081 "$P_SRV \ 10082 async_operations=s async_private_delay2=1 \ 10083 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 10084 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ 10085 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 10086 0 \ 10087 -s "Async sign callback: using key slot 0," \ 10088 -s "Async resume (slot 0): call 0 more times." \ 10089 -s "Async resume (slot 0): sign done, status=0" 10090 10091# key1: ECDSA, key2: RSA; use key2 from slot 1 10092requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10093run_test "SSL async private: slot 1 used with key2" \ 10094 "$P_SRV \ 10095 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10096 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 10097 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ 10098 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 10099 0 \ 10100 -s "Async sign callback: using key slot 1," \ 10101 -s "Async resume (slot 1): call 0 more times." \ 10102 -s "Async resume (slot 1): sign done, status=0" 10103 10104# key1: ECDSA, key2: RSA; use key2 directly 10105requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10106run_test "SSL async private: fall back to transparent key" \ 10107 "$P_SRV \ 10108 async_operations=s async_private_delay1=1 \ 10109 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 10110 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt " \ 10111 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 10112 0 \ 10113 -s "Async sign callback: no key matches this certificate." 10114 10115requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10116run_test "SSL async private: sign, error in start" \ 10117 "$P_SRV force_version=tls12 \ 10118 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10119 async_private_error=1" \ 10120 "$P_CLI" \ 10121 1 \ 10122 -s "Async sign callback: injected error" \ 10123 -S "Async resume" \ 10124 -S "Async cancel" \ 10125 -s "! mbedtls_ssl_handshake returned" 10126 10127requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10128run_test "SSL async private: sign, cancel after start" \ 10129 "$P_SRV force_version=tls12 \ 10130 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10131 async_private_error=2" \ 10132 "$P_CLI" \ 10133 1 \ 10134 -s "Async sign callback: using key slot " \ 10135 -S "Async resume" \ 10136 -s "Async cancel" 10137 10138requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10139run_test "SSL async private: sign, error in resume" \ 10140 "$P_SRV force_version=tls12 \ 10141 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10142 async_private_error=3" \ 10143 "$P_CLI" \ 10144 1 \ 10145 -s "Async sign callback: using key slot " \ 10146 -s "Async resume callback: sign done but injected error" \ 10147 -S "Async cancel" \ 10148 -s "! mbedtls_ssl_handshake returned" 10149 10150requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10151run_test "SSL async private: decrypt, error in start" \ 10152 "$P_SRV \ 10153 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 10154 async_private_error=1" \ 10155 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10156 1 \ 10157 -s "Async decrypt callback: injected error" \ 10158 -S "Async resume" \ 10159 -S "Async cancel" \ 10160 -s "! mbedtls_ssl_handshake returned" 10161 10162requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10163run_test "SSL async private: decrypt, cancel after start" \ 10164 "$P_SRV \ 10165 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 10166 async_private_error=2" \ 10167 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10168 1 \ 10169 -s "Async decrypt callback: using key slot " \ 10170 -S "Async resume" \ 10171 -s "Async cancel" 10172 10173requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10174run_test "SSL async private: decrypt, error in resume" \ 10175 "$P_SRV \ 10176 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 10177 async_private_error=3" \ 10178 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10179 1 \ 10180 -s "Async decrypt callback: using key slot " \ 10181 -s "Async resume callback: decrypt done but injected error" \ 10182 -S "Async cancel" \ 10183 -s "! mbedtls_ssl_handshake returned" 10184 10185requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10186run_test "SSL async private: cancel after start then operate correctly" \ 10187 "$P_SRV force_version=tls12 \ 10188 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10189 async_private_error=-2" \ 10190 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 10191 0 \ 10192 -s "Async cancel" \ 10193 -s "! mbedtls_ssl_handshake returned" \ 10194 -s "Async resume" \ 10195 -s "Successful connection" 10196 10197requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10198run_test "SSL async private: error in resume then operate correctly" \ 10199 "$P_SRV force_version=tls12 \ 10200 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10201 async_private_error=-3" \ 10202 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 10203 0 \ 10204 -s "! mbedtls_ssl_handshake returned" \ 10205 -s "Async resume" \ 10206 -s "Successful connection" 10207 10208# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 10209requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10210# Note: the function "detect_required_features()" is not able to detect more than 10211# one "force_ciphersuite" per client/server and it only picks the 2nd one. 10212# Therefore the 1st one is added explicitly here 10213requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 10214run_test "SSL async private: cancel after start then fall back to transparent key" \ 10215 "$P_SRV \ 10216 async_operations=s async_private_delay1=1 async_private_error=-2 \ 10217 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 10218 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ 10219 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 10220 [ \$? -eq 1 ] && 10221 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 10222 0 \ 10223 -s "Async sign callback: using key slot 0" \ 10224 -S "Async resume" \ 10225 -s "Async cancel" \ 10226 -s "! mbedtls_ssl_handshake returned" \ 10227 -s "Async sign callback: no key matches this certificate." \ 10228 -s "Successful connection" 10229 10230# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 10231requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10232# Note: the function "detect_required_features()" is not able to detect more than 10233# one "force_ciphersuite" per client/server and it only picks the 2nd one. 10234# Therefore the 1st one is added explicitly here 10235requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 10236run_test "SSL async private: sign, error in resume then fall back to transparent key" \ 10237 "$P_SRV \ 10238 async_operations=s async_private_delay1=1 async_private_error=-3 \ 10239 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ 10240 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ 10241 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 10242 [ \$? -eq 1 ] && 10243 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 10244 0 \ 10245 -s "Async resume" \ 10246 -s "! mbedtls_ssl_handshake returned" \ 10247 -s "Async sign callback: no key matches this certificate." \ 10248 -s "Successful connection" 10249 10250requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10251requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 10252run_test "SSL async private: renegotiation: client-initiated, sign" \ 10253 "$P_SRV force_version=tls12 \ 10254 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10255 exchanges=2 renegotiation=1" \ 10256 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ 10257 0 \ 10258 -s "Async sign callback: using key slot " \ 10259 -s "Async resume (slot [0-9]): sign done, status=0" 10260 10261requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10262requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 10263run_test "SSL async private: renegotiation: server-initiated, sign" \ 10264 "$P_SRV force_version=tls12 \ 10265 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 10266 exchanges=2 renegotiation=1 renegotiate=1" \ 10267 "$P_CLI exchanges=2 renegotiation=1" \ 10268 0 \ 10269 -s "Async sign callback: using key slot " \ 10270 -s "Async resume (slot [0-9]): sign done, status=0" 10271 10272requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10273requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 10274run_test "SSL async private: renegotiation: client-initiated, decrypt" \ 10275 "$P_SRV \ 10276 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 10277 exchanges=2 renegotiation=1" \ 10278 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ 10279 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10280 0 \ 10281 -s "Async decrypt callback: using key slot " \ 10282 -s "Async resume (slot [0-9]): decrypt done, status=0" 10283 10284requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 10285requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 10286run_test "SSL async private: renegotiation: server-initiated, decrypt" \ 10287 "$P_SRV \ 10288 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 10289 exchanges=2 renegotiation=1 renegotiate=1" \ 10290 "$P_CLI exchanges=2 renegotiation=1 \ 10291 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 10292 0 \ 10293 -s "Async decrypt callback: using key slot " \ 10294 -s "Async resume (slot [0-9]): decrypt done, status=0" 10295 10296# Tests for ECC extensions (rfc 4492) 10297 10298requires_hash_alg SHA_256 10299requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 10300run_test "Force a non ECC ciphersuite in the client side" \ 10301 "$P_SRV debug_level=3" \ 10302 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 10303 0 \ 10304 -C "client hello, adding supported_groups extension" \ 10305 -C "client hello, adding supported_point_formats extension" \ 10306 -S "found supported elliptic curves extension" \ 10307 -S "found supported point formats extension" 10308 10309requires_hash_alg SHA_256 10310requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 10311run_test "Force a non ECC ciphersuite in the server side" \ 10312 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 10313 "$P_CLI debug_level=3" \ 10314 0 \ 10315 -C "found supported_point_formats extension" \ 10316 -S "server hello, supported_point_formats extension" 10317 10318requires_hash_alg SHA_256 10319run_test "Force an ECC ciphersuite in the client side" \ 10320 "$P_SRV debug_level=3" \ 10321 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 10322 0 \ 10323 -c "client hello, adding supported_groups extension" \ 10324 -c "client hello, adding supported_point_formats extension" \ 10325 -s "found supported elliptic curves extension" \ 10326 -s "found supported point formats extension" 10327 10328requires_hash_alg SHA_256 10329run_test "Force an ECC ciphersuite in the server side" \ 10330 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 10331 "$P_CLI debug_level=3" \ 10332 0 \ 10333 -c "found supported_point_formats extension" \ 10334 -s "server hello, supported_point_formats extension" 10335 10336# Tests for DTLS HelloVerifyRequest 10337 10338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10339run_test "DTLS cookie: enabled" \ 10340 "$P_SRV dtls=1 debug_level=2" \ 10341 "$P_CLI dtls=1 debug_level=2" \ 10342 0 \ 10343 -s "cookie verification failed" \ 10344 -s "cookie verification passed" \ 10345 -S "cookie verification skipped" \ 10346 -c "received hello verify request" \ 10347 -s "hello verification requested" \ 10348 -S "SSL - The requested feature is not available" 10349 10350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10351run_test "DTLS cookie: disabled" \ 10352 "$P_SRV dtls=1 debug_level=2 cookies=0" \ 10353 "$P_CLI dtls=1 debug_level=2" \ 10354 0 \ 10355 -S "cookie verification failed" \ 10356 -S "cookie verification passed" \ 10357 -s "cookie verification skipped" \ 10358 -C "received hello verify request" \ 10359 -S "hello verification requested" \ 10360 -S "SSL - The requested feature is not available" 10361 10362requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10363run_test "DTLS cookie: default (failing)" \ 10364 "$P_SRV dtls=1 debug_level=2 cookies=-1" \ 10365 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ 10366 1 \ 10367 -s "cookie verification failed" \ 10368 -S "cookie verification passed" \ 10369 -S "cookie verification skipped" \ 10370 -C "received hello verify request" \ 10371 -S "hello verification requested" \ 10372 -s "SSL - The requested feature is not available" 10373 10374requires_ipv6 10375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10376run_test "DTLS cookie: enabled, IPv6" \ 10377 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ 10378 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ 10379 0 \ 10380 -s "cookie verification failed" \ 10381 -s "cookie verification passed" \ 10382 -S "cookie verification skipped" \ 10383 -c "received hello verify request" \ 10384 -s "hello verification requested" \ 10385 -S "SSL - The requested feature is not available" 10386 10387requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10388run_test "DTLS cookie: enabled, nbio" \ 10389 "$P_SRV dtls=1 nbio=2 debug_level=2" \ 10390 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 10391 0 \ 10392 -s "cookie verification failed" \ 10393 -s "cookie verification passed" \ 10394 -S "cookie verification skipped" \ 10395 -c "received hello verify request" \ 10396 -s "hello verification requested" \ 10397 -S "SSL - The requested feature is not available" 10398 10399# Tests for client reconnecting from the same port with DTLS 10400 10401not_with_valgrind # spurious resend 10402requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10403run_test "DTLS client reconnect from same port: reference" \ 10404 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 10405 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ 10406 0 \ 10407 -C "resend" \ 10408 -S "The operation timed out" \ 10409 -S "Client initiated reconnection from same port" 10410 10411not_with_valgrind # spurious resend 10412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10413run_test "DTLS client reconnect from same port: reconnect" \ 10414 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 10415 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ 10416 0 \ 10417 -C "resend" \ 10418 -S "The operation timed out" \ 10419 -s "Client initiated reconnection from same port" 10420 10421not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) 10422requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10423run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ 10424 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ 10425 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 10426 0 \ 10427 -S "The operation timed out" \ 10428 -s "Client initiated reconnection from same port" 10429 10430only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout 10431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10432run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ 10433 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ 10434 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ 10435 0 \ 10436 -S "The operation timed out" \ 10437 -s "Client initiated reconnection from same port" 10438 10439requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10440run_test "DTLS client reconnect from same port: no cookies" \ 10441 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ 10442 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ 10443 0 \ 10444 -s "The operation timed out" \ 10445 -S "Client initiated reconnection from same port" 10446 10447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10448run_test "DTLS client reconnect from same port: attacker-injected" \ 10449 -p "$P_PXY inject_clihlo=1" \ 10450 "$P_SRV dtls=1 exchanges=2 debug_level=1" \ 10451 "$P_CLI dtls=1 exchanges=2" \ 10452 0 \ 10453 -s "possible client reconnect from the same port" \ 10454 -S "Client initiated reconnection from same port" 10455 10456# Tests for various cases of client authentication with DTLS 10457# (focused on handshake flows and message parsing) 10458 10459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10460run_test "DTLS client auth: required" \ 10461 "$P_SRV dtls=1 auth_mode=required" \ 10462 "$P_CLI dtls=1" \ 10463 0 \ 10464 -s "Verifying peer X.509 certificate... ok" 10465 10466requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10467run_test "DTLS client auth: optional, client has no cert" \ 10468 "$P_SRV dtls=1 auth_mode=optional" \ 10469 "$P_CLI dtls=1 crt_file=none key_file=none" \ 10470 0 \ 10471 -s "! Certificate was missing" 10472 10473requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10474run_test "DTLS client auth: none, client has no cert" \ 10475 "$P_SRV dtls=1 auth_mode=none" \ 10476 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ 10477 0 \ 10478 -c "skip write certificate$" \ 10479 -s "! Certificate verification was skipped" 10480 10481run_test "DTLS wrong PSK: badmac alert" \ 10482 "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ 10483 "$P_CLI dtls=1 psk=73776f726466697374" \ 10484 1 \ 10485 -s "SSL - Verification of the message MAC failed" \ 10486 -c "SSL - A fatal alert message was received from our peer" 10487 10488# Tests for receiving fragmented handshake messages with DTLS 10489 10490requires_gnutls 10491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10492run_test "DTLS reassembly: no fragmentation (gnutls server)" \ 10493 "$G_SRV -u --mtu 2048 -a" \ 10494 "$P_CLI dtls=1 debug_level=2" \ 10495 0 \ 10496 -C "found fragmented DTLS handshake message" \ 10497 -C "error" 10498 10499requires_gnutls 10500requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10501run_test "DTLS reassembly: some fragmentation (gnutls server)" \ 10502 "$G_SRV -u --mtu 512" \ 10503 "$P_CLI dtls=1 debug_level=2" \ 10504 0 \ 10505 -c "found fragmented DTLS handshake message" \ 10506 -C "error" 10507 10508requires_gnutls 10509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10510run_test "DTLS reassembly: more fragmentation (gnutls server)" \ 10511 "$G_SRV -u --mtu 128" \ 10512 "$P_CLI dtls=1 debug_level=2" \ 10513 0 \ 10514 -c "found fragmented DTLS handshake message" \ 10515 -C "error" 10516 10517requires_gnutls 10518requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10519run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ 10520 "$G_SRV -u --mtu 128" \ 10521 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 10522 0 \ 10523 -c "found fragmented DTLS handshake message" \ 10524 -C "error" 10525 10526requires_gnutls 10527requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 10528requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10529run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ 10530 "$G_SRV -u --mtu 256" \ 10531 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 10532 0 \ 10533 -c "found fragmented DTLS handshake message" \ 10534 -c "client hello, adding renegotiation extension" \ 10535 -c "found renegotiation extension" \ 10536 -c "=> renegotiate" \ 10537 -C "mbedtls_ssl_handshake returned" \ 10538 -C "error" \ 10539 -s "Extra-header:" 10540 10541requires_gnutls 10542requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 10543requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10544run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ 10545 "$G_SRV -u --mtu 256" \ 10546 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 10547 0 \ 10548 -c "found fragmented DTLS handshake message" \ 10549 -c "client hello, adding renegotiation extension" \ 10550 -c "found renegotiation extension" \ 10551 -c "=> renegotiate" \ 10552 -C "mbedtls_ssl_handshake returned" \ 10553 -C "error" \ 10554 -s "Extra-header:" 10555 10556requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10557run_test "DTLS reassembly: no fragmentation (openssl server)" \ 10558 "$O_SRV -dtls -mtu 2048" \ 10559 "$P_CLI dtls=1 debug_level=2" \ 10560 0 \ 10561 -C "found fragmented DTLS handshake message" \ 10562 -C "error" 10563 10564requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10565run_test "DTLS reassembly: some fragmentation (openssl server)" \ 10566 "$O_SRV -dtls -mtu 256" \ 10567 "$P_CLI dtls=1 debug_level=2" \ 10568 0 \ 10569 -c "found fragmented DTLS handshake message" \ 10570 -C "error" 10571 10572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10573run_test "DTLS reassembly: more fragmentation (openssl server)" \ 10574 "$O_SRV -dtls -mtu 256" \ 10575 "$P_CLI dtls=1 debug_level=2" \ 10576 0 \ 10577 -c "found fragmented DTLS handshake message" \ 10578 -C "error" 10579 10580requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10581run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ 10582 "$O_SRV -dtls -mtu 256" \ 10583 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 10584 0 \ 10585 -c "found fragmented DTLS handshake message" \ 10586 -C "error" 10587 10588# Tests for sending fragmented handshake messages with DTLS 10589# 10590# Use client auth when we need the client to send large messages, 10591# and use large cert chains on both sides too (the long chains we have all use 10592# both RSA and ECDSA, but ideally we should have long chains with either). 10593# Sizes reached (UDP payload): 10594# - 2037B for server certificate 10595# - 1542B for client certificate 10596# - 1013B for newsessionticket 10597# - all others below 512B 10598# All those tests assume MAX_CONTENT_LEN is at least 2048 10599 10600requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10601requires_config_enabled MBEDTLS_RSA_C 10602requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10603requires_max_content_len 4096 10604requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10605run_test "DTLS fragmenting: none (for reference)" \ 10606 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10607 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10608 key_file=$DATA_FILES_PATH/server7.key \ 10609 hs_timeout=2500-60000 \ 10610 max_frag_len=4096" \ 10611 "$P_CLI dtls=1 debug_level=2 \ 10612 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10613 key_file=$DATA_FILES_PATH/server8.key \ 10614 hs_timeout=2500-60000 \ 10615 max_frag_len=4096" \ 10616 0 \ 10617 -S "found fragmented DTLS handshake message" \ 10618 -C "found fragmented DTLS handshake message" \ 10619 -C "error" 10620 10621requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10622requires_config_enabled MBEDTLS_RSA_C 10623requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10624requires_max_content_len 2048 10625requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10626run_test "DTLS fragmenting: server only (max_frag_len)" \ 10627 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10628 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10629 key_file=$DATA_FILES_PATH/server7.key \ 10630 hs_timeout=2500-60000 \ 10631 max_frag_len=1024" \ 10632 "$P_CLI dtls=1 debug_level=2 \ 10633 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10634 key_file=$DATA_FILES_PATH/server8.key \ 10635 hs_timeout=2500-60000 \ 10636 max_frag_len=2048" \ 10637 0 \ 10638 -S "found fragmented DTLS handshake message" \ 10639 -c "found fragmented DTLS handshake message" \ 10640 -C "error" 10641 10642# With the MFL extension, the server has no way of forcing 10643# the client to not exceed a certain MTU; hence, the following 10644# test can't be replicated with an MTU proxy such as the one 10645# `client-initiated, server only (max_frag_len)` below. 10646requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10647requires_config_enabled MBEDTLS_RSA_C 10648requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10649requires_max_content_len 4096 10650requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10651run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ 10652 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10653 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10654 key_file=$DATA_FILES_PATH/server7.key \ 10655 hs_timeout=2500-60000 \ 10656 max_frag_len=512" \ 10657 "$P_CLI dtls=1 debug_level=2 \ 10658 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10659 key_file=$DATA_FILES_PATH/server8.key \ 10660 hs_timeout=2500-60000 \ 10661 max_frag_len=4096" \ 10662 0 \ 10663 -S "found fragmented DTLS handshake message" \ 10664 -c "found fragmented DTLS handshake message" \ 10665 -C "error" 10666 10667requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10668requires_config_enabled MBEDTLS_RSA_C 10669requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10670requires_max_content_len 2048 10671requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10672run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ 10673 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 10674 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10675 key_file=$DATA_FILES_PATH/server7.key \ 10676 hs_timeout=2500-60000 \ 10677 max_frag_len=2048" \ 10678 "$P_CLI dtls=1 debug_level=2 \ 10679 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10680 key_file=$DATA_FILES_PATH/server8.key \ 10681 hs_timeout=2500-60000 \ 10682 max_frag_len=1024" \ 10683 0 \ 10684 -S "found fragmented DTLS handshake message" \ 10685 -c "found fragmented DTLS handshake message" \ 10686 -C "error" 10687 10688# While not required by the standard defining the MFL extension 10689# (according to which it only applies to records, not to datagrams), 10690# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 10691# as otherwise there wouldn't be any means to communicate MTU restrictions 10692# to the peer. 10693# The next test checks that no datagrams significantly larger than the 10694# negotiated MFL are sent. 10695requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10696requires_config_enabled MBEDTLS_RSA_C 10697requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10698requires_max_content_len 2048 10699requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10700run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ 10701 -p "$P_PXY mtu=1110" \ 10702 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 10703 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10704 key_file=$DATA_FILES_PATH/server7.key \ 10705 hs_timeout=2500-60000 \ 10706 max_frag_len=2048" \ 10707 "$P_CLI dtls=1 debug_level=2 \ 10708 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10709 key_file=$DATA_FILES_PATH/server8.key \ 10710 hs_timeout=2500-60000 \ 10711 max_frag_len=1024" \ 10712 0 \ 10713 -S "found fragmented DTLS handshake message" \ 10714 -c "found fragmented DTLS handshake message" \ 10715 -C "error" 10716 10717requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10718requires_config_enabled MBEDTLS_RSA_C 10719requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10720requires_max_content_len 2048 10721requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10722run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ 10723 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10724 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10725 key_file=$DATA_FILES_PATH/server7.key \ 10726 hs_timeout=2500-60000 \ 10727 max_frag_len=2048" \ 10728 "$P_CLI dtls=1 debug_level=2 \ 10729 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10730 key_file=$DATA_FILES_PATH/server8.key \ 10731 hs_timeout=2500-60000 \ 10732 max_frag_len=1024" \ 10733 0 \ 10734 -s "found fragmented DTLS handshake message" \ 10735 -c "found fragmented DTLS handshake message" \ 10736 -C "error" 10737 10738# While not required by the standard defining the MFL extension 10739# (according to which it only applies to records, not to datagrams), 10740# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 10741# as otherwise there wouldn't be any means to communicate MTU restrictions 10742# to the peer. 10743# The next test checks that no datagrams significantly larger than the 10744# negotiated MFL are sent. 10745requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10746requires_config_enabled MBEDTLS_RSA_C 10747requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 10748requires_max_content_len 2048 10749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10750run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ 10751 -p "$P_PXY mtu=1110" \ 10752 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10753 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10754 key_file=$DATA_FILES_PATH/server7.key \ 10755 hs_timeout=2500-60000 \ 10756 max_frag_len=2048" \ 10757 "$P_CLI dtls=1 debug_level=2 \ 10758 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10759 key_file=$DATA_FILES_PATH/server8.key \ 10760 hs_timeout=2500-60000 \ 10761 max_frag_len=1024" \ 10762 0 \ 10763 -s "found fragmented DTLS handshake message" \ 10764 -c "found fragmented DTLS handshake message" \ 10765 -C "error" 10766 10767requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10768requires_config_enabled MBEDTLS_RSA_C 10769requires_max_content_len 4096 10770requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10771run_test "DTLS fragmenting: none (for reference) (MTU)" \ 10772 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10773 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10774 key_file=$DATA_FILES_PATH/server7.key \ 10775 hs_timeout=2500-60000 \ 10776 mtu=4096" \ 10777 "$P_CLI dtls=1 debug_level=2 \ 10778 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10779 key_file=$DATA_FILES_PATH/server8.key \ 10780 hs_timeout=2500-60000 \ 10781 mtu=4096" \ 10782 0 \ 10783 -S "found fragmented DTLS handshake message" \ 10784 -C "found fragmented DTLS handshake message" \ 10785 -C "error" 10786 10787requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10788requires_config_enabled MBEDTLS_RSA_C 10789requires_max_content_len 4096 10790requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10791run_test "DTLS fragmenting: client (MTU)" \ 10792 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10793 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10794 key_file=$DATA_FILES_PATH/server7.key \ 10795 hs_timeout=3500-60000 \ 10796 mtu=4096" \ 10797 "$P_CLI dtls=1 debug_level=2 \ 10798 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10799 key_file=$DATA_FILES_PATH/server8.key \ 10800 hs_timeout=3500-60000 \ 10801 mtu=1024" \ 10802 0 \ 10803 -s "found fragmented DTLS handshake message" \ 10804 -C "found fragmented DTLS handshake message" \ 10805 -C "error" 10806 10807requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10808requires_config_enabled MBEDTLS_RSA_C 10809requires_max_content_len 2048 10810requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10811run_test "DTLS fragmenting: server (MTU)" \ 10812 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10813 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10814 key_file=$DATA_FILES_PATH/server7.key \ 10815 hs_timeout=2500-60000 \ 10816 mtu=512" \ 10817 "$P_CLI dtls=1 debug_level=2 \ 10818 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10819 key_file=$DATA_FILES_PATH/server8.key \ 10820 hs_timeout=2500-60000 \ 10821 mtu=2048" \ 10822 0 \ 10823 -S "found fragmented DTLS handshake message" \ 10824 -c "found fragmented DTLS handshake message" \ 10825 -C "error" 10826 10827requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10828requires_config_enabled MBEDTLS_RSA_C 10829requires_max_content_len 2048 10830requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10831run_test "DTLS fragmenting: both (MTU=1024)" \ 10832 -p "$P_PXY mtu=1024" \ 10833 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10834 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10835 key_file=$DATA_FILES_PATH/server7.key \ 10836 hs_timeout=2500-60000 \ 10837 mtu=1024" \ 10838 "$P_CLI dtls=1 debug_level=2 \ 10839 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10840 key_file=$DATA_FILES_PATH/server8.key \ 10841 hs_timeout=2500-60000 \ 10842 mtu=1024" \ 10843 0 \ 10844 -s "found fragmented DTLS handshake message" \ 10845 -c "found fragmented DTLS handshake message" \ 10846 -C "error" 10847 10848# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 10849requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10850requires_config_enabled MBEDTLS_RSA_C 10851requires_hash_alg SHA_256 10852requires_max_content_len 2048 10853run_test "DTLS fragmenting: both (MTU=512)" \ 10854 -p "$P_PXY mtu=512" \ 10855 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10856 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10857 key_file=$DATA_FILES_PATH/server7.key \ 10858 hs_timeout=2500-60000 \ 10859 mtu=512" \ 10860 "$P_CLI dtls=1 debug_level=2 \ 10861 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10862 key_file=$DATA_FILES_PATH/server8.key \ 10863 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 10864 hs_timeout=2500-60000 \ 10865 mtu=512" \ 10866 0 \ 10867 -s "found fragmented DTLS handshake message" \ 10868 -c "found fragmented DTLS handshake message" \ 10869 -C "error" 10870 10871# Test for automatic MTU reduction on repeated resend. 10872# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 10873# The ratio of max/min timeout should ideally equal 4 to accept two 10874# retransmissions, but in some cases (like both the server and client using 10875# fragmentation and auto-reduction) an extra retransmission might occur, 10876# hence the ratio of 8. 10877not_with_valgrind 10878requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10879requires_config_enabled MBEDTLS_RSA_C 10880requires_max_content_len 2048 10881run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ 10882 -p "$P_PXY mtu=508" \ 10883 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10884 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10885 key_file=$DATA_FILES_PATH/server7.key \ 10886 hs_timeout=400-3200" \ 10887 "$P_CLI dtls=1 debug_level=2 \ 10888 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10889 key_file=$DATA_FILES_PATH/server8.key \ 10890 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 10891 hs_timeout=400-3200" \ 10892 0 \ 10893 -s "found fragmented DTLS handshake message" \ 10894 -c "found fragmented DTLS handshake message" \ 10895 -C "error" 10896 10897# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 10898only_with_valgrind 10899requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10900requires_config_enabled MBEDTLS_RSA_C 10901requires_max_content_len 2048 10902run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ 10903 -p "$P_PXY mtu=508" \ 10904 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10905 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10906 key_file=$DATA_FILES_PATH/server7.key \ 10907 hs_timeout=250-10000" \ 10908 "$P_CLI dtls=1 debug_level=2 \ 10909 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10910 key_file=$DATA_FILES_PATH/server8.key \ 10911 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 10912 hs_timeout=250-10000" \ 10913 0 \ 10914 -s "found fragmented DTLS handshake message" \ 10915 -c "found fragmented DTLS handshake message" \ 10916 -C "error" 10917 10918# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 10919# OTOH the client might resend if the server is to slow to reset after sending 10920# a HelloVerifyRequest, so only check for no retransmission server-side 10921not_with_valgrind # spurious autoreduction due to timeout 10922requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10923requires_config_enabled MBEDTLS_RSA_C 10924requires_max_content_len 2048 10925requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10926run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ 10927 -p "$P_PXY mtu=1024" \ 10928 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10929 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10930 key_file=$DATA_FILES_PATH/server7.key \ 10931 hs_timeout=10000-60000 \ 10932 mtu=1024" \ 10933 "$P_CLI dtls=1 debug_level=2 \ 10934 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10935 key_file=$DATA_FILES_PATH/server8.key \ 10936 hs_timeout=10000-60000 \ 10937 mtu=1024" \ 10938 0 \ 10939 -S "autoreduction" \ 10940 -s "found fragmented DTLS handshake message" \ 10941 -c "found fragmented DTLS handshake message" \ 10942 -C "error" 10943 10944# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 10945# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 10946# OTOH the client might resend if the server is to slow to reset after sending 10947# a HelloVerifyRequest, so only check for no retransmission server-side 10948not_with_valgrind # spurious autoreduction due to timeout 10949requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10950requires_config_enabled MBEDTLS_RSA_C 10951requires_max_content_len 2048 10952run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ 10953 -p "$P_PXY mtu=512" \ 10954 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10955 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10956 key_file=$DATA_FILES_PATH/server7.key \ 10957 hs_timeout=10000-60000 \ 10958 mtu=512" \ 10959 "$P_CLI dtls=1 debug_level=2 \ 10960 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10961 key_file=$DATA_FILES_PATH/server8.key \ 10962 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 10963 hs_timeout=10000-60000 \ 10964 mtu=512" \ 10965 0 \ 10966 -S "autoreduction" \ 10967 -s "found fragmented DTLS handshake message" \ 10968 -c "found fragmented DTLS handshake message" \ 10969 -C "error" 10970 10971not_with_valgrind # spurious autoreduction due to timeout 10972requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10973requires_config_enabled MBEDTLS_RSA_C 10974requires_max_content_len 2048 10975requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10976run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ 10977 -p "$P_PXY mtu=1024" \ 10978 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 10979 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 10980 key_file=$DATA_FILES_PATH/server7.key \ 10981 hs_timeout=10000-60000 \ 10982 mtu=1024 nbio=2" \ 10983 "$P_CLI dtls=1 debug_level=2 \ 10984 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 10985 key_file=$DATA_FILES_PATH/server8.key \ 10986 hs_timeout=10000-60000 \ 10987 mtu=1024 nbio=2" \ 10988 0 \ 10989 -S "autoreduction" \ 10990 -s "found fragmented DTLS handshake message" \ 10991 -c "found fragmented DTLS handshake message" \ 10992 -C "error" 10993 10994# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 10995not_with_valgrind # spurious autoreduction due to timeout 10996requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10997requires_config_enabled MBEDTLS_RSA_C 10998requires_max_content_len 2048 10999run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ 11000 -p "$P_PXY mtu=512" \ 11001 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11002 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11003 key_file=$DATA_FILES_PATH/server7.key \ 11004 hs_timeout=10000-60000 \ 11005 mtu=512 nbio=2" \ 11006 "$P_CLI dtls=1 debug_level=2 \ 11007 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11008 key_file=$DATA_FILES_PATH/server8.key \ 11009 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 11010 hs_timeout=10000-60000 \ 11011 mtu=512 nbio=2" \ 11012 0 \ 11013 -S "autoreduction" \ 11014 -s "found fragmented DTLS handshake message" \ 11015 -c "found fragmented DTLS handshake message" \ 11016 -C "error" 11017 11018# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. 11019# This ensures things still work after session_reset(). 11020# It also exercises the "resumed handshake" flow. 11021# Since we don't support reading fragmented ClientHello yet, 11022# up the MTU to 1450 (larger than ClientHello with session ticket, 11023# but still smaller than client's Certificate to ensure fragmentation). 11024# An autoreduction on the client-side might happen if the server is 11025# slow to reset, therefore omitting '-C "autoreduction"' below. 11026# reco_delay avoids races where the client reconnects before the server has 11027# resumed listening, which would result in a spurious autoreduction. 11028not_with_valgrind # spurious autoreduction due to timeout 11029requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11030requires_config_enabled MBEDTLS_RSA_C 11031requires_max_content_len 2048 11032run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ 11033 -p "$P_PXY mtu=1450" \ 11034 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11035 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11036 key_file=$DATA_FILES_PATH/server7.key \ 11037 hs_timeout=10000-60000 \ 11038 mtu=1450" \ 11039 "$P_CLI dtls=1 debug_level=2 \ 11040 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11041 key_file=$DATA_FILES_PATH/server8.key \ 11042 hs_timeout=10000-60000 \ 11043 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 11044 mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \ 11045 0 \ 11046 -S "autoreduction" \ 11047 -s "found fragmented DTLS handshake message" \ 11048 -c "found fragmented DTLS handshake message" \ 11049 -C "error" 11050 11051# An autoreduction on the client-side might happen if the server is 11052# slow to reset, therefore omitting '-C "autoreduction"' below. 11053not_with_valgrind # spurious autoreduction due to timeout 11054requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11055requires_config_enabled MBEDTLS_RSA_C 11056requires_hash_alg SHA_256 11057requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11058requires_max_content_len 2048 11059run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ 11060 -p "$P_PXY mtu=512" \ 11061 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11062 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11063 key_file=$DATA_FILES_PATH/server7.key \ 11064 exchanges=2 renegotiation=1 \ 11065 hs_timeout=10000-60000 \ 11066 mtu=512" \ 11067 "$P_CLI dtls=1 debug_level=2 \ 11068 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11069 key_file=$DATA_FILES_PATH/server8.key \ 11070 exchanges=2 renegotiation=1 renegotiate=1 \ 11071 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ 11072 hs_timeout=10000-60000 \ 11073 mtu=512" \ 11074 0 \ 11075 -S "autoreduction" \ 11076 -s "found fragmented DTLS handshake message" \ 11077 -c "found fragmented DTLS handshake message" \ 11078 -C "error" 11079 11080# An autoreduction on the client-side might happen if the server is 11081# slow to reset, therefore omitting '-C "autoreduction"' below. 11082not_with_valgrind # spurious autoreduction due to timeout 11083requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11084requires_config_enabled MBEDTLS_RSA_C 11085requires_hash_alg SHA_256 11086requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11087requires_max_content_len 2048 11088run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ 11089 -p "$P_PXY mtu=512" \ 11090 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11091 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11092 key_file=$DATA_FILES_PATH/server7.key \ 11093 exchanges=2 renegotiation=1 \ 11094 hs_timeout=10000-60000 \ 11095 mtu=512" \ 11096 "$P_CLI dtls=1 debug_level=2 \ 11097 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11098 key_file=$DATA_FILES_PATH/server8.key \ 11099 exchanges=2 renegotiation=1 renegotiate=1 \ 11100 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 11101 hs_timeout=10000-60000 \ 11102 mtu=512" \ 11103 0 \ 11104 -S "autoreduction" \ 11105 -s "found fragmented DTLS handshake message" \ 11106 -c "found fragmented DTLS handshake message" \ 11107 -C "error" 11108 11109# An autoreduction on the client-side might happen if the server is 11110# slow to reset, therefore omitting '-C "autoreduction"' below. 11111not_with_valgrind # spurious autoreduction due to timeout 11112requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11113requires_config_enabled MBEDTLS_RSA_C 11114requires_hash_alg SHA_256 11115requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11116requires_max_content_len 2048 11117run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ 11118 -p "$P_PXY mtu=1024" \ 11119 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11120 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11121 key_file=$DATA_FILES_PATH/server7.key \ 11122 exchanges=2 renegotiation=1 \ 11123 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 11124 hs_timeout=10000-60000 \ 11125 mtu=1024" \ 11126 "$P_CLI dtls=1 debug_level=2 \ 11127 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11128 key_file=$DATA_FILES_PATH/server8.key \ 11129 exchanges=2 renegotiation=1 renegotiate=1 \ 11130 hs_timeout=10000-60000 \ 11131 mtu=1024" \ 11132 0 \ 11133 -S "autoreduction" \ 11134 -s "found fragmented DTLS handshake message" \ 11135 -c "found fragmented DTLS handshake message" \ 11136 -C "error" 11137 11138# An autoreduction on the client-side might happen if the server is 11139# slow to reset, therefore omitting '-C "autoreduction"' below. 11140not_with_valgrind # spurious autoreduction due to timeout 11141requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11142requires_config_enabled MBEDTLS_RSA_C 11143requires_hash_alg SHA_256 11144requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11145requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC 11146requires_max_content_len 2048 11147run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ 11148 -p "$P_PXY mtu=1024" \ 11149 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11150 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11151 key_file=$DATA_FILES_PATH/server7.key \ 11152 exchanges=2 renegotiation=1 \ 11153 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 11154 hs_timeout=10000-60000 \ 11155 mtu=1024" \ 11156 "$P_CLI dtls=1 debug_level=2 \ 11157 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11158 key_file=$DATA_FILES_PATH/server8.key \ 11159 exchanges=2 renegotiation=1 renegotiate=1 \ 11160 hs_timeout=10000-60000 \ 11161 mtu=1024" \ 11162 0 \ 11163 -S "autoreduction" \ 11164 -s "found fragmented DTLS handshake message" \ 11165 -c "found fragmented DTLS handshake message" \ 11166 -C "error" 11167 11168# An autoreduction on the client-side might happen if the server is 11169# slow to reset, therefore omitting '-C "autoreduction"' below. 11170not_with_valgrind # spurious autoreduction due to timeout 11171requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11172requires_config_enabled MBEDTLS_RSA_C 11173requires_hash_alg SHA_256 11174requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11175requires_max_content_len 2048 11176run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ 11177 -p "$P_PXY mtu=1024" \ 11178 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11179 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11180 key_file=$DATA_FILES_PATH/server7.key \ 11181 exchanges=2 renegotiation=1 \ 11182 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ 11183 hs_timeout=10000-60000 \ 11184 mtu=1024" \ 11185 "$P_CLI dtls=1 debug_level=2 \ 11186 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11187 key_file=$DATA_FILES_PATH/server8.key \ 11188 exchanges=2 renegotiation=1 renegotiate=1 \ 11189 hs_timeout=10000-60000 \ 11190 mtu=1024" \ 11191 0 \ 11192 -S "autoreduction" \ 11193 -s "found fragmented DTLS handshake message" \ 11194 -c "found fragmented DTLS handshake message" \ 11195 -C "error" 11196 11197# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 11198requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11199requires_config_enabled MBEDTLS_RSA_C 11200client_needs_more_time 2 11201requires_max_content_len 2048 11202run_test "DTLS fragmenting: proxy MTU + 3d" \ 11203 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 11204 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ 11205 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11206 key_file=$DATA_FILES_PATH/server7.key \ 11207 hs_timeout=250-10000 mtu=512" \ 11208 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 11209 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11210 key_file=$DATA_FILES_PATH/server8.key \ 11211 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 11212 hs_timeout=250-10000 mtu=512" \ 11213 0 \ 11214 -s "found fragmented DTLS handshake message" \ 11215 -c "found fragmented DTLS handshake message" \ 11216 -C "error" 11217 11218# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 11219requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11220requires_config_enabled MBEDTLS_RSA_C 11221client_needs_more_time 2 11222requires_max_content_len 2048 11223run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ 11224 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 11225 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 11226 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11227 key_file=$DATA_FILES_PATH/server7.key \ 11228 hs_timeout=250-10000 mtu=512 nbio=2" \ 11229 "$P_CLI dtls=1 debug_level=2 \ 11230 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11231 key_file=$DATA_FILES_PATH/server8.key \ 11232 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 11233 hs_timeout=250-10000 mtu=512 nbio=2" \ 11234 0 \ 11235 -s "found fragmented DTLS handshake message" \ 11236 -c "found fragmented DTLS handshake message" \ 11237 -C "error" 11238 11239# interop tests for DTLS fragmentating with reliable connection 11240# 11241# here and below we just want to test that the we fragment in a way that 11242# pleases other implementations, so we don't need the peer to fragment 11243requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11244requires_config_enabled MBEDTLS_RSA_C 11245requires_gnutls 11246requires_max_content_len 2048 11247run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ 11248 "$G_SRV -u" \ 11249 "$P_CLI dtls=1 debug_level=2 \ 11250 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11251 key_file=$DATA_FILES_PATH/server8.key \ 11252 mtu=512 force_version=dtls12" \ 11253 0 \ 11254 -c "fragmenting handshake message" \ 11255 -C "error" 11256 11257# We use --insecure for the GnuTLS client because it expects 11258# the hostname / IP it connects to to be the name used in the 11259# certificate obtained from the server. Here, however, it 11260# connects to 127.0.0.1 while our test certificates use 'localhost' 11261# as the server name in the certificate. This will make the 11262# certificate validation fail, but passing --insecure makes 11263# GnuTLS continue the connection nonetheless. 11264requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11265requires_config_enabled MBEDTLS_RSA_C 11266requires_gnutls 11267requires_not_i686 11268requires_max_content_len 2048 11269run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 11270 "$P_SRV dtls=1 debug_level=2 \ 11271 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11272 key_file=$DATA_FILES_PATH/server7.key \ 11273 mtu=512 force_version=dtls12" \ 11274 "$G_CLI -u --insecure 127.0.0.1" \ 11275 0 \ 11276 -s "fragmenting handshake message" 11277 11278requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11279requires_config_enabled MBEDTLS_RSA_C 11280requires_max_content_len 2048 11281run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ 11282 "$O_SRV -dtls1_2 -verify 10" \ 11283 "$P_CLI dtls=1 debug_level=2 \ 11284 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11285 key_file=$DATA_FILES_PATH/server8.key \ 11286 mtu=512 force_version=dtls12" \ 11287 0 \ 11288 -c "fragmenting handshake message" \ 11289 -C "error" 11290 11291requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11292requires_config_enabled MBEDTLS_RSA_C 11293requires_max_content_len 2048 11294run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 11295 "$P_SRV dtls=1 debug_level=2 \ 11296 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11297 key_file=$DATA_FILES_PATH/server7.key \ 11298 mtu=512 force_version=dtls12" \ 11299 "$O_CLI -dtls1_2" \ 11300 0 \ 11301 -s "fragmenting handshake message" 11302 11303# interop tests for DTLS fragmentating with unreliable connection 11304# 11305# again we just want to test that the we fragment in a way that 11306# pleases other implementations, so we don't need the peer to fragment 11307requires_gnutls_next 11308requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11309requires_config_enabled MBEDTLS_RSA_C 11310client_needs_more_time 4 11311requires_max_content_len 2048 11312run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ 11313 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 11314 "$G_NEXT_SRV -u" \ 11315 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 11316 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11317 key_file=$DATA_FILES_PATH/server8.key \ 11318 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 11319 0 \ 11320 -c "fragmenting handshake message" \ 11321 -C "error" 11322 11323requires_gnutls_next 11324requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11325requires_config_enabled MBEDTLS_RSA_C 11326client_needs_more_time 4 11327requires_max_content_len 2048 11328run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 11329 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 11330 "$P_SRV dtls=1 debug_level=2 \ 11331 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11332 key_file=$DATA_FILES_PATH/server7.key \ 11333 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 11334 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 11335 0 \ 11336 -s "fragmenting handshake message" 11337 11338## The test below requires 1.1.1a or higher version of openssl, otherwise 11339## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) 11340requires_openssl_next 11341requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11342requires_config_enabled MBEDTLS_RSA_C 11343client_needs_more_time 4 11344requires_max_content_len 2048 11345run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ 11346 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 11347 "$O_NEXT_SRV -dtls1_2 -verify 10" \ 11348 "$P_CLI dtls=1 debug_level=2 \ 11349 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ 11350 key_file=$DATA_FILES_PATH/server8.key \ 11351 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 11352 0 \ 11353 -c "fragmenting handshake message" \ 11354 -C "error" 11355 11356## the test below will time out with certain seed. 11357## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) 11358skip_next_test 11359requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 11360requires_config_enabled MBEDTLS_RSA_C 11361client_needs_more_time 4 11362requires_max_content_len 2048 11363run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ 11364 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 11365 "$P_SRV dtls=1 debug_level=2 \ 11366 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ 11367 key_file=$DATA_FILES_PATH/server7.key \ 11368 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 11369 "$O_CLI -dtls1_2" \ 11370 0 \ 11371 -s "fragmenting handshake message" 11372 11373# Tests for DTLS-SRTP (RFC 5764) 11374requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11376run_test "DTLS-SRTP all profiles supported" \ 11377 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11378 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11379 0 \ 11380 -s "found use_srtp extension" \ 11381 -s "found srtp profile" \ 11382 -s "selected srtp profile" \ 11383 -s "server hello, adding use_srtp extension" \ 11384 -s "DTLS-SRTP key material is"\ 11385 -c "client hello, adding use_srtp extension" \ 11386 -c "found use_srtp extension" \ 11387 -c "found srtp profile" \ 11388 -c "selected srtp profile" \ 11389 -c "DTLS-SRTP key material is"\ 11390 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11391 -C "error" 11392 11393 11394requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11395requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11396run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ 11397 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11398 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ 11399 0 \ 11400 -s "found use_srtp extension" \ 11401 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 11402 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 11403 -s "server hello, adding use_srtp extension" \ 11404 -s "DTLS-SRTP key material is"\ 11405 -c "client hello, adding use_srtp extension" \ 11406 -c "found use_srtp extension" \ 11407 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 11408 -c "selected srtp profile" \ 11409 -c "DTLS-SRTP key material is"\ 11410 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11411 -C "error" 11412 11413requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11415run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ 11416 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 11417 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11418 0 \ 11419 -s "found use_srtp extension" \ 11420 -s "found srtp profile" \ 11421 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 11422 -s "server hello, adding use_srtp extension" \ 11423 -s "DTLS-SRTP key material is"\ 11424 -c "client hello, adding use_srtp extension" \ 11425 -c "found use_srtp extension" \ 11426 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 11427 -c "selected srtp profile" \ 11428 -c "DTLS-SRTP key material is"\ 11429 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11430 -C "error" 11431 11432requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11433requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11434run_test "DTLS-SRTP server and Client support only one matching profile." \ 11435 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11436 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11437 0 \ 11438 -s "found use_srtp extension" \ 11439 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11440 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11441 -s "server hello, adding use_srtp extension" \ 11442 -s "DTLS-SRTP key material is"\ 11443 -c "client hello, adding use_srtp extension" \ 11444 -c "found use_srtp extension" \ 11445 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11446 -c "selected srtp profile" \ 11447 -c "DTLS-SRTP key material is"\ 11448 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11449 -C "error" 11450 11451requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11452requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11453run_test "DTLS-SRTP server and Client support only one different profile." \ 11454 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11455 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 11456 0 \ 11457 -s "found use_srtp extension" \ 11458 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 11459 -S "selected srtp profile" \ 11460 -S "server hello, adding use_srtp extension" \ 11461 -S "DTLS-SRTP key material is"\ 11462 -c "client hello, adding use_srtp extension" \ 11463 -C "found use_srtp extension" \ 11464 -C "found srtp profile" \ 11465 -C "selected srtp profile" \ 11466 -C "DTLS-SRTP key material is"\ 11467 -C "error" 11468 11469requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11470requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11471run_test "DTLS-SRTP server doesn't support use_srtp extension." \ 11472 "$P_SRV dtls=1 debug_level=3" \ 11473 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11474 0 \ 11475 -s "found use_srtp extension" \ 11476 -S "server hello, adding use_srtp extension" \ 11477 -S "DTLS-SRTP key material is"\ 11478 -c "client hello, adding use_srtp extension" \ 11479 -C "found use_srtp extension" \ 11480 -C "found srtp profile" \ 11481 -C "selected srtp profile" \ 11482 -C "DTLS-SRTP key material is"\ 11483 -C "error" 11484 11485requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11487run_test "DTLS-SRTP all profiles supported. mki used" \ 11488 "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ 11489 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 11490 0 \ 11491 -s "found use_srtp extension" \ 11492 -s "found srtp profile" \ 11493 -s "selected srtp profile" \ 11494 -s "server hello, adding use_srtp extension" \ 11495 -s "dumping 'using mki' (8 bytes)" \ 11496 -s "DTLS-SRTP key material is"\ 11497 -c "client hello, adding use_srtp extension" \ 11498 -c "found use_srtp extension" \ 11499 -c "found srtp profile" \ 11500 -c "selected srtp profile" \ 11501 -c "dumping 'sending mki' (8 bytes)" \ 11502 -c "dumping 'received mki' (8 bytes)" \ 11503 -c "DTLS-SRTP key material is"\ 11504 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11505 -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\ 11506 -C "error" 11507 11508requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11510run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ 11511 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11512 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 11513 0 \ 11514 -s "found use_srtp extension" \ 11515 -s "found srtp profile" \ 11516 -s "selected srtp profile" \ 11517 -s "server hello, adding use_srtp extension" \ 11518 -s "DTLS-SRTP key material is"\ 11519 -s "DTLS-SRTP no mki value negotiated"\ 11520 -S "dumping 'using mki' (8 bytes)" \ 11521 -c "client hello, adding use_srtp extension" \ 11522 -c "found use_srtp extension" \ 11523 -c "found srtp profile" \ 11524 -c "selected srtp profile" \ 11525 -c "DTLS-SRTP key material is"\ 11526 -c "DTLS-SRTP no mki value negotiated"\ 11527 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11528 -c "dumping 'sending mki' (8 bytes)" \ 11529 -C "dumping 'received mki' (8 bytes)" \ 11530 -C "error" 11531 11532requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11533requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11534run_test "DTLS-SRTP all profiles supported. openssl client." \ 11535 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11536 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11537 0 \ 11538 -s "found use_srtp extension" \ 11539 -s "found srtp profile" \ 11540 -s "selected srtp profile" \ 11541 -s "server hello, adding use_srtp extension" \ 11542 -s "DTLS-SRTP key material is"\ 11543 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11544 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" 11545 11546requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11548run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ 11549 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11550 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11551 0 \ 11552 -s "found use_srtp extension" \ 11553 -s "found srtp profile" \ 11554 -s "selected srtp profile" \ 11555 -s "server hello, adding use_srtp extension" \ 11556 -s "DTLS-SRTP key material is"\ 11557 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11558 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 11559 11560requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11562run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ 11563 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11564 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11565 0 \ 11566 -s "found use_srtp extension" \ 11567 -s "found srtp profile" \ 11568 -s "selected srtp profile" \ 11569 -s "server hello, adding use_srtp extension" \ 11570 -s "DTLS-SRTP key material is"\ 11571 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11572 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 11573 11574requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11575requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11576run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ 11577 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11578 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11579 0 \ 11580 -s "found use_srtp extension" \ 11581 -s "found srtp profile" \ 11582 -s "selected srtp profile" \ 11583 -s "server hello, adding use_srtp extension" \ 11584 -s "DTLS-SRTP key material is"\ 11585 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11586 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 11587 11588requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11589requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11590run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ 11591 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11592 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11593 0 \ 11594 -s "found use_srtp extension" \ 11595 -s "found srtp profile" \ 11596 -s "selected srtp profile" \ 11597 -s "server hello, adding use_srtp extension" \ 11598 -s "DTLS-SRTP key material is"\ 11599 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 11600 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 11601 11602requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11603requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11604run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ 11605 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ 11606 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11607 0 \ 11608 -s "found use_srtp extension" \ 11609 -s "found srtp profile" \ 11610 -S "selected srtp profile" \ 11611 -S "server hello, adding use_srtp extension" \ 11612 -S "DTLS-SRTP key material is"\ 11613 -C "SRTP Extension negotiated, profile" 11614 11615requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11616requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11617run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ 11618 "$P_SRV dtls=1 debug_level=3" \ 11619 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11620 0 \ 11621 -s "found use_srtp extension" \ 11622 -S "server hello, adding use_srtp extension" \ 11623 -S "DTLS-SRTP key material is"\ 11624 -C "SRTP Extension negotiated, profile" 11625 11626requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11627requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11628run_test "DTLS-SRTP all profiles supported. openssl server" \ 11629 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11630 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11631 0 \ 11632 -c "client hello, adding use_srtp extension" \ 11633 -c "found use_srtp extension" \ 11634 -c "found srtp profile" \ 11635 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 11636 -c "DTLS-SRTP key material is"\ 11637 -C "error" 11638 11639requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11640requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11641run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ 11642 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11643 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11644 0 \ 11645 -c "client hello, adding use_srtp extension" \ 11646 -c "found use_srtp extension" \ 11647 -c "found srtp profile" \ 11648 -c "selected srtp profile" \ 11649 -c "DTLS-SRTP key material is"\ 11650 -C "error" 11651 11652requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11653requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11654run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ 11655 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11656 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11657 0 \ 11658 -c "client hello, adding use_srtp extension" \ 11659 -c "found use_srtp extension" \ 11660 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11661 -c "selected srtp profile" \ 11662 -c "DTLS-SRTP key material is"\ 11663 -C "error" 11664 11665requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11666requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11667run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ 11668 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11669 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11670 0 \ 11671 -c "client hello, adding use_srtp extension" \ 11672 -c "found use_srtp extension" \ 11673 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11674 -c "selected srtp profile" \ 11675 -c "DTLS-SRTP key material is"\ 11676 -C "error" 11677 11678requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11679requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11680run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ 11681 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11682 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11683 0 \ 11684 -c "client hello, adding use_srtp extension" \ 11685 -c "found use_srtp extension" \ 11686 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11687 -c "selected srtp profile" \ 11688 -c "DTLS-SRTP key material is"\ 11689 -C "error" 11690 11691requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11692requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11693run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ 11694 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11695 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 11696 0 \ 11697 -c "client hello, adding use_srtp extension" \ 11698 -C "found use_srtp extension" \ 11699 -C "found srtp profile" \ 11700 -C "selected srtp profile" \ 11701 -C "DTLS-SRTP key material is"\ 11702 -C "error" 11703 11704requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11705requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11706run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ 11707 "$O_SRV -dtls" \ 11708 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11709 0 \ 11710 -c "client hello, adding use_srtp extension" \ 11711 -C "found use_srtp extension" \ 11712 -C "found srtp profile" \ 11713 -C "selected srtp profile" \ 11714 -C "DTLS-SRTP key material is"\ 11715 -C "error" 11716 11717requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11718requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11719run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ 11720 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 11721 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 11722 0 \ 11723 -c "client hello, adding use_srtp extension" \ 11724 -c "found use_srtp extension" \ 11725 -c "found srtp profile" \ 11726 -c "selected srtp profile" \ 11727 -c "DTLS-SRTP key material is"\ 11728 -c "DTLS-SRTP no mki value negotiated"\ 11729 -c "dumping 'sending mki' (8 bytes)" \ 11730 -C "dumping 'received mki' (8 bytes)" \ 11731 -C "error" 11732 11733requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11734requires_gnutls 11735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11736run_test "DTLS-SRTP all profiles supported. gnutls client." \ 11737 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11738 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 11739 0 \ 11740 -s "found use_srtp extension" \ 11741 -s "found srtp profile" \ 11742 -s "selected srtp profile" \ 11743 -s "server hello, adding use_srtp extension" \ 11744 -s "DTLS-SRTP key material is"\ 11745 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" 11746 11747requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11748requires_gnutls 11749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11750run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ 11751 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11752 "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 11753 0 \ 11754 -s "found use_srtp extension" \ 11755 -s "found srtp profile" \ 11756 -s "selected srtp profile" \ 11757 -s "server hello, adding use_srtp extension" \ 11758 -s "DTLS-SRTP key material is"\ 11759 -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" 11760 11761requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11762requires_gnutls 11763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11764run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ 11765 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 11766 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 11767 0 \ 11768 -s "found use_srtp extension" \ 11769 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11770 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11771 -s "server hello, adding use_srtp extension" \ 11772 -s "DTLS-SRTP key material is"\ 11773 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" 11774 11775requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11776requires_gnutls 11777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11778run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ 11779 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 11780 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 11781 0 \ 11782 -s "found use_srtp extension" \ 11783 -s "found srtp profile" \ 11784 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 11785 -s "server hello, adding use_srtp extension" \ 11786 -s "DTLS-SRTP key material is"\ 11787 -c "SRTP profile: SRTP_NULL_SHA1_32" 11788 11789requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11790requires_gnutls 11791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11792run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ 11793 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11794 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 11795 0 \ 11796 -s "found use_srtp extension" \ 11797 -s "found srtp profile" \ 11798 -s "selected srtp profile" \ 11799 -s "server hello, adding use_srtp extension" \ 11800 -s "DTLS-SRTP key material is"\ 11801 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" 11802 11803requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11804requires_gnutls 11805requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11806run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ 11807 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ 11808 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 11809 0 \ 11810 -s "found use_srtp extension" \ 11811 -s "found srtp profile" \ 11812 -S "selected srtp profile" \ 11813 -S "server hello, adding use_srtp extension" \ 11814 -S "DTLS-SRTP key material is"\ 11815 -C "SRTP profile:" 11816 11817requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11818requires_gnutls 11819requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11820run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ 11821 "$P_SRV dtls=1 debug_level=3" \ 11822 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 11823 0 \ 11824 -s "found use_srtp extension" \ 11825 -S "server hello, adding use_srtp extension" \ 11826 -S "DTLS-SRTP key material is"\ 11827 -C "SRTP profile:" 11828 11829requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11830requires_gnutls 11831requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11832run_test "DTLS-SRTP all profiles supported. gnutls server" \ 11833 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 11834 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11835 0 \ 11836 -c "client hello, adding use_srtp extension" \ 11837 -c "found use_srtp extension" \ 11838 -c "found srtp profile" \ 11839 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 11840 -c "DTLS-SRTP key material is"\ 11841 -C "error" 11842 11843requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11844requires_gnutls 11845requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11846run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ 11847 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 11848 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11849 0 \ 11850 -c "client hello, adding use_srtp extension" \ 11851 -c "found use_srtp extension" \ 11852 -c "found srtp profile" \ 11853 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 11854 -c "DTLS-SRTP key material is"\ 11855 -C "error" 11856 11857requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11858requires_gnutls 11859requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11860run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ 11861 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 11862 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11863 0 \ 11864 -c "client hello, adding use_srtp extension" \ 11865 -c "found use_srtp extension" \ 11866 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11867 -c "selected srtp profile" \ 11868 -c "DTLS-SRTP key material is"\ 11869 -C "error" 11870 11871requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11872requires_gnutls 11873requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11874run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ 11875 "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ 11876 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11877 0 \ 11878 -c "client hello, adding use_srtp extension" \ 11879 -c "found use_srtp extension" \ 11880 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 11881 -c "selected srtp profile" \ 11882 -c "DTLS-SRTP key material is"\ 11883 -C "error" 11884 11885requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11886requires_gnutls 11887requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11888run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ 11889 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 11890 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 11891 0 \ 11892 -c "client hello, adding use_srtp extension" \ 11893 -c "found use_srtp extension" \ 11894 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 11895 -c "selected srtp profile" \ 11896 -c "DTLS-SRTP key material is"\ 11897 -C "error" 11898 11899requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11900requires_gnutls 11901requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11902run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ 11903 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 11904 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 11905 0 \ 11906 -c "client hello, adding use_srtp extension" \ 11907 -C "found use_srtp extension" \ 11908 -C "found srtp profile" \ 11909 -C "selected srtp profile" \ 11910 -C "DTLS-SRTP key material is"\ 11911 -C "error" 11912 11913requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11914requires_gnutls 11915requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11916run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ 11917 "$G_SRV -u" \ 11918 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 11919 0 \ 11920 -c "client hello, adding use_srtp extension" \ 11921 -C "found use_srtp extension" \ 11922 -C "found srtp profile" \ 11923 -C "selected srtp profile" \ 11924 -C "DTLS-SRTP key material is"\ 11925 -C "error" 11926 11927requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 11928requires_gnutls 11929requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11930run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ 11931 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 11932 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 11933 0 \ 11934 -c "client hello, adding use_srtp extension" \ 11935 -c "found use_srtp extension" \ 11936 -c "found srtp profile" \ 11937 -c "selected srtp profile" \ 11938 -c "DTLS-SRTP key material is"\ 11939 -c "DTLS-SRTP mki value:"\ 11940 -c "dumping 'sending mki' (8 bytes)" \ 11941 -c "dumping 'received mki' (8 bytes)" \ 11942 -C "error" 11943 11944# Tests for specific things with "unreliable" UDP connection 11945 11946not_with_valgrind # spurious resend due to timeout 11947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11948run_test "DTLS proxy: reference" \ 11949 -p "$P_PXY" \ 11950 "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ 11951 "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ 11952 0 \ 11953 -C "replayed record" \ 11954 -S "replayed record" \ 11955 -C "Buffer record from epoch" \ 11956 -S "Buffer record from epoch" \ 11957 -C "ssl_buffer_message" \ 11958 -S "ssl_buffer_message" \ 11959 -C "discarding invalid record" \ 11960 -S "discarding invalid record" \ 11961 -S "resend" \ 11962 -s "Extra-header:" \ 11963 -c "HTTP/1.0 200 OK" 11964 11965not_with_valgrind # spurious resend due to timeout 11966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11967run_test "DTLS proxy: duplicate every packet" \ 11968 -p "$P_PXY duplicate=1" \ 11969 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 11970 "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 11971 0 \ 11972 -c "replayed record" \ 11973 -s "replayed record" \ 11974 -c "record from another epoch" \ 11975 -s "record from another epoch" \ 11976 -S "resend" \ 11977 -s "Extra-header:" \ 11978 -c "HTTP/1.0 200 OK" 11979 11980requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11981run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 11982 -p "$P_PXY duplicate=1" \ 11983 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ 11984 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 11985 0 \ 11986 -c "replayed record" \ 11987 -S "replayed record" \ 11988 -c "record from another epoch" \ 11989 -s "record from another epoch" \ 11990 -c "resend" \ 11991 -s "resend" \ 11992 -s "Extra-header:" \ 11993 -c "HTTP/1.0 200 OK" 11994 11995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11996run_test "DTLS proxy: multiple records in same datagram" \ 11997 -p "$P_PXY pack=50" \ 11998 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 11999 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 12000 0 \ 12001 -c "next record in same datagram" \ 12002 -s "next record in same datagram" 12003 12004requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12005run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ 12006 -p "$P_PXY pack=50 duplicate=1" \ 12007 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 12008 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 12009 0 \ 12010 -c "next record in same datagram" \ 12011 -s "next record in same datagram" 12012 12013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12014run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ 12015 -p "$P_PXY bad_ad=1" \ 12016 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ 12017 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 12018 0 \ 12019 -c "discarding invalid record (mac)" \ 12020 -s "discarding invalid record (mac)" \ 12021 -s "Extra-header:" \ 12022 -c "HTTP/1.0 200 OK" \ 12023 -S "too many records with bad MAC" \ 12024 -S "Verification of the message MAC failed" 12025 12026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12027run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ 12028 -p "$P_PXY bad_ad=1" \ 12029 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ 12030 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 12031 1 \ 12032 -C "discarding invalid record (mac)" \ 12033 -S "discarding invalid record (mac)" \ 12034 -S "Extra-header:" \ 12035 -C "HTTP/1.0 200 OK" \ 12036 -s "too many records with bad MAC" \ 12037 -s "Verification of the message MAC failed" 12038 12039requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12040run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ 12041 -p "$P_PXY bad_ad=1" \ 12042 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ 12043 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 12044 0 \ 12045 -c "discarding invalid record (mac)" \ 12046 -s "discarding invalid record (mac)" \ 12047 -s "Extra-header:" \ 12048 -c "HTTP/1.0 200 OK" \ 12049 -S "too many records with bad MAC" \ 12050 -S "Verification of the message MAC failed" 12051 12052requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12053run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ 12054 -p "$P_PXY bad_ad=1" \ 12055 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ 12056 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 12057 1 \ 12058 -c "discarding invalid record (mac)" \ 12059 -s "discarding invalid record (mac)" \ 12060 -s "Extra-header:" \ 12061 -c "HTTP/1.0 200 OK" \ 12062 -s "too many records with bad MAC" \ 12063 -s "Verification of the message MAC failed" 12064 12065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12066run_test "DTLS proxy: delay ChangeCipherSpec" \ 12067 -p "$P_PXY delay_ccs=1" \ 12068 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ 12069 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ 12070 0 \ 12071 -c "record from another epoch" \ 12072 -s "record from another epoch" \ 12073 -s "Extra-header:" \ 12074 -c "HTTP/1.0 200 OK" 12075 12076# Tests for reordering support with DTLS 12077 12078requires_certificate_authentication 12079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12080run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ 12081 -p "$P_PXY delay_srv=ServerHello" \ 12082 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12083 hs_timeout=2500-60000" \ 12084 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12085 hs_timeout=2500-60000" \ 12086 0 \ 12087 -c "Buffering HS message" \ 12088 -c "Next handshake message has been buffered - load"\ 12089 -S "Buffering HS message" \ 12090 -S "Next handshake message has been buffered - load"\ 12091 -C "Injecting buffered CCS message" \ 12092 -C "Remember CCS message" \ 12093 -S "Injecting buffered CCS message" \ 12094 -S "Remember CCS message" 12095 12096requires_certificate_authentication 12097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12098run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ 12099 -p "$P_PXY delay_srv=ServerHello" \ 12100 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12101 hs_timeout=2500-60000" \ 12102 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12103 hs_timeout=2500-60000" \ 12104 0 \ 12105 -c "Buffering HS message" \ 12106 -c "found fragmented DTLS handshake message"\ 12107 -c "Next handshake message 1 not or only partially bufffered" \ 12108 -c "Next handshake message has been buffered - load"\ 12109 -S "Buffering HS message" \ 12110 -S "Next handshake message has been buffered - load"\ 12111 -C "Injecting buffered CCS message" \ 12112 -C "Remember CCS message" \ 12113 -S "Injecting buffered CCS message" \ 12114 -S "Remember CCS message" 12115 12116# The client buffers the ServerKeyExchange before receiving the fragmented 12117# Certificate message; at the time of writing, together these are aroudn 1200b 12118# in size, so that the bound below ensures that the certificate can be reassembled 12119# while keeping the ServerKeyExchange. 12120requires_certificate_authentication 12121requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 12122requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12123run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ 12124 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 12125 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12126 hs_timeout=2500-60000" \ 12127 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12128 hs_timeout=2500-60000" \ 12129 0 \ 12130 -c "Buffering HS message" \ 12131 -c "Next handshake message has been buffered - load"\ 12132 -C "attempt to make space by freeing buffered messages" \ 12133 -S "Buffering HS message" \ 12134 -S "Next handshake message has been buffered - load"\ 12135 -C "Injecting buffered CCS message" \ 12136 -C "Remember CCS message" \ 12137 -S "Injecting buffered CCS message" \ 12138 -S "Remember CCS message" 12139 12140# The size constraints ensure that the delayed certificate message can't 12141# be reassembled while keeping the ServerKeyExchange message, but it can 12142# when dropping it first. 12143requires_certificate_authentication 12144requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 12145requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 12146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12147run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ 12148 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 12149 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12150 hs_timeout=2500-60000" \ 12151 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12152 hs_timeout=2500-60000" \ 12153 0 \ 12154 -c "Buffering HS message" \ 12155 -c "attempt to make space by freeing buffered future messages" \ 12156 -c "Enough space available after freeing buffered HS messages" \ 12157 -S "Buffering HS message" \ 12158 -S "Next handshake message has been buffered - load"\ 12159 -C "Injecting buffered CCS message" \ 12160 -C "Remember CCS message" \ 12161 -S "Injecting buffered CCS message" \ 12162 -S "Remember CCS message" 12163 12164requires_certificate_authentication 12165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12166run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ 12167 -p "$P_PXY delay_cli=Certificate" \ 12168 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ 12169 hs_timeout=2500-60000" \ 12170 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12171 hs_timeout=2500-60000" \ 12172 0 \ 12173 -C "Buffering HS message" \ 12174 -C "Next handshake message has been buffered - load"\ 12175 -s "Buffering HS message" \ 12176 -s "Next handshake message has been buffered - load" \ 12177 -C "Injecting buffered CCS message" \ 12178 -C "Remember CCS message" \ 12179 -S "Injecting buffered CCS message" \ 12180 -S "Remember CCS message" 12181 12182requires_certificate_authentication 12183requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12184requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 12185run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ 12186 -p "$P_PXY delay_srv=NewSessionTicket" \ 12187 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12188 hs_timeout=2500-60000" \ 12189 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12190 hs_timeout=2500-60000" \ 12191 0 \ 12192 -C "Buffering HS message" \ 12193 -C "Next handshake message has been buffered - load"\ 12194 -S "Buffering HS message" \ 12195 -S "Next handshake message has been buffered - load" \ 12196 -c "Injecting buffered CCS message" \ 12197 -c "Remember CCS message" \ 12198 -S "Injecting buffered CCS message" \ 12199 -S "Remember CCS message" 12200 12201requires_certificate_authentication 12202requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12203run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ 12204 -p "$P_PXY delay_cli=ClientKeyExchange" \ 12205 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12206 hs_timeout=2500-60000" \ 12207 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12208 hs_timeout=2500-60000" \ 12209 0 \ 12210 -C "Buffering HS message" \ 12211 -C "Next handshake message has been buffered - load"\ 12212 -S "Buffering HS message" \ 12213 -S "Next handshake message has been buffered - load" \ 12214 -C "Injecting buffered CCS message" \ 12215 -C "Remember CCS message" \ 12216 -s "Injecting buffered CCS message" \ 12217 -s "Remember CCS message" 12218 12219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12220run_test "DTLS reordering: Buffer encrypted Finished message" \ 12221 -p "$P_PXY delay_ccs=1" \ 12222 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 12223 hs_timeout=2500-60000" \ 12224 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 12225 hs_timeout=2500-60000" \ 12226 0 \ 12227 -s "Buffer record from epoch 1" \ 12228 -s "Found buffered record from current epoch - load" \ 12229 -c "Buffer record from epoch 1" \ 12230 -c "Found buffered record from current epoch - load" 12231 12232# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec 12233# from the server are delayed, so that the encrypted Finished message 12234# is received and buffered. When the fragmented NewSessionTicket comes 12235# in afterwards, the encrypted Finished message must be freed in order 12236# to make space for the NewSessionTicket to be reassembled. 12237# This works only in very particular circumstances: 12238# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering 12239# of the NewSessionTicket, but small enough to also allow buffering of 12240# the encrypted Finished message. 12241# - The MTU setting on the server must be so small that the NewSessionTicket 12242# needs to be fragmented. 12243# - All messages sent by the server must be small enough to be either sent 12244# without fragmentation or be reassembled within the bounds of 12245# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based 12246# handshake, omitting CRTs. 12247requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 12248requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 12249run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ 12250 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ 12251 "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ 12252 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ 12253 0 \ 12254 -s "Buffer record from epoch 1" \ 12255 -s "Found buffered record from current epoch - load" \ 12256 -c "Buffer record from epoch 1" \ 12257 -C "Found buffered record from current epoch - load" \ 12258 -c "Enough space available after freeing future epoch record" 12259 12260# Tests for "randomly unreliable connection": try a variety of flows and peers 12261 12262client_needs_more_time 2 12263run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ 12264 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12265 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12266 psk=73776f726466697368" \ 12267 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12268 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 12269 0 \ 12270 -s "Extra-header:" \ 12271 -c "HTTP/1.0 200 OK" 12272 12273client_needs_more_time 2 12274run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ 12275 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12276 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 12277 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ 12278 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 12279 0 \ 12280 -s "Extra-header:" \ 12281 -c "HTTP/1.0 200 OK" 12282 12283client_needs_more_time 2 12284requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12285run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ 12286 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12287 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 12288 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 12289 0 \ 12290 -s "Extra-header:" \ 12291 -c "HTTP/1.0 200 OK" 12292 12293client_needs_more_time 2 12294requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12295run_test "DTLS proxy: 3d, FS, client auth" \ 12296 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12297 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ 12298 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 12299 0 \ 12300 -s "Extra-header:" \ 12301 -c "HTTP/1.0 200 OK" 12302 12303client_needs_more_time 2 12304requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12305requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 12306run_test "DTLS proxy: 3d, FS, ticket" \ 12307 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12308 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ 12309 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 12310 0 \ 12311 -s "Extra-header:" \ 12312 -c "HTTP/1.0 200 OK" 12313 12314client_needs_more_time 2 12315requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12316requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 12317run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ 12318 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12319 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ 12320 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 12321 0 \ 12322 -s "Extra-header:" \ 12323 -c "HTTP/1.0 200 OK" 12324 12325client_needs_more_time 2 12326requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12327requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 12328run_test "DTLS proxy: 3d, max handshake, nbio" \ 12329 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12330 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ 12331 auth_mode=required" \ 12332 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 12333 0 \ 12334 -s "Extra-header:" \ 12335 -c "HTTP/1.0 200 OK" 12336 12337client_needs_more_time 4 12338requires_config_enabled MBEDTLS_SSL_CACHE_C 12339run_test "DTLS proxy: 3d, min handshake, resumption" \ 12340 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12341 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12342 psk=73776f726466697368 debug_level=3" \ 12343 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12344 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 12345 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 12346 0 \ 12347 -s "a session has been resumed" \ 12348 -c "a session has been resumed" \ 12349 -s "Extra-header:" \ 12350 -c "HTTP/1.0 200 OK" 12351 12352client_needs_more_time 4 12353requires_config_enabled MBEDTLS_SSL_CACHE_C 12354run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ 12355 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12356 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12357 psk=73776f726466697368 debug_level=3 nbio=2" \ 12358 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12359 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 12360 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 12361 0 \ 12362 -s "a session has been resumed" \ 12363 -c "a session has been resumed" \ 12364 -s "Extra-header:" \ 12365 -c "HTTP/1.0 200 OK" 12366 12367client_needs_more_time 4 12368requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 12369run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ 12370 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12371 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12372 psk=73776f726466697368 renegotiation=1 debug_level=2" \ 12373 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12374 renegotiate=1 debug_level=2 \ 12375 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 12376 0 \ 12377 -c "=> renegotiate" \ 12378 -s "=> renegotiate" \ 12379 -s "Extra-header:" \ 12380 -c "HTTP/1.0 200 OK" 12381 12382client_needs_more_time 4 12383requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 12384run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ 12385 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12386 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12387 psk=73776f726466697368 renegotiation=1 debug_level=2" \ 12388 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12389 renegotiate=1 debug_level=2 \ 12390 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 12391 0 \ 12392 -c "=> renegotiate" \ 12393 -s "=> renegotiate" \ 12394 -s "Extra-header:" \ 12395 -c "HTTP/1.0 200 OK" 12396 12397client_needs_more_time 4 12398requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 12399run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ 12400 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12401 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12402 psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ 12403 debug_level=2" \ 12404 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12405 renegotiation=1 exchanges=4 debug_level=2 \ 12406 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 12407 0 \ 12408 -c "=> renegotiate" \ 12409 -s "=> renegotiate" \ 12410 -s "Extra-header:" \ 12411 -c "HTTP/1.0 200 OK" 12412 12413client_needs_more_time 4 12414requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 12415run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ 12416 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12417 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 12418 psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ 12419 debug_level=2 nbio=2" \ 12420 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ 12421 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ 12422 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 12423 0 \ 12424 -c "=> renegotiate" \ 12425 -s "=> renegotiate" \ 12426 -s "Extra-header:" \ 12427 -c "HTTP/1.0 200 OK" 12428 12429## The three tests below require 1.1.1a or higher version of openssl, otherwise 12430## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) 12431## Besides, openssl should use dtls1_2 or dtls, otherwise it will cause "SSL alert number 70" error 12432requires_openssl_next 12433client_needs_more_time 6 12434not_with_valgrind # risk of non-mbedtls peer timing out 12435requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12436run_test "DTLS proxy: 3d, openssl server" \ 12437 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 12438 "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ 12439 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 12440 0 \ 12441 -c "HTTP/1.0 200 OK" 12442 12443requires_openssl_next 12444client_needs_more_time 8 12445not_with_valgrind # risk of non-mbedtls peer timing out 12446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12447run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 12448 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 12449 "$O_NEXT_SRV -dtls1_2 -mtu 768" \ 12450 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 12451 0 \ 12452 -c "HTTP/1.0 200 OK" 12453 12454requires_openssl_next 12455client_needs_more_time 8 12456not_with_valgrind # risk of non-mbedtls peer timing out 12457requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12458run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ 12459 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 12460 "$O_NEXT_SRV -dtls1_2 -mtu 768" \ 12461 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 12462 0 \ 12463 -c "HTTP/1.0 200 OK" 12464 12465requires_gnutls 12466client_needs_more_time 6 12467not_with_valgrind # risk of non-mbedtls peer timing out 12468requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12469run_test "DTLS proxy: 3d, gnutls server" \ 12470 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12471 "$G_SRV -u --mtu 2048 -a" \ 12472 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 12473 0 \ 12474 -s "Extra-header:" \ 12475 -c "Extra-header:" 12476 12477requires_gnutls_next 12478client_needs_more_time 8 12479not_with_valgrind # risk of non-mbedtls peer timing out 12480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12481run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ 12482 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12483 "$G_NEXT_SRV -u --mtu 512" \ 12484 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 12485 0 \ 12486 -s "Extra-header:" \ 12487 -c "Extra-header:" 12488 12489requires_gnutls_next 12490client_needs_more_time 8 12491not_with_valgrind # risk of non-mbedtls peer timing out 12492requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12493run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ 12494 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 12495 "$G_NEXT_SRV -u --mtu 512" \ 12496 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 12497 0 \ 12498 -s "Extra-header:" \ 12499 -c "Extra-header:" 12500 12501requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12502run_test "export keys functionality" \ 12503 "$P_SRV eap_tls=1 debug_level=3" \ 12504 "$P_CLI force_version=tls12 eap_tls=1 debug_level=3" \ 12505 0 \ 12506 -c "EAP-TLS key material is:"\ 12507 -s "EAP-TLS key material is:"\ 12508 -c "EAP-TLS IV is:" \ 12509 -s "EAP-TLS IV is:" 12510 12511# openssl feature tests: check if tls1.3 exists. 12512requires_openssl_tls1_3 12513run_test "TLS 1.3: Test openssl tls1_3 feature" \ 12514 "$O_NEXT_SRV -tls1_3 -msg" \ 12515 "$O_NEXT_CLI -tls1_3 -msg" \ 12516 0 \ 12517 -c "TLS 1.3" \ 12518 -s "TLS 1.3" 12519 12520# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options. 12521requires_gnutls_tls1_3 12522requires_gnutls_next_no_ticket 12523requires_gnutls_next_disable_tls13_compat 12524run_test "TLS 1.3: Test gnutls tls1_3 feature" \ 12525 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \ 12526 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12527 0 \ 12528 -s "Version: TLS1.3" \ 12529 -c "Version: TLS1.3" 12530 12531# TLS1.3 test cases 12532requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 12533requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12534requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256 12535requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255" 12536requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256" 12537run_test "TLS 1.3: Default" \ 12538 "$P_SRV allow_sha1=0 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key force_version=tls13" \ 12539 "$P_CLI allow_sha1=0" \ 12540 0 \ 12541 -s "Protocol is TLSv1.3" \ 12542 -s "Ciphersuite is TLS1-3-CHACHA20-POLY1305-SHA256" \ 12543 -s "ECDH/FFDH group: " \ 12544 -s "selected signature algorithm ecdsa_secp256r1_sha256" 12545 12546requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 12548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12549requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 12550run_test "Establish TLS 1.2 then TLS 1.3 session" \ 12551 "$P_SRV" \ 12552 "( $P_CLI force_version=tls12; \ 12553 $P_CLI force_version=tls13 )" \ 12554 0 \ 12555 -s "Protocol is TLSv1.2" \ 12556 -s "Protocol is TLSv1.3" \ 12557 12558requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 12559requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 12560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12561requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 12562run_test "Establish TLS 1.3 then TLS 1.2 session" \ 12563 "$P_SRV" \ 12564 "( $P_CLI force_version=tls13; \ 12565 $P_CLI force_version=tls12 )" \ 12566 0 \ 12567 -s "Protocol is TLSv1.3" \ 12568 -s "Protocol is TLSv1.2" \ 12569 12570requires_openssl_tls1_3_with_compatible_ephemeral 12571requires_config_enabled MBEDTLS_DEBUG_C 12572requires_config_enabled MBEDTLS_SSL_CLI_C 12573requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12574 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12575run_test "TLS 1.3: minimal feature sets - openssl" \ 12576 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12577 "$P_CLI debug_level=3" \ 12578 0 \ 12579 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 12580 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 12581 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12582 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12583 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12584 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12585 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 12586 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12587 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 12588 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 12589 -c "<= ssl_tls13_process_server_hello" \ 12590 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 12591 -c "DHE group name: " \ 12592 -c "=> ssl_tls13_process_server_hello" \ 12593 -c "<= parse encrypted extensions" \ 12594 -c "Certificate verification flags clear" \ 12595 -c "=> parse certificate verify" \ 12596 -c "<= parse certificate verify" \ 12597 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 12598 -c "<= parse finished message" \ 12599 -c "Protocol is TLSv1.3" \ 12600 -c "HTTP/1.0 200 ok" 12601 12602requires_gnutls_tls1_3 12603requires_gnutls_next_no_ticket 12604requires_config_enabled MBEDTLS_DEBUG_C 12605requires_config_enabled MBEDTLS_SSL_CLI_C 12606requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12607 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12608run_test "TLS 1.3: minimal feature sets - gnutls" \ 12609 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 12610 "$P_CLI debug_level=3" \ 12611 0 \ 12612 -s "SERVER HELLO was queued" \ 12613 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 12614 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 12615 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12616 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12617 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12618 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12619 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 12620 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12621 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 12622 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 12623 -c "<= ssl_tls13_process_server_hello" \ 12624 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 12625 -c "DHE group name: " \ 12626 -c "=> ssl_tls13_process_server_hello" \ 12627 -c "<= parse encrypted extensions" \ 12628 -c "Certificate verification flags clear" \ 12629 -c "=> parse certificate verify" \ 12630 -c "<= parse certificate verify" \ 12631 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 12632 -c "<= parse finished message" \ 12633 -c "Protocol is TLSv1.3" \ 12634 -c "HTTP/1.0 200 OK" 12635 12636requires_openssl_tls1_3_with_compatible_ephemeral 12637requires_config_enabled MBEDTLS_DEBUG_C 12638requires_config_enabled MBEDTLS_SSL_CLI_C 12639requires_config_enabled MBEDTLS_SSL_ALPN 12640requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12641 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12642run_test "TLS 1.3: alpn - openssl" \ 12643 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ 12644 "$P_CLI debug_level=3 alpn=h2" \ 12645 0 \ 12646 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 12647 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 12648 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12649 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12650 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12651 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12652 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 12653 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12654 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 12655 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 12656 -c "<= ssl_tls13_process_server_hello" \ 12657 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 12658 -c "DHE group name: " \ 12659 -c "=> ssl_tls13_process_server_hello" \ 12660 -c "<= parse encrypted extensions" \ 12661 -c "Certificate verification flags clear" \ 12662 -c "=> parse certificate verify" \ 12663 -c "<= parse certificate verify" \ 12664 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 12665 -c "<= parse finished message" \ 12666 -c "Protocol is TLSv1.3" \ 12667 -c "HTTP/1.0 200 ok" \ 12668 -c "Application Layer Protocol is h2" 12669 12670requires_gnutls_tls1_3 12671requires_gnutls_next_no_ticket 12672requires_config_enabled MBEDTLS_DEBUG_C 12673requires_config_enabled MBEDTLS_SSL_CLI_C 12674requires_config_enabled MBEDTLS_SSL_ALPN 12675requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12676 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12677run_test "TLS 1.3: alpn - gnutls" \ 12678 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ 12679 "$P_CLI debug_level=3 alpn=h2" \ 12680 0 \ 12681 -s "SERVER HELLO was queued" \ 12682 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 12683 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 12684 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12685 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12686 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12687 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12688 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 12689 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12690 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 12691 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 12692 -c "<= ssl_tls13_process_server_hello" \ 12693 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 12694 -c "DHE group name: " \ 12695 -c "=> ssl_tls13_process_server_hello" \ 12696 -c "<= parse encrypted extensions" \ 12697 -c "Certificate verification flags clear" \ 12698 -c "=> parse certificate verify" \ 12699 -c "<= parse certificate verify" \ 12700 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 12701 -c "<= parse finished message" \ 12702 -c "Protocol is TLSv1.3" \ 12703 -c "HTTP/1.0 200 OK" \ 12704 -c "Application Layer Protocol is h2" 12705 12706requires_openssl_tls1_3_with_compatible_ephemeral 12707requires_config_enabled MBEDTLS_DEBUG_C 12708requires_config_enabled MBEDTLS_SSL_SRV_C 12709requires_config_enabled MBEDTLS_SSL_ALPN 12710requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12711run_test "TLS 1.3: server alpn - openssl" \ 12712 "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ 12713 "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ 12714 0 \ 12715 -s "found alpn extension" \ 12716 -s "server side, adding alpn extension" \ 12717 -s "Protocol is TLSv1.3" \ 12718 -s "HTTP/1.0 200 OK" \ 12719 -s "Application Layer Protocol is h2" 12720 12721requires_gnutls_tls1_3 12722requires_config_enabled MBEDTLS_DEBUG_C 12723requires_config_enabled MBEDTLS_SSL_SRV_C 12724requires_config_enabled MBEDTLS_SSL_ALPN 12725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12726run_test "TLS 1.3: server alpn - gnutls" \ 12727 "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ 12728 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ 12729 0 \ 12730 -s "found alpn extension" \ 12731 -s "server side, adding alpn extension" \ 12732 -s "Protocol is TLSv1.3" \ 12733 -s "HTTP/1.0 200 OK" \ 12734 -s "Application Layer Protocol is h2" 12735 12736requires_openssl_tls1_3_with_compatible_ephemeral 12737requires_config_enabled MBEDTLS_DEBUG_C 12738requires_config_enabled MBEDTLS_SSL_CLI_C 12739requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12740 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12741run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ 12742 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ 12743 "$P_CLI debug_level=4 crt_file=none key_file=none" \ 12744 0 \ 12745 -c "got a certificate request" \ 12746 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12747 -s "TLS 1.3" \ 12748 -c "HTTP/1.0 200 ok" \ 12749 -c "Protocol is TLSv1.3" 12750 12751requires_gnutls_tls1_3 12752requires_gnutls_next_no_ticket 12753requires_config_enabled MBEDTLS_DEBUG_C 12754requires_config_enabled MBEDTLS_SSL_CLI_C 12755requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12756 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12757run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ 12758 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ 12759 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 12760 0 \ 12761 -c "got a certificate request" \ 12762 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ 12763 -s "Version: TLS1.3" \ 12764 -c "HTTP/1.0 200 OK" \ 12765 -c "Protocol is TLSv1.3" 12766 12767 12768requires_openssl_tls1_3_with_compatible_ephemeral 12769requires_config_enabled MBEDTLS_DEBUG_C 12770requires_config_enabled MBEDTLS_SSL_CLI_C 12771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12772run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ 12773 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ 12774 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key" \ 12775 0 \ 12776 -c "got a certificate request" \ 12777 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12778 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12779 -c "Protocol is TLSv1.3" 12780 12781requires_gnutls_tls1_3 12782requires_gnutls_next_no_ticket 12783requires_config_enabled MBEDTLS_DEBUG_C 12784requires_config_enabled MBEDTLS_SSL_CLI_C 12785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12786run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ 12787 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ 12788 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ 12789 key_file=$DATA_FILES_PATH/cli2.key" \ 12790 0 \ 12791 -c "got a certificate request" \ 12792 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12793 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12794 -c "Protocol is TLSv1.3" 12795 12796requires_openssl_tls1_3_with_compatible_ephemeral 12797requires_config_enabled MBEDTLS_DEBUG_C 12798requires_config_enabled MBEDTLS_SSL_CLI_C 12799requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12800 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12801run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ 12802 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12803 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ 12804 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ 12805 0 \ 12806 -c "got a certificate request" \ 12807 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12808 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12809 -c "Protocol is TLSv1.3" 12810 12811requires_gnutls_tls1_3 12812requires_gnutls_next_no_ticket 12813requires_config_enabled MBEDTLS_DEBUG_C 12814requires_config_enabled MBEDTLS_SSL_CLI_C 12815requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12816 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12817run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ 12818 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12819 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ 12820 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ 12821 0 \ 12822 -c "got a certificate request" \ 12823 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12824 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12825 -c "Protocol is TLSv1.3" 12826 12827requires_openssl_tls1_3_with_compatible_ephemeral 12828requires_config_enabled MBEDTLS_DEBUG_C 12829requires_config_enabled MBEDTLS_SSL_CLI_C 12830requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12831 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12832run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ 12833 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12834 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ 12835 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ 12836 0 \ 12837 -c "got a certificate request" \ 12838 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12839 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12840 -c "Protocol is TLSv1.3" 12841 12842requires_gnutls_tls1_3 12843requires_gnutls_next_no_ticket 12844requires_config_enabled MBEDTLS_DEBUG_C 12845requires_config_enabled MBEDTLS_SSL_CLI_C 12846requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12847 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12848run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ 12849 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12850 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ 12851 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ 12852 0 \ 12853 -c "got a certificate request" \ 12854 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12855 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12856 -c "Protocol is TLSv1.3" 12857 12858requires_openssl_tls1_3_with_compatible_ephemeral 12859requires_config_enabled MBEDTLS_DEBUG_C 12860requires_config_enabled MBEDTLS_SSL_CLI_C 12861requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12862 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12863run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ 12864 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12865 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 12866 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ 12867 0 \ 12868 -c "got a certificate request" \ 12869 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12870 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12871 -c "Protocol is TLSv1.3" 12872 12873requires_gnutls_tls1_3 12874requires_gnutls_next_no_ticket 12875requires_config_enabled MBEDTLS_DEBUG_C 12876requires_config_enabled MBEDTLS_SSL_CLI_C 12877requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12878 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12879run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ 12880 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12881 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 12882 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ 12883 0 \ 12884 -c "got a certificate request" \ 12885 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12886 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12887 -c "Protocol is TLSv1.3" 12888 12889requires_openssl_tls1_3_with_compatible_ephemeral 12890requires_config_enabled MBEDTLS_DEBUG_C 12891requires_config_enabled MBEDTLS_SSL_CLI_C 12892requires_config_enabled MBEDTLS_RSA_C 12893requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12894 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12895run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ 12896 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12897 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ 12898 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 12899 0 \ 12900 -c "got a certificate request" \ 12901 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12902 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12903 -c "Protocol is TLSv1.3" 12904 12905requires_gnutls_tls1_3 12906requires_gnutls_next_no_ticket 12907requires_config_enabled MBEDTLS_DEBUG_C 12908requires_config_enabled MBEDTLS_SSL_CLI_C 12909requires_config_enabled MBEDTLS_RSA_C 12910requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12911 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12912run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ 12913 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12914 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 12915 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 12916 0 \ 12917 -c "got a certificate request" \ 12918 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12919 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12920 -c "Protocol is TLSv1.3" 12921 12922requires_openssl_tls1_3_with_compatible_ephemeral 12923requires_config_enabled MBEDTLS_DEBUG_C 12924requires_config_enabled MBEDTLS_SSL_CLI_C 12925requires_config_enabled MBEDTLS_RSA_C 12926requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12927 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12928run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ 12929 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12930 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ 12931 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 12932 0 \ 12933 -c "got a certificate request" \ 12934 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12935 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12936 -c "Protocol is TLSv1.3" 12937 12938requires_gnutls_tls1_3 12939requires_gnutls_next_no_ticket 12940requires_config_enabled MBEDTLS_DEBUG_C 12941requires_config_enabled MBEDTLS_SSL_CLI_C 12942requires_config_enabled MBEDTLS_RSA_C 12943requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12944 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12945run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ 12946 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12947 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 12948 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 12949 0 \ 12950 -c "got a certificate request" \ 12951 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12952 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12953 -c "Protocol is TLSv1.3" 12954 12955requires_openssl_tls1_3_with_compatible_ephemeral 12956requires_config_enabled MBEDTLS_DEBUG_C 12957requires_config_enabled MBEDTLS_SSL_CLI_C 12958requires_config_enabled MBEDTLS_RSA_C 12959requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12960 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12961run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ 12962 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12963 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ 12964 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 12965 0 \ 12966 -c "got a certificate request" \ 12967 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12968 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12969 -c "Protocol is TLSv1.3" 12970 12971requires_gnutls_tls1_3 12972requires_gnutls_next_no_ticket 12973requires_config_enabled MBEDTLS_DEBUG_C 12974requires_config_enabled MBEDTLS_SSL_CLI_C 12975requires_config_enabled MBEDTLS_RSA_C 12976requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12977 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12978run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ 12979 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12980 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 12981 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 12982 0 \ 12983 -c "got a certificate request" \ 12984 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12985 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12986 -c "Protocol is TLSv1.3" 12987 12988requires_openssl_tls1_3_with_compatible_ephemeral 12989requires_config_enabled MBEDTLS_DEBUG_C 12990requires_config_enabled MBEDTLS_SSL_CLI_C 12991requires_config_enabled MBEDTLS_RSA_C 12992requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12993 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12994run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ 12995 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 12996 -sigalgs ecdsa_secp256r1_sha256" \ 12997 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 12998 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 12999 1 \ 13000 -c "got a certificate request" \ 13001 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13002 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13003 -c "no suitable signature algorithm" 13004 13005requires_gnutls_tls1_3 13006requires_gnutls_next_no_ticket 13007requires_config_enabled MBEDTLS_DEBUG_C 13008requires_config_enabled MBEDTLS_SSL_CLI_C 13009requires_config_enabled MBEDTLS_RSA_C 13010requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13011 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13012run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ 13013 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ 13014 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 13015 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 13016 1 \ 13017 -c "got a certificate request" \ 13018 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13019 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13020 -c "no suitable signature algorithm" 13021 13022# Test using an opaque private key for client authentication 13023requires_openssl_tls1_3_with_compatible_ephemeral 13024requires_config_enabled MBEDTLS_DEBUG_C 13025requires_config_enabled MBEDTLS_SSL_CLI_C 13026requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13028run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ 13029 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ 13030 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ 13031 0 \ 13032 -c "got a certificate request" \ 13033 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13034 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13035 -c "Protocol is TLSv1.3" 13036 13037requires_gnutls_tls1_3 13038requires_gnutls_next_no_ticket 13039requires_config_enabled MBEDTLS_DEBUG_C 13040requires_config_enabled MBEDTLS_SSL_CLI_C 13041requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13043run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ 13044 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ 13045 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ 13046 key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ 13047 0 \ 13048 -c "got a certificate request" \ 13049 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13050 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13051 -c "Protocol is TLSv1.3" 13052 13053requires_openssl_tls1_3_with_compatible_ephemeral 13054requires_config_enabled MBEDTLS_DEBUG_C 13055requires_config_enabled MBEDTLS_SSL_CLI_C 13056requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13057requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13058 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13059run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ 13060 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 13061 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ 13062 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ 13063 0 \ 13064 -c "got a certificate request" \ 13065 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13066 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13067 -c "Protocol is TLSv1.3" 13068 13069requires_gnutls_tls1_3 13070requires_gnutls_next_no_ticket 13071requires_config_enabled MBEDTLS_DEBUG_C 13072requires_config_enabled MBEDTLS_SSL_CLI_C 13073requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13074requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13075 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13076run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ 13077 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 13078 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ 13079 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ 13080 0 \ 13081 -c "got a certificate request" \ 13082 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13083 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13084 -c "Protocol is TLSv1.3" 13085 13086requires_openssl_tls1_3_with_compatible_ephemeral 13087requires_config_enabled MBEDTLS_DEBUG_C 13088requires_config_enabled MBEDTLS_SSL_CLI_C 13089requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13090requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13091 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13092run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ 13093 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 13094 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ 13095 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ 13096 0 \ 13097 -c "got a certificate request" \ 13098 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13099 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13100 -c "Protocol is TLSv1.3" 13101 13102requires_gnutls_tls1_3 13103requires_gnutls_next_no_ticket 13104requires_config_enabled MBEDTLS_DEBUG_C 13105requires_config_enabled MBEDTLS_SSL_CLI_C 13106requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13107requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13108 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13109run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ 13110 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 13111 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ 13112 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ 13113 0 \ 13114 -c "got a certificate request" \ 13115 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13116 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13117 -c "Protocol is TLSv1.3" 13118 13119requires_openssl_tls1_3_with_compatible_ephemeral 13120requires_config_enabled MBEDTLS_DEBUG_C 13121requires_config_enabled MBEDTLS_SSL_CLI_C 13122requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13123requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13124 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13125run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ 13126 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 13127 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 13128 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ 13129 0 \ 13130 -c "got a certificate request" \ 13131 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13132 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13133 -c "Protocol is TLSv1.3" 13134 13135requires_gnutls_tls1_3 13136requires_gnutls_next_no_ticket 13137requires_config_enabled MBEDTLS_DEBUG_C 13138requires_config_enabled MBEDTLS_SSL_CLI_C 13139requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13140requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13141 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13142run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ 13143 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 13144 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 13145 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ 13146 0 \ 13147 -c "got a certificate request" \ 13148 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13149 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13150 -c "Protocol is TLSv1.3" 13151 13152requires_openssl_tls1_3_with_compatible_ephemeral 13153requires_config_enabled MBEDTLS_DEBUG_C 13154requires_config_enabled MBEDTLS_SSL_CLI_C 13155requires_config_enabled MBEDTLS_RSA_C 13156requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13157requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13158 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13159run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ 13160 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 13161 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ 13162 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ 13163 0 \ 13164 -c "got a certificate request" \ 13165 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13166 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13167 -c "Protocol is TLSv1.3" 13168 13169requires_gnutls_tls1_3 13170requires_gnutls_next_no_ticket 13171requires_config_enabled MBEDTLS_DEBUG_C 13172requires_config_enabled MBEDTLS_SSL_CLI_C 13173requires_config_enabled MBEDTLS_RSA_C 13174requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13175requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13176 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13177run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ 13178 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 13179 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 13180 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ 13181 0 \ 13182 -c "got a certificate request" \ 13183 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13184 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13185 -c "Protocol is TLSv1.3" 13186 13187requires_openssl_tls1_3_with_compatible_ephemeral 13188requires_config_enabled MBEDTLS_DEBUG_C 13189requires_config_enabled MBEDTLS_SSL_CLI_C 13190requires_config_enabled MBEDTLS_RSA_C 13191requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13192requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13193 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13194run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ 13195 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 13196 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ 13197 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 13198 0 \ 13199 -c "got a certificate request" \ 13200 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13201 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13202 -c "Protocol is TLSv1.3" 13203 13204requires_gnutls_tls1_3 13205requires_gnutls_next_no_ticket 13206requires_config_enabled MBEDTLS_DEBUG_C 13207requires_config_enabled MBEDTLS_SSL_CLI_C 13208requires_config_enabled MBEDTLS_RSA_C 13209requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13210requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13211 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13212run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ 13213 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 13214 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 13215 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 13216 0 \ 13217 -c "got a certificate request" \ 13218 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13219 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13220 -c "Protocol is TLSv1.3" 13221 13222requires_openssl_tls1_3_with_compatible_ephemeral 13223requires_config_enabled MBEDTLS_DEBUG_C 13224requires_config_enabled MBEDTLS_SSL_CLI_C 13225requires_config_enabled MBEDTLS_RSA_C 13226requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13227requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13228 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13229run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ 13230 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 13231 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ 13232 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 13233 0 \ 13234 -c "got a certificate request" \ 13235 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13236 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13237 -c "Protocol is TLSv1.3" 13238 13239requires_gnutls_tls1_3 13240requires_gnutls_next_no_ticket 13241requires_config_enabled MBEDTLS_DEBUG_C 13242requires_config_enabled MBEDTLS_SSL_CLI_C 13243requires_config_enabled MBEDTLS_RSA_C 13244requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13245requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13246 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13247run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ 13248 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 13249 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ 13250 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 13251 0 \ 13252 -c "got a certificate request" \ 13253 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13254 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13255 -c "Protocol is TLSv1.3" 13256 13257requires_openssl_tls1_3_with_compatible_ephemeral 13258requires_config_enabled MBEDTLS_DEBUG_C 13259requires_config_enabled MBEDTLS_SSL_CLI_C 13260requires_config_enabled MBEDTLS_RSA_C 13261requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13262requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13263 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13264run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ 13265 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 13266 -sigalgs ecdsa_secp256r1_sha256" \ 13267 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 13268 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ 13269 1 \ 13270 -c "got a certificate request" \ 13271 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13272 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13273 -c "no suitable signature algorithm" 13274 13275requires_gnutls_tls1_3 13276requires_gnutls_next_no_ticket 13277requires_config_enabled MBEDTLS_DEBUG_C 13278requires_config_enabled MBEDTLS_SSL_CLI_C 13279requires_config_enabled MBEDTLS_RSA_C 13280requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 13281requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13282 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13283run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ 13284 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ 13285 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ 13286 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ 13287 1 \ 13288 -c "got a certificate request" \ 13289 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 13290 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 13291 -c "no suitable signature algorithm" 13292 13293requires_openssl_tls1_3_with_compatible_ephemeral 13294requires_config_enabled MBEDTLS_DEBUG_C 13295requires_config_enabled MBEDTLS_SSL_CLI_C 13296requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13297 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13298run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ 13299 "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 13300 "$P_CLI debug_level=4" \ 13301 0 \ 13302 -c "received HelloRetryRequest message" \ 13303 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 13304 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 13305 -c "Protocol is TLSv1.3" \ 13306 -c "HTTP/1.0 200 ok" 13307 13308requires_openssl_tls1_3_with_compatible_ephemeral 13309requires_config_enabled MBEDTLS_DEBUG_C 13310requires_config_enabled MBEDTLS_SSL_CLI_C 13311requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13312 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13313run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ 13314 "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 13315 "$P_CLI debug_level=4" \ 13316 0 \ 13317 -c "received HelloRetryRequest message" \ 13318 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 13319 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 13320 -c "Protocol is TLSv1.3" \ 13321 -c "HTTP/1.0 200 ok" 13322 13323requires_gnutls_tls1_3 13324requires_gnutls_next_no_ticket 13325requires_config_enabled MBEDTLS_DEBUG_C 13326requires_config_enabled MBEDTLS_SSL_CLI_C 13327requires_config_enabled PSA_WANT_ALG_ECDH 13328requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13329 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13330run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ 13331 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ 13332 "$P_CLI debug_level=4" \ 13333 0 \ 13334 -c "received HelloRetryRequest message" \ 13335 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 13336 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 13337 -c "Protocol is TLSv1.3" \ 13338 -c "HTTP/1.0 200 OK" 13339 13340requires_gnutls_tls1_3 13341requires_gnutls_next_no_ticket 13342requires_config_enabled MBEDTLS_DEBUG_C 13343requires_config_enabled MBEDTLS_SSL_CLI_C 13344requires_config_enabled PSA_WANT_ALG_ECDH 13345requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13346 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13347run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ 13348 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ 13349 "$P_CLI debug_level=4" \ 13350 0 \ 13351 -c "received HelloRetryRequest message" \ 13352 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 13353 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 13354 -c "Protocol is TLSv1.3" \ 13355 -c "HTTP/1.0 200 OK" 13356 13357requires_openssl_tls1_3_with_compatible_ephemeral 13358requires_config_enabled MBEDTLS_DEBUG_C 13359requires_config_enabled MBEDTLS_SSL_SRV_C 13360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13361run_test "TLS 1.3: Server side check - openssl" \ 13362 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13363 "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ 13364 0 \ 13365 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13366 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13367 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13368 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13369 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 13370 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 13371 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ 13372 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" 13373 13374requires_openssl_tls1_3_with_compatible_ephemeral 13375requires_config_enabled MBEDTLS_DEBUG_C 13376requires_config_enabled MBEDTLS_SSL_SRV_C 13377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13378run_test "TLS 1.3: Server side check - openssl with client authentication" \ 13379 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13380 "$O_NEXT_CLI -msg -debug -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3 -no_middlebox" \ 13381 0 \ 13382 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13383 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13384 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13385 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 13386 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13387 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 13388 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 13389 -s "=> write certificate request" \ 13390 -s "=> parse client hello" \ 13391 -s "<= parse client hello" 13392 13393requires_gnutls_tls1_3 13394requires_gnutls_next_no_ticket 13395requires_config_enabled MBEDTLS_DEBUG_C 13396requires_config_enabled MBEDTLS_SSL_SRV_C 13397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13398run_test "TLS 1.3: Server side check - gnutls" \ 13399 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13400 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13401 0 \ 13402 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13403 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13404 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13405 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13406 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 13407 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 13408 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ 13409 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 13410 -c "HTTP/1.0 200 OK" 13411 13412requires_gnutls_tls1_3 13413requires_gnutls_next_no_ticket 13414requires_config_enabled MBEDTLS_DEBUG_C 13415requires_config_enabled MBEDTLS_SSL_SRV_C 13416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13417run_test "TLS 1.3: Server side check - gnutls with client authentication" \ 13418 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13419 "$G_NEXT_CLI localhost -d 4 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13420 0 \ 13421 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13422 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13423 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13424 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 13425 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13426 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 13427 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 13428 -s "=> write certificate request" \ 13429 -s "=> parse client hello" \ 13430 -s "<= parse client hello" 13431 13432requires_config_enabled MBEDTLS_DEBUG_C 13433requires_config_enabled MBEDTLS_SSL_SRV_C 13434requires_config_enabled MBEDTLS_SSL_CLI_C 13435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13436run_test "TLS 1.3: Server side check - mbedtls" \ 13437 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13438 "$P_CLI debug_level=4" \ 13439 0 \ 13440 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13441 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13442 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13443 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 13444 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13445 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 13446 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 13447 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ 13448 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 13449 -c "HTTP/1.0 200 OK" 13450 13451requires_config_enabled MBEDTLS_DEBUG_C 13452requires_config_enabled MBEDTLS_SSL_SRV_C 13453requires_config_enabled MBEDTLS_SSL_CLI_C 13454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13455run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ 13456 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13457 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ 13458 0 \ 13459 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13460 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13461 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13462 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13463 -s "=> write certificate request" \ 13464 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 13465 -s "=> parse client hello" \ 13466 -s "<= parse client hello" 13467 13468requires_config_enabled MBEDTLS_DEBUG_C 13469requires_config_enabled MBEDTLS_SSL_SRV_C 13470requires_config_enabled MBEDTLS_SSL_CLI_C 13471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13472run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ 13473 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13474 "$P_CLI debug_level=4 crt_file=none key_file=none" \ 13475 1 \ 13476 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13477 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13478 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13479 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13480 -s "=> write certificate request" \ 13481 -s "SSL - No client certification received from the client, but required by the authentication mode" \ 13482 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 13483 -s "=> parse client hello" \ 13484 -s "<= parse client hello" 13485 13486requires_config_enabled MBEDTLS_DEBUG_C 13487requires_config_enabled MBEDTLS_SSL_SRV_C 13488requires_config_enabled MBEDTLS_SSL_CLI_C 13489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13490run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ 13491 "$P_SRV debug_level=4 auth_mode=optional crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13492 "$P_CLI debug_level=4 crt_file=none key_file=none" \ 13493 0 \ 13494 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13495 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13496 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13497 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13498 -s "=> write certificate request" \ 13499 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 13500 -s "=> parse client hello" \ 13501 -s "<= parse client hello" 13502 13503requires_config_enabled MBEDTLS_DEBUG_C 13504requires_config_enabled MBEDTLS_SSL_CLI_C 13505requires_config_enabled MBEDTLS_SSL_SRV_C 13506requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13507requires_config_enabled PSA_WANT_ALG_ECDH 13508run_test "TLS 1.3: server: HRR check - mbedtls" \ 13509 "$P_SRV debug_level=4 groups=secp384r1" \ 13510 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13511 0 \ 13512 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 13513 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 13514 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13515 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ 13516 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 13517 -s "selected_group: secp384r1" \ 13518 -s "=> write hello retry request" \ 13519 -s "<= write hello retry request" 13520 13521requires_config_enabled MBEDTLS_DEBUG_C 13522requires_config_enabled MBEDTLS_SSL_SRV_C 13523requires_config_enabled MBEDTLS_SSL_CLI_C 13524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13525run_test "TLS 1.3: Server side check, no server certificate available" \ 13526 "$P_SRV debug_level=4 crt_file=none key_file=none" \ 13527 "$P_CLI debug_level=4" \ 13528 1 \ 13529 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 13530 -s "No certificate available." 13531 13532requires_openssl_tls1_3_with_compatible_ephemeral 13533requires_config_enabled MBEDTLS_DEBUG_C 13534requires_config_enabled MBEDTLS_SSL_SRV_C 13535requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13536 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13537run_test "TLS 1.3: Server side check - openssl with sni" \ 13538 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ 13539 sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 13540 "$O_NEXT_CLI -msg -debug -servername localhost -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3" \ 13541 0 \ 13542 -s "parse ServerName extension" \ 13543 -s "HTTP/1.0 200 OK" 13544 13545requires_gnutls_tls1_3 13546requires_config_enabled MBEDTLS_DEBUG_C 13547requires_config_enabled MBEDTLS_SSL_SRV_C 13548requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13549 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13550run_test "TLS 1.3: Server side check - gnutls with sni" \ 13551 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ 13552 sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 13553 "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \ 13554 0 \ 13555 -s "parse ServerName extension" \ 13556 -s "HTTP/1.0 200 OK" 13557 13558requires_config_enabled MBEDTLS_DEBUG_C 13559requires_config_enabled MBEDTLS_SSL_SRV_C 13560requires_config_enabled MBEDTLS_SSL_CLI_C 13561requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13562 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13563run_test "TLS 1.3: Server side check - mbedtls with sni" \ 13564 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ 13565 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ 13566 "$P_CLI debug_level=4 server_name=localhost crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ 13567 0 \ 13568 -s "parse ServerName extension" \ 13569 -s "HTTP/1.0 200 OK" 13570 13571for i in opt-testcases/*.sh 13572do 13573 TEST_SUITE_NAME=${i##*/} 13574 TEST_SUITE_NAME=${TEST_SUITE_NAME%.*} 13575 . "$i" 13576done 13577unset TEST_SUITE_NAME 13578 13579# Test 1.3 compatibility mode 13580requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13581requires_config_enabled MBEDTLS_DEBUG_C 13582requires_config_enabled MBEDTLS_SSL_SRV_C 13583requires_config_enabled MBEDTLS_SSL_CLI_C 13584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13585run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ 13586 "$P_SRV debug_level=4 tickets=0" \ 13587 "$P_CLI debug_level=4" \ 13588 0 \ 13589 -s "Protocol is TLSv1.3" \ 13590 -c "Protocol is TLSv1.3" \ 13591 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13592 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13593 13594requires_config_enabled MBEDTLS_DEBUG_C 13595requires_config_enabled MBEDTLS_SSL_SRV_C 13596requires_config_enabled MBEDTLS_SSL_CLI_C 13597requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13598 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13599run_test "TLS 1.3 m->m both with middlebox compat support" \ 13600 "$P_SRV debug_level=4 tickets=0" \ 13601 "$P_CLI debug_level=4" \ 13602 0 \ 13603 -s "Protocol is TLSv1.3" \ 13604 -c "Protocol is TLSv1.3" \ 13605 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13606 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13607 13608requires_openssl_tls1_3_with_compatible_ephemeral 13609requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13610requires_config_enabled MBEDTLS_DEBUG_C 13611requires_config_enabled MBEDTLS_SSL_CLI_C 13612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13613run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ 13614 "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ 13615 "$P_CLI debug_level=4" \ 13616 0 \ 13617 -c "Protocol is TLSv1.3" \ 13618 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 13619 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13620 13621requires_openssl_tls1_3_with_compatible_ephemeral 13622requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13623requires_config_enabled MBEDTLS_DEBUG_C 13624requires_config_enabled MBEDTLS_SSL_CLI_C 13625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13626run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ 13627 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 13628 "$P_CLI debug_level=4" \ 13629 1 \ 13630 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 13631 13632requires_openssl_tls1_3_with_compatible_ephemeral 13633requires_config_enabled MBEDTLS_DEBUG_C 13634requires_config_enabled MBEDTLS_SSL_CLI_C 13635requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13636 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13637run_test "TLS 1.3 m->O both with middlebox compat support" \ 13638 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 13639 "$P_CLI debug_level=4" \ 13640 0 \ 13641 -c "Protocol is TLSv1.3" \ 13642 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13643 13644requires_gnutls_tls1_3 13645requires_gnutls_next_no_ticket 13646requires_gnutls_next_disable_tls13_compat 13647requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13648requires_config_enabled MBEDTLS_DEBUG_C 13649requires_config_enabled MBEDTLS_SSL_CLI_C 13650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13651run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ 13652 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ 13653 "$P_CLI debug_level=4" \ 13654 0 \ 13655 -c "Protocol is TLSv1.3" \ 13656 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 13657 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13658 13659requires_gnutls_tls1_3 13660requires_gnutls_next_no_ticket 13661requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13662requires_config_enabled MBEDTLS_DEBUG_C 13663requires_config_enabled MBEDTLS_SSL_CLI_C 13664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13665run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ 13666 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 13667 "$P_CLI debug_level=4" \ 13668 1 \ 13669 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 13670 13671requires_gnutls_tls1_3 13672requires_gnutls_next_no_ticket 13673requires_config_enabled MBEDTLS_DEBUG_C 13674requires_config_enabled MBEDTLS_SSL_CLI_C 13675requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13676 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13677run_test "TLS 1.3 m->G both with middlebox compat support" \ 13678 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 13679 "$P_CLI debug_level=4" \ 13680 0 \ 13681 -c "Protocol is TLSv1.3" \ 13682 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13683 13684requires_openssl_tls1_3_with_compatible_ephemeral 13685requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13686requires_config_enabled MBEDTLS_DEBUG_C 13687requires_config_enabled MBEDTLS_SSL_SRV_C 13688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13689run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ 13690 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13691 "$O_NEXT_CLI -msg -debug -no_middlebox" \ 13692 0 \ 13693 -s "Protocol is TLSv1.3" \ 13694 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13695 -C "14 03 03 00 01" 13696 13697requires_openssl_tls1_3_with_compatible_ephemeral 13698requires_config_enabled MBEDTLS_DEBUG_C 13699requires_config_enabled MBEDTLS_SSL_SRV_C 13700requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13701 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13702run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ 13703 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13704 "$O_NEXT_CLI -msg -debug -no_middlebox" \ 13705 0 \ 13706 -s "Protocol is TLSv1.3" \ 13707 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" 13708 13709requires_openssl_tls1_3_with_compatible_ephemeral 13710requires_config_enabled MBEDTLS_DEBUG_C 13711requires_config_enabled MBEDTLS_SSL_SRV_C 13712requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13713 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13714run_test "TLS 1.3 O->m both with middlebox compat support" \ 13715 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13716 "$O_NEXT_CLI -msg -debug" \ 13717 0 \ 13718 -s "Protocol is TLSv1.3" \ 13719 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13720 -c "14 03 03 00 01" 13721 13722requires_gnutls_tls1_3 13723requires_gnutls_next_no_ticket 13724requires_gnutls_next_disable_tls13_compat 13725requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13726requires_config_enabled MBEDTLS_DEBUG_C 13727requires_config_enabled MBEDTLS_SSL_SRV_C 13728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13729run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ 13730 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13731 "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13732 0 \ 13733 -s "Protocol is TLSv1.3" \ 13734 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13735 -C "SSL 3.3 ChangeCipherSpec packet received" 13736 13737requires_gnutls_tls1_3 13738requires_gnutls_next_no_ticket 13739requires_gnutls_next_disable_tls13_compat 13740requires_config_enabled MBEDTLS_DEBUG_C 13741requires_config_enabled MBEDTLS_SSL_SRV_C 13742requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13743 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13744run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ 13745 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13746 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13747 0 \ 13748 -s "Protocol is TLSv1.3" \ 13749 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13750 -c "SSL 3.3 ChangeCipherSpec packet received" \ 13751 -c "discarding change cipher spec in TLS1.3" 13752 13753requires_gnutls_tls1_3 13754requires_gnutls_next_no_ticket 13755requires_gnutls_next_disable_tls13_compat 13756requires_config_enabled MBEDTLS_DEBUG_C 13757requires_config_enabled MBEDTLS_SSL_SRV_C 13758requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13759 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13760run_test "TLS 1.3 G->m both with middlebox compat support" \ 13761 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ 13762 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13763 0 \ 13764 -s "Protocol is TLSv1.3" \ 13765 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 13766 -c "SSL 3.3 ChangeCipherSpec packet received" 13767 13768requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13769requires_config_enabled MBEDTLS_DEBUG_C 13770requires_config_enabled MBEDTLS_SSL_SRV_C 13771requires_config_enabled MBEDTLS_SSL_CLI_C 13772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13773run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ 13774 "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ 13775 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13776 0 \ 13777 -s "Protocol is TLSv1.3" \ 13778 -c "Protocol is TLSv1.3" \ 13779 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ 13780 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13781 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13782 13783requires_config_enabled MBEDTLS_DEBUG_C 13784requires_config_enabled MBEDTLS_SSL_SRV_C 13785requires_config_enabled MBEDTLS_SSL_CLI_C 13786requires_config_enabled PSA_WANT_ALG_ECDH 13787requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13788 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13789run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ 13790 "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ 13791 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13792 0 \ 13793 -s "Protocol is TLSv1.3" \ 13794 -c "Protocol is TLSv1.3" \ 13795 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ 13796 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13797 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13798 13799requires_openssl_tls1_3_with_compatible_ephemeral 13800requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13801requires_config_enabled MBEDTLS_DEBUG_C 13802requires_config_enabled MBEDTLS_SSL_CLI_C 13803requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13804run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ 13805 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ 13806 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13807 0 \ 13808 -c "Protocol is TLSv1.3" \ 13809 -c "received HelloRetryRequest message" \ 13810 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 13811 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13812 13813requires_openssl_tls1_3_with_compatible_ephemeral 13814requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13815requires_config_enabled MBEDTLS_DEBUG_C 13816requires_config_enabled MBEDTLS_SSL_CLI_C 13817requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13818run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ 13819 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ 13820 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13821 1 \ 13822 -c "received HelloRetryRequest message" \ 13823 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 13824 13825requires_openssl_tls1_3_with_compatible_ephemeral 13826requires_config_enabled MBEDTLS_DEBUG_C 13827requires_config_enabled MBEDTLS_SSL_CLI_C 13828requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13829 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13830run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ 13831 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 13832 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13833 0 \ 13834 -c "Protocol is TLSv1.3" \ 13835 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13836 13837requires_gnutls_tls1_3 13838requires_gnutls_next_no_ticket 13839requires_gnutls_next_disable_tls13_compat 13840requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13841requires_config_enabled MBEDTLS_DEBUG_C 13842requires_config_enabled MBEDTLS_SSL_CLI_C 13843requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13844run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ 13845 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ 13846 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13847 0 \ 13848 -c "Protocol is TLSv1.3" \ 13849 -c "received HelloRetryRequest message" \ 13850 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 13851 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13852 13853requires_gnutls_tls1_3 13854requires_gnutls_next_no_ticket 13855requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13856requires_config_enabled MBEDTLS_DEBUG_C 13857requires_config_enabled MBEDTLS_SSL_CLI_C 13858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13859run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ 13860 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ 13861 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13862 1 \ 13863 -c "received HelloRetryRequest message" \ 13864 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 13865 13866requires_gnutls_tls1_3 13867requires_gnutls_next_no_ticket 13868requires_config_enabled MBEDTLS_DEBUG_C 13869requires_config_enabled MBEDTLS_SSL_CLI_C 13870requires_config_enabled PSA_WANT_ALG_ECDH 13871requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13872 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13873run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ 13874 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 13875 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 13876 0 \ 13877 -c "Protocol is TLSv1.3" \ 13878 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 13879 13880requires_openssl_tls1_3_with_compatible_ephemeral 13881requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13882requires_config_enabled MBEDTLS_DEBUG_C 13883requires_config_enabled MBEDTLS_SSL_SRV_C 13884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13885run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ 13886 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ 13887 "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 13888 0 \ 13889 -s "Protocol is TLSv1.3" \ 13890 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13891 -C "14 03 03 00 01" 13892 13893requires_openssl_tls1_3_with_compatible_ephemeral 13894requires_config_enabled MBEDTLS_DEBUG_C 13895requires_config_enabled MBEDTLS_SSL_SRV_C 13896requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13897 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13898run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ 13899 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ 13900 "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 13901 0 \ 13902 -s "Protocol is TLSv1.3" \ 13903 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13904 13905requires_openssl_tls1_3_with_compatible_ephemeral 13906requires_config_enabled MBEDTLS_DEBUG_C 13907requires_config_enabled MBEDTLS_SSL_SRV_C 13908requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13909 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13910run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ 13911 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ 13912 "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ 13913 0 \ 13914 -s "Protocol is TLSv1.3" \ 13915 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13916 -c "14 03 03 00 01" 13917 13918requires_gnutls_tls1_3 13919requires_gnutls_next_no_ticket 13920requires_gnutls_next_disable_tls13_compat 13921requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13922requires_config_enabled MBEDTLS_DEBUG_C 13923requires_config_enabled MBEDTLS_SSL_SRV_C 13924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13925run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ 13926 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ 13927 "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13928 0 \ 13929 -s "Protocol is TLSv1.3" \ 13930 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13931 -C "SSL 3.3 ChangeCipherSpec packet received" 13932 13933requires_gnutls_tls1_3 13934requires_gnutls_next_no_ticket 13935requires_gnutls_next_disable_tls13_compat 13936requires_config_enabled MBEDTLS_DEBUG_C 13937requires_config_enabled MBEDTLS_SSL_SRV_C 13938requires_config_enabled PSA_WANT_ALG_ECDH 13939requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13940 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13941run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ 13942 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ 13943 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13944 0 \ 13945 -s "Protocol is TLSv1.3" \ 13946 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13947 -c "SSL 3.3 ChangeCipherSpec packet received" \ 13948 -c "discarding change cipher spec in TLS1.3" 13949 13950requires_gnutls_tls1_3 13951requires_gnutls_next_no_ticket 13952requires_gnutls_next_disable_tls13_compat 13953requires_config_enabled MBEDTLS_DEBUG_C 13954requires_config_enabled MBEDTLS_SSL_SRV_C 13955requires_config_enabled PSA_WANT_ALG_ECDH 13956requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13957 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13958run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ 13959 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ 13960 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 13961 0 \ 13962 -s "Protocol is TLSv1.3" \ 13963 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 13964 -c "SSL 3.3 ChangeCipherSpec packet received" 13965 13966requires_openssl_tls1_3_with_compatible_ephemeral 13967requires_config_enabled MBEDTLS_DEBUG_C 13968requires_config_enabled MBEDTLS_SSL_CLI_C 13969requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13970 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13971run_test "TLS 1.3: Check signature algorithm order, m->O" \ 13972 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key 13973 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache 13974 -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ 13975 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ 13976 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 13977 0 \ 13978 -c "Protocol is TLSv1.3" \ 13979 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ 13980 -c "HTTP/1.0 200 [Oo][Kk]" 13981 13982requires_gnutls_tls1_3 13983requires_config_enabled MBEDTLS_DEBUG_C 13984requires_config_enabled MBEDTLS_SSL_CLI_C 13985requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13986 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13987run_test "TLS 1.3: Check signature algorithm order, m->G" \ 13988 "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key 13989 -d 4 13990 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ 13991 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ 13992 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 13993 0 \ 13994 -c "Protocol is TLSv1.3" \ 13995 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ 13996 -c "HTTP/1.0 200 [Oo][Kk]" 13997 13998requires_config_enabled MBEDTLS_DEBUG_C 13999requires_config_enabled MBEDTLS_SSL_SRV_C 14000requires_config_enabled MBEDTLS_SSL_CLI_C 14001requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14002 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14003run_test "TLS 1.3: Check signature algorithm order, m->m" \ 14004 "$P_SRV debug_level=4 auth_mode=required 14005 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14006 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14007 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 14008 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ 14009 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 14010 0 \ 14011 -c "Protocol is TLSv1.3" \ 14012 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ 14013 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 14014 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ 14015 -c "HTTP/1.0 200 [Oo][Kk]" 14016 14017requires_openssl_tls1_3_with_compatible_ephemeral 14018requires_config_enabled MBEDTLS_DEBUG_C 14019requires_config_enabled MBEDTLS_SSL_SRV_C 14020requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14021 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14022run_test "TLS 1.3: Check signature algorithm order, O->m" \ 14023 "$P_SRV debug_level=4 auth_mode=required 14024 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14025 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14026 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 14027 "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ 14028 -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ 14029 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ 14030 0 \ 14031 -c "TLSv1.3" \ 14032 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 14033 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" 14034 14035requires_gnutls_tls1_3 14036requires_config_enabled MBEDTLS_DEBUG_C 14037requires_config_enabled MBEDTLS_SSL_SRV_C 14038requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14039 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14040run_test "TLS 1.3: Check signature algorithm order, G->m" \ 14041 "$P_SRV debug_level=4 auth_mode=required 14042 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14043 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14044 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 14045 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ 14046 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ 14047 --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \ 14048 0 \ 14049 -c "Negotiated version: 3.4" \ 14050 -c "HTTP/1.0 200 [Oo][Kk]" \ 14051 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 14052 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" 14053 14054requires_gnutls_tls1_3 14055requires_config_enabled MBEDTLS_DEBUG_C 14056requires_config_enabled MBEDTLS_SSL_SRV_C 14057requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14058 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14059run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ 14060 "$P_SRV debug_level=4 auth_mode=required 14061 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14062 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14063 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ 14064 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ 14065 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ 14066 --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ 14067 1 \ 14068 -S "ssl_tls13_pick_key_cert:check signature algorithm" 14069 14070requires_openssl_tls1_3_with_compatible_ephemeral 14071requires_config_enabled MBEDTLS_DEBUG_C 14072requires_config_enabled MBEDTLS_SSL_SRV_C 14073requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14074 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14075run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ 14076 "$P_SRV debug_level=4 auth_mode=required 14077 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14078 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14079 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \ 14080 "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ 14081 -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ 14082 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ 14083 1 \ 14084 -S "ssl_tls13_pick_key_cert:check signature algorithm" 14085 14086requires_config_enabled MBEDTLS_DEBUG_C 14087requires_config_enabled MBEDTLS_SSL_SRV_C 14088requires_config_enabled MBEDTLS_SSL_CLI_C 14089requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14090 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14091run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ 14092 "$P_SRV debug_level=4 auth_mode=required 14093 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14094 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14095 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ 14096 "$P_CLI allow_sha1=0 debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ 14097 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ 14098 1 \ 14099 -S "ssl_tls13_pick_key_cert:check signature algorithm" 14100 14101requires_gnutls_tls1_3 14102requires_config_enabled MBEDTLS_DEBUG_C 14103requires_config_enabled MBEDTLS_SSL_SRV_C 14104requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14105 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14106run_test "TLS 1.3: Check server no suitable certificate, G->m" \ 14107 "$P_SRV debug_level=4 14108 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key 14109 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 14110 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ 14111 --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \ 14112 1 \ 14113 -s "ssl_tls13_pick_key_cert:no suitable certificate found" 14114 14115requires_openssl_tls1_3_with_compatible_ephemeral 14116requires_config_enabled MBEDTLS_DEBUG_C 14117requires_config_enabled MBEDTLS_SSL_SRV_C 14118requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14119 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14120run_test "TLS 1.3: Check server no suitable certificate, O->m" \ 14121 "$P_SRV debug_level=4 14122 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key 14123 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 14124 "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ 14125 -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \ 14126 1 \ 14127 -s "ssl_tls13_pick_key_cert:no suitable certificate found" 14128 14129requires_config_enabled MBEDTLS_DEBUG_C 14130requires_config_enabled MBEDTLS_SSL_SRV_C 14131requires_config_enabled MBEDTLS_SSL_CLI_C 14132requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14133 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14134run_test "TLS 1.3: Check server no suitable certificate, m->m" \ 14135 "$P_SRV debug_level=4 14136 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key 14137 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 14138 "$P_CLI allow_sha1=0 debug_level=4 \ 14139 sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \ 14140 1 \ 14141 -s "ssl_tls13_pick_key_cert:no suitable certificate found" 14142 14143requires_openssl_tls1_3_with_compatible_ephemeral 14144requires_config_enabled MBEDTLS_DEBUG_C 14145requires_config_enabled MBEDTLS_SSL_CLI_C 14146requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14148run_test "TLS 1.3: Check client no signature algorithm, m->O" \ 14149 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key 14150 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache 14151 -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ 14152 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 14153 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 14154 1 \ 14155 -c "no suitable signature algorithm" 14156 14157requires_gnutls_tls1_3 14158requires_config_enabled MBEDTLS_DEBUG_C 14159requires_config_enabled MBEDTLS_SSL_CLI_C 14160requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14161 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14162run_test "TLS 1.3: Check client no signature algorithm, m->G" \ 14163 "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key 14164 -d 4 14165 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ 14166 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 14167 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 14168 1 \ 14169 -c "no suitable signature algorithm" 14170 14171requires_config_enabled MBEDTLS_DEBUG_C 14172requires_config_enabled MBEDTLS_SSL_SRV_C 14173requires_config_enabled MBEDTLS_SSL_CLI_C 14174requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 14175 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14176run_test "TLS 1.3: Check client no signature algorithm, m->m" \ 14177 "$P_SRV debug_level=4 auth_mode=required 14178 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key 14179 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key 14180 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ 14181 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ 14182 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 14183 1 \ 14184 -c "no suitable signature algorithm" 14185 14186requires_openssl_tls1_3_with_compatible_ephemeral 14187requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 14188requires_config_enabled MBEDTLS_DEBUG_C 14189requires_config_enabled MBEDTLS_SSL_CLI_C 14190run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ 14191 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key 14192 -msg -tls1_2 14193 -Verify 10 " \ 14194 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key 14195 sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 14196 min_version=tls12 max_version=tls13 " \ 14197 0 \ 14198 -c "Protocol is TLSv1.2" \ 14199 -c "HTTP/1.0 200 [Oo][Kk]" 14200 14201 14202requires_gnutls_tls1_3 14203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 14204requires_config_enabled MBEDTLS_DEBUG_C 14205requires_config_enabled MBEDTLS_SSL_CLI_C 14206run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ 14207 "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key 14208 -d 4 14209 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 14210 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key 14211 sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 14212 min_version=tls12 max_version=tls13 " \ 14213 0 \ 14214 -c "Protocol is TLSv1.2" \ 14215 -c "HTTP/1.0 200 [Oo][Kk]" 14216 14217requires_config_enabled MBEDTLS_SSL_SRV_C 14218requires_config_enabled MBEDTLS_DEBUG_C 14219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14221requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14222requires_config_enabled PSA_WANT_ALG_FFDH 14223requires_config_enabled PSA_WANT_DH_RFC7919_3072 14224requires_gnutls_tls1_3 14225requires_gnutls_next_no_ticket 14226requires_gnutls_next_disable_tls13_compat 14227run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ 14228 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 14229 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ 14230 0 \ 14231 -s "Protocol is TLSv1.3" \ 14232 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 14233 -s "received signature algorithm: 0x804" \ 14234 -s "got named group: ffdhe3072(0101)" \ 14235 -s "Certificate verification was skipped" \ 14236 -C "received HelloRetryRequest message" 14237 14238 14239requires_gnutls_tls1_3 14240requires_gnutls_next_no_ticket 14241requires_gnutls_next_disable_tls13_compat 14242requires_config_enabled MBEDTLS_SSL_CLI_C 14243requires_config_enabled MBEDTLS_DEBUG_C 14244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14246requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14247requires_config_enabled PSA_WANT_ALG_FFDH 14248requires_config_enabled PSA_WANT_DH_RFC7919_3072 14249run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ 14250 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ 14251 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ 14252 0 \ 14253 -c "HTTP/1.0 200 OK" \ 14254 -c "Protocol is TLSv1.3" \ 14255 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 14256 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 14257 -c "NamedGroup: ffdhe3072 ( 101 )" \ 14258 -c "Verifying peer X.509 certificate... ok" \ 14259 -C "received HelloRetryRequest message" 14260 14261requires_config_enabled MBEDTLS_SSL_SRV_C 14262requires_config_enabled MBEDTLS_DEBUG_C 14263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14265requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14266requires_config_enabled PSA_WANT_ALG_FFDH 14267requires_config_enabled PSA_WANT_DH_RFC7919_4096 14268requires_gnutls_tls1_3 14269requires_gnutls_next_no_ticket 14270requires_gnutls_next_disable_tls13_compat 14271run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ 14272 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 14273 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ 14274 0 \ 14275 -s "Protocol is TLSv1.3" \ 14276 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 14277 -s "received signature algorithm: 0x804" \ 14278 -s "got named group: ffdhe4096(0102)" \ 14279 -s "Certificate verification was skipped" \ 14280 -C "received HelloRetryRequest message" 14281 14282 14283requires_gnutls_tls1_3 14284requires_gnutls_next_no_ticket 14285requires_gnutls_next_disable_tls13_compat 14286requires_config_enabled MBEDTLS_SSL_CLI_C 14287requires_config_enabled MBEDTLS_DEBUG_C 14288requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14290requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14291requires_config_enabled PSA_WANT_ALG_FFDH 14292requires_config_enabled PSA_WANT_DH_RFC7919_4096 14293run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ 14294 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ 14295 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ 14296 0 \ 14297 -c "HTTP/1.0 200 OK" \ 14298 -c "Protocol is TLSv1.3" \ 14299 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 14300 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 14301 -c "NamedGroup: ffdhe4096 ( 102 )" \ 14302 -c "Verifying peer X.509 certificate... ok" \ 14303 -C "received HelloRetryRequest message" 14304 14305requires_config_enabled MBEDTLS_SSL_SRV_C 14306requires_config_enabled MBEDTLS_DEBUG_C 14307requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14309requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14310requires_config_enabled PSA_WANT_ALG_FFDH 14311requires_config_enabled PSA_WANT_DH_RFC7919_6144 14312requires_gnutls_tls1_3 14313requires_gnutls_next_no_ticket 14314requires_gnutls_next_disable_tls13_compat 14315run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ 14316 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 14317 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ 14318 0 \ 14319 -s "Protocol is TLSv1.3" \ 14320 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 14321 -s "received signature algorithm: 0x804" \ 14322 -s "got named group: ffdhe6144(0103)" \ 14323 -s "Certificate verification was skipped" \ 14324 -C "received HelloRetryRequest message" 14325 14326requires_gnutls_tls1_3 14327requires_gnutls_next_no_ticket 14328requires_gnutls_next_disable_tls13_compat 14329requires_config_enabled MBEDTLS_SSL_CLI_C 14330requires_config_enabled MBEDTLS_DEBUG_C 14331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14333requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14334requires_config_enabled PSA_WANT_ALG_FFDH 14335requires_config_enabled PSA_WANT_DH_RFC7919_6144 14336run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ 14337 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ 14338 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ 14339 0 \ 14340 -c "HTTP/1.0 200 OK" \ 14341 -c "Protocol is TLSv1.3" \ 14342 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 14343 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 14344 -c "NamedGroup: ffdhe6144 ( 103 )" \ 14345 -c "Verifying peer X.509 certificate... ok" \ 14346 -C "received HelloRetryRequest message" 14347 14348requires_config_enabled MBEDTLS_SSL_SRV_C 14349requires_config_enabled MBEDTLS_DEBUG_C 14350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14352requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14353requires_config_enabled PSA_WANT_ALG_FFDH 14354requires_config_enabled PSA_WANT_DH_RFC7919_8192 14355requires_gnutls_tls1_3 14356requires_gnutls_next_no_ticket 14357requires_gnutls_next_disable_tls13_compat 14358client_needs_more_time 4 14359run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ 14360 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 14361 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ 14362 0 \ 14363 -s "Protocol is TLSv1.3" \ 14364 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 14365 -s "received signature algorithm: 0x804" \ 14366 -s "got named group: ffdhe8192(0104)" \ 14367 -s "Certificate verification was skipped" \ 14368 -C "received HelloRetryRequest message" 14369 14370requires_gnutls_tls1_3 14371requires_gnutls_next_no_ticket 14372requires_gnutls_next_disable_tls13_compat 14373requires_config_enabled MBEDTLS_SSL_CLI_C 14374requires_config_enabled MBEDTLS_DEBUG_C 14375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 14377requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 14378requires_config_enabled PSA_WANT_ALG_FFDH 14379requires_config_enabled PSA_WANT_DH_RFC7919_8192 14380client_needs_more_time 4 14381run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ 14382 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ 14383 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \ 14384 0 \ 14385 -c "HTTP/1.0 200 OK" \ 14386 -c "Protocol is TLSv1.3" \ 14387 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 14388 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 14389 -c "NamedGroup: ffdhe8192 ( 104 )" \ 14390 -c "Verifying peer X.509 certificate... ok" \ 14391 -C "received HelloRetryRequest message" 14392 14393requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 14394requires_config_enabled MBEDTLS_SSL_SRV_C 14395requires_config_enabled MBEDTLS_SSL_CLI_C 14396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 14397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14398run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ 14399 "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ 14400 "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \ 14401 0 \ 14402 -C "received HelloRetryRequest message" \ 14403 -c "Selected key exchange mode: psk$" \ 14404 -c "HTTP/1.0 200 OK" 14405 14406# Legacy_compression_methods testing 14407 14408requires_gnutls 14409requires_config_enabled MBEDTLS_SSL_SRV_C 14410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 14411run_test "TLS 1.2 ClientHello indicating support for deflate compression method" \ 14412 "$P_SRV debug_level=3" \ 14413 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ 14414 0 \ 14415 -c "Handshake was completed" \ 14416 -s "dumping .client hello, compression. (2 bytes)" 14417 14418# Test heap memory usage after handshake 14419requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 14420requires_config_enabled MBEDTLS_MEMORY_DEBUG 14421requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C 14422requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 14423requires_max_content_len 16384 14424run_tests_memory_after_handshake 14425 14426if [ "$LIST_TESTS" -eq 0 ]; then 14427 14428 # Final report 14429 14430 echo "------------------------------------------------------------------------" 14431 14432 if [ $FAILS = 0 ]; then 14433 printf "PASSED" 14434 else 14435 printf "FAILED" 14436 fi 14437 PASSES=$(( $TESTS - $FAILS )) 14438 echo " ($PASSES / $TESTS tests ($SKIPS skipped))" 14439 14440 if [ $((TESTS - SKIPS)) -lt $MIN_TESTS ]; then 14441 cat <<EOF 14442Error: Expected to run at least $MIN_TESTS, but only ran $((TESTS - SKIPS)). 14443Maybe a bad filter ('$FILTER') or a bad configuration? 14444EOF 14445 if [ $FAILS -eq 0 ]; then 14446 FAILS=1 14447 fi 14448 fi 14449fi 14450 14451if [ $FAILS -gt 255 ]; then 14452 # Clamp at 255 as caller gets exit code & 0xFF 14453 # (so 256 would be 0, or success, etc) 14454 FAILS=255 14455fi 14456exit $FAILS 14457
