diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3b4a54c2d..5e6a705e1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -96,6 +96,7 @@ int main( void ) #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" +#define DFL_RESPONSE_SIZE -1 #define DFL_DEBUG_LEVEL 0 #define DFL_NBIO 0 #define DFL_READ_TIMEOUT 0 @@ -161,7 +162,7 @@ int main( void ) * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh * if you change this value to something outside the range <= 100 or > 500 */ -#define IO_BUF_LEN 200 +#define DFL_IO_BUF_LEN 200 #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_FS_IO) @@ -317,6 +318,11 @@ int main( void ) " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ + " buffer_size=%%d default: 200 \n" \ + " (minimum: 1, max: 16385)\n" \ + " response_size=%%d default: about 152 (basic response)\n" \ + " (minimum: 0, max: 16384)\n" \ + " increases buffer_size if bigger\n"\ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ @@ -385,6 +391,8 @@ struct options int debug_level; /* level of debugging */ int nbio; /* should I/O be blocking? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ + int response_size; /* pad response with header to requested size */ + uint16_t buffer_size; /* IO buffer size */ const char *ca_file; /* the file with the CA certificate(s) */ const char *ca_path; /* the path with the CA certificate(s) reside */ const char *crt_file; /* the file with the server certificate */ @@ -824,7 +832,7 @@ int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; int version_suites[4][2]; - unsigned char buf[IO_BUF_LEN]; + unsigned char* buf = 0; #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; @@ -949,9 +957,11 @@ int main( int argc, char *argv[] ) goto exit; } + opt.buffer_size = DFL_IO_BUF_LEN; opt.server_addr = DFL_SERVER_ADDR; opt.server_port = DFL_SERVER_PORT; opt.debug_level = DFL_DEBUG_LEVEL; + opt.response_size = DFL_RESPONSE_SIZE; opt.nbio = DFL_NBIO; opt.read_timeout = DFL_READ_TIMEOUT; opt.ca_file = DFL_CA_FILE; @@ -1030,6 +1040,20 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); + else if( strcmp( p, "buffer_size" ) == 0 ) + { + opt.buffer_size = atoi( q ); + if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 ) + goto usage; + } + else if( strcmp( p, "response_size" ) == 0 ) + { + opt.response_size = atoi( q ); + if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + goto usage; + if( opt.buffer_size < opt.response_size ) + opt.buffer_size = opt.response_size; + } else if( strcmp( p, "ca_file" ) == 0 ) opt.ca_file = q; else if( strcmp( p, "ca_path" ) == 0 ) @@ -1304,6 +1328,13 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif + buf = mbedtls_calloc( 1, opt.buffer_size + 1 ); + if( buf == NULL ) + { + mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size ); + ret = 3; + goto exit; + } if( opt.force_ciphersuite[0] > 0 ) { @@ -2176,8 +2207,8 @@ data_exchange: do { int terminated = 0; - len = sizeof( buf ) - 1; - memset( buf, 0, sizeof( buf ) ); + len = opt.buffer_size - 1; + memset( buf, 0, opt.buffer_size ); ret = mbedtls_ssl_read( &ssl, buf, len ); if( ret == MBEDTLS_ERR_SSL_WANT_READ || @@ -2267,8 +2298,8 @@ data_exchange: } else /* Not stream, so datagram */ { - len = sizeof( buf ) - 1; - memset( buf, 0, sizeof( buf ) ); + len = opt.buffer_size - 1; + memset( buf, 0, opt.buffer_size ); do ret = mbedtls_ssl_read( &ssl, buf, len ); while( ret == MBEDTLS_ERR_SSL_WANT_READ || @@ -2328,6 +2359,25 @@ data_exchange: len = sprintf( (char *) buf, HTTP_RESPONSE, mbedtls_ssl_get_ciphersuite( &ssl ) ); + /* Add padding to the response to reach opt.response_size in length */ + if( opt.response_size != DFL_RESPONSE_SIZE && + len < opt.response_size ) + { + memset( buf + len, 'B', opt.response_size - len ); + len += opt.response_size - len; + } + + /* Truncate if response size is smaller than the "natural" size */ + if( opt.response_size != DFL_RESPONSE_SIZE && + len > opt.response_size ) + { + len = opt.response_size; + + /* Still end with \r\n unless that's really not possible */ + if( len >= 2 ) buf[len - 2] = '\r'; + if( len >= 1 ) buf[len - 1] = '\n'; + } + if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ) { for( written = 0, frags = 0; written < len; written += ret, frags++ ) @@ -2452,6 +2502,7 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif + mbedtls_free( buf ); mbedtls_printf( " done.\n" ); #if defined(_WIN32) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 34f29ff15..ea9cafc74 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3413,10 +3413,10 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \ 0 \ -s "Read from client: 500 bytes read (.*+.*)" -# Tests for small packets +# Tests for small client packets requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Small packet SSLv3 BlockCipher" \ +run_test "Small client packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3424,21 +3424,21 @@ run_test "Small packet SSLv3 BlockCipher" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Small packet SSLv3 StreamCipher" \ +run_test "Small client packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 BlockCipher" \ +run_test "Small client packet TLS 1.0 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ +run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3446,7 +3446,7 @@ run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ +run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3454,21 +3454,21 @@ run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 StreamCipher" \ +run_test "Small client packet TLS 1.0 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ +run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3476,7 +3476,7 @@ run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ +run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3484,21 +3484,21 @@ run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 BlockCipher" \ +run_test "Small client packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ +run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ @@ -3506,7 +3506,7 @@ run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ +run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3514,21 +3514,21 @@ run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 StreamCipher" \ +run_test "Small client packet TLS 1.1 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ +run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3536,7 +3536,7 @@ run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ +run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3544,28 +3544,28 @@ run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher" \ +run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher, without EtM" \ +run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ +run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ @@ -3573,7 +3573,7 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ +run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3581,21 +3581,21 @@ run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 StreamCipher" \ +run_test "Small client packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ +run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3603,7 +3603,7 @@ run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ +run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3611,31 +3611,31 @@ run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ +run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 AEAD" \ +run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 AEAD shorter tag" \ +run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" -# Tests for small packets in DTLS +# Tests for small client packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.0" \ +run_test "Small client packet DTLS 1.0" \ "$P_SRV dtls=1 force_version=dtls1" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3643,7 +3643,7 @@ run_test "Small packet DTLS 1.0" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.0, without EtM" \ +run_test "Small client packet DTLS 1.0, without EtM" \ "$P_SRV dtls=1 force_version=dtls1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3652,7 +3652,7 @@ run_test "Small packet DTLS 1.0, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.0, truncated hmac" \ +run_test "Small client packet DTLS 1.0, truncated hmac" \ "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3661,7 +3661,7 @@ run_test "Small packet DTLS 1.0, truncated hmac" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ +run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ @@ -3669,7 +3669,7 @@ run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.2" \ +run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls1_2" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3677,7 +3677,7 @@ run_test "Small packet DTLS 1.2" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small packet DTLS 1.2, without EtM" \ +run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3686,7 +3686,7 @@ run_test "Small packet DTLS 1.2, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.2, truncated hmac" \ +run_test "Small client packet DTLS 1.2, truncated hmac" \ "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3695,13 +3695,302 @@ run_test "Small packet DTLS 1.2, truncated hmac" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \ +run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 0 \ -s "Read from client: 1 bytes read" +# Tests for small server packets + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Small server packet SSLv3 BlockCipher" \ + "$P_SRV response_size=1 min_version=ssl3" \ + "$P_CLI force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Small server packet SSLv3 StreamCipher" \ + "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 BlockCipher" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 StreamCipher" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 BlockCipher" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 StreamCipher" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 BlockCipher" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 StreamCipher" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 AEAD" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + 0 \ + -c "Read from server: 1 bytes read" + +run_test "Small server packet TLS 1.2 AEAD shorter tag" \ + "$P_SRV response_size=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + 0 \ + -c "Read from server: 1 bytes read" + +# Tests for small server packets in DTLS + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.0" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.0, without EtM" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.0, truncated hmac" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \ + "$P_CLI dtls=1 trunc_hmac=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.2" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small server packet DTLS 1.2, without EtM" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.2, truncated hmac" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ + "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ + "$P_CLI dtls=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ + 0 \ + -c "Read from server: 1 bytes read" + # A test for extensions in SSLv3 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 @@ -3712,10 +4001,10 @@ run_test "SSLv3 with extensions, server side" \ -S "dumping 'client hello extensions'" \ -S "server hello, total extension length:" -# Test for large packets +# Test for large client packets requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Large packet SSLv3 BlockCipher" \ +run_test "Large client packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3724,7 +4013,7 @@ run_test "Large packet SSLv3 BlockCipher" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 -run_test "Large packet SSLv3 StreamCipher" \ +run_test "Large client packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -3732,7 +4021,7 @@ run_test "Large packet SSLv3 StreamCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 BlockCipher" \ +run_test "Large client packet TLS 1.0 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3740,7 +4029,7 @@ run_test "Large packet TLS 1.0 BlockCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ +run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3748,7 +4037,7 @@ run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ +run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3757,21 +4046,21 @@ run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 StreamCipher" \ +run_test "Large client packet TLS 1.0 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ +run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3779,7 +4068,7 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ +run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3787,7 +4076,7 @@ run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ @@ -3795,7 +4084,7 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 BlockCipher" \ +run_test "Large client packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3803,7 +4092,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ +run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3811,7 +4100,7 @@ run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ +run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3819,14 +4108,14 @@ run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 StreamCipher" \ +run_test "Large client packet TLS 1.1 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -3834,7 +4123,7 @@ run_test "Large packet TLS 1.1 StreamCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ +run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3843,7 +4132,7 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ +run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3851,7 +4140,7 @@ run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ @@ -3859,7 +4148,7 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 BlockCipher" \ +run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3867,14 +4156,14 @@ run_test "Large packet TLS 1.2 BlockCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 BlockCipher, without EtM" \ +run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ +run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ @@ -3883,7 +4172,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ +run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ @@ -3891,7 +4180,7 @@ run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ @@ -3899,7 +4188,7 @@ run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 StreamCipher" \ +run_test "Large client packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -3907,7 +4196,7 @@ run_test "Large packet TLS 1.2 StreamCipher" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ +run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ @@ -3915,7 +4204,7 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ +run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ @@ -3923,7 +4212,7 @@ run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ +run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ @@ -3931,7 +4220,7 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 AEAD" \ +run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ @@ -3939,7 +4228,7 @@ run_test "Large packet TLS 1.2 AEAD" \ -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.2 AEAD shorter tag" \ +run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ @@ -3997,6 +4286,251 @@ run_test "Force an ECC ciphersuite in the server side" \ -c "found supported_point_formats extension" \ -s "server hello, supported_point_formats extension" +# Test for large server packets +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Large server packet SSLv3 StreamCipher" \ + "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +# Checking next 4 tests logs for 1n-1 split against BEAST too +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "Large server packet SSLv3 BlockCipher" \ + "$P_SRV response_size=16384 min_version=ssl3" \ + "$P_CLI force_version=ssl3 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.0 BlockCipher" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1 etm=0 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 1 bytes read"\ + -c "16383 bytes read"\ + -C "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.0 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 BlockCipher" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_1 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 BlockCipher" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 StreamCipher" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ + 0 \ + -c "Read from server: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ + 0 \ + -s "16384 bytes written in 1 fragments" \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 AEAD" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + 0 \ + -c "Read from server: 16384 bytes read" + +run_test "Large server packet TLS 1.2 AEAD shorter tag" \ + "$P_SRV response_size=16384" \ + "$P_CLI force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + 0 \ + -c "Read from server: 16384 bytes read" + # Tests for DTLS HelloVerifyRequest run_test "DTLS cookie: enabled" \