From 78c9137b0cf4d7742746d0b0df89b1aca5a6946d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 8 May 2019 13:31:15 +0100 Subject: [PATCH] Add Proxy tests for Connection ID to ssl-opt.sh Also, shorten test names to avoid them being truncated on the cmd line. --- tests/ssl-opt.sh | 183 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 163 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4695a3444..28f789910 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1277,7 +1277,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # changed once the CID extension is implemented. requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client enabled, server disabled" \ +run_test "Connection ID: Cli enabled, Srv disabled" \ "$P_SRV debug_level=3 dtls=1 cid=0" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ @@ -1293,7 +1293,7 @@ run_test "Connection ID: Client enabled, server disabled" \ -c "Use of Connection ID was rejected by the server" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client disabled, server enabled" \ +run_test "Connection ID: Cli disabled, Srv enabled" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=0" \ 0 \ @@ -1308,7 +1308,7 @@ run_test "Connection ID: Client disabled, server enabled" \ -s "Use of Connection ID was not offered by client" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty" \ +run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 0 \ @@ -1328,7 +1328,70 @@ run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client CID empty" \ +run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" + +requires_config_enabled MBEDTLS_SSL_CID +run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ + -p "$P_PXY mtu=800" \ + "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" + +requires_config_enabled MBEDTLS_SSL_CID +run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ + -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" + +requires_config_enabled MBEDTLS_SSL_CID +run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ @@ -1348,7 +1411,7 @@ run_test "Connection ID: Client+Server enabled, Client CID empty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Server CID empty" \ +run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ @@ -1368,7 +1431,7 @@ run_test "Connection ID: Client+Server enabled, Server CID empty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client+Server CID empty" \ +run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ @@ -1386,7 +1449,7 @@ run_test "Connection ID: Client+Server enabled, Client+Server CID empty" \ -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ +run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1406,7 +1469,7 @@ run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, A -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1426,7 +1489,7 @@ run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1446,7 +1509,7 @@ run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1464,7 +1527,7 @@ run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES- -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ +run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1484,7 +1547,7 @@ run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, A -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ +run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1504,7 +1567,7 @@ run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ +run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1524,7 +1587,7 @@ run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ +run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1543,7 +1606,7 @@ run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES- requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Client+Server enabled, renegotiate without change of CID" \ +run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \ @@ -1558,7 +1621,7 @@ run_test "Connection ID: Client+Server enabled, renegotiate without change of requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Client+Server enabled, renegotiate with different CID" \ +run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 0 \ @@ -1573,7 +1636,23 @@ run_test "Connection ID: Client+Server enabled, renegotiate with different CI requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Client+Server enabled, renegotiate without CID" \ +run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ + -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ + "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ + -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ + -s "(after renegotiation) Use of Connection ID has been negotiated" \ + -c "(after renegotiation) Use of Connection ID has been negotiated" + +requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 0 \ @@ -1588,7 +1667,23 @@ run_test "Connection ID: Client+Server enabled, renegotiate without CID" \ requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Client+Server enabled, CID on renegotiation" \ +run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ + "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ + -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ + -C "(after renegotiation) Use of Connection ID has been negotiated" \ + -S "(after renegotiation) Use of Connection ID has been negotiated" + +requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 0 \ @@ -1601,7 +1696,21 @@ run_test "Connection ID: Client+Server enabled, CID on renegotiation" \ requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Client+Server enabled, client disables on renegotiation" \ +run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ + -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ + "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ + 0 \ + -S "(initial handshake) Use of Connection ID has been negotiated" \ + -C "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ + -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ + -c "(after renegotiation) Use of Connection ID has been negotiated" \ + -s "(after renegotiation) Use of Connection ID has been negotiated" + +requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 0 \ @@ -1617,7 +1726,41 @@ run_test "Connection ID: Client+Server enabled, client disables on renegotiat requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Client+Server enabled, server disables on renegotiation" \ +run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ + -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ + -C "(after renegotiation) Use of Connection ID has been negotiated" \ + -S "(after renegotiation) Use of Connection ID has been negotiated" \ + -s "(after renegotiation) Use of Connection ID was not offered by client" + +requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ + -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ + -C "(after renegotiation) Use of Connection ID has been negotiated" \ + -S "(after renegotiation) Use of Connection ID has been negotiated" \ + -c "(after renegotiation) Use of Connection ID was rejected by the server" + +requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \