From d7d102d90ac88e4e738181ea5acbc524d2085f3c Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 16 Oct 2018 16:47:24 -0700 Subject: [PATCH] Added cipher suite unit tests for max fragment options 1-6 for TLS v1.2 and DTLS v1.2. Fix for client usage comment for max fragment. --- examples/client/client.c | 2 +- tests/include.am | 2 + tests/suites.c | 23 ++++ tests/test-maxfrag-dtls.conf | 215 +++++++++++++++++++++++++++++++++++ tests/test-maxfrag.conf | 179 +++++++++++++++++++++++++++++ 5 files changed, 420 insertions(+), 1 deletion(-) create mode 100644 tests/test-maxfrag-dtls.conf create mode 100644 tests/test-maxfrag.conf diff --git a/examples/client/client.c b/examples/client/client.c index 2b4b27052..ef878e6a4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -858,7 +858,7 @@ static void Usage(void) printf("-S Use Host Name Indication\n"); #endif #ifdef HAVE_MAX_FRAGMENT - printf("-F Use Maximum Fragment Length [0-5]\n"); + printf("-F Use Maximum Fragment Length [0-6]\n"); #endif #ifdef HAVE_TRUNCATED_HMAC printf("-T Use Truncated HMAC\n"); diff --git a/tests/include.am b/tests/include.am index 9c7aa09ca..2b6baf558 100644 --- a/tests/include.am +++ b/tests/include.am @@ -32,5 +32,7 @@ EXTRA_DIST += tests/test.conf \ tests/test-sig.conf \ tests/test-ed25519.conf \ tests/test-enckeys.conf \ + tests/test-maxfrag.conf \ + tests/test-maxfrag-dtls.conf \ tests/test-fails.conf DISTCLEANFILES+= tests/.libs/unit.test diff --git a/tests/suites.c b/tests/suites.c index cc12d5d24..e4dd93a0d 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -783,6 +783,29 @@ int SuiteTest(void) } #endif +#ifdef HAVE_MAX_FRAGMENT + /* Max fragment cipher suite tests */ + strcpy(argv0[1], "tests/test-maxfrag.conf"); + printf("starting max fragment cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + + #ifdef WOLFSSL_DTLS + strcpy(argv0[1], "tests/test-maxfrag-dtls.conf"); + printf("starting dtls max fragment cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif +#endif + /* failure tests */ args.argc = 3; strcpy(argv0[1], "tests/test-fails.conf"); diff --git a/tests/test-maxfrag-dtls.conf b/tests/test-maxfrag-dtls.conf new file mode 100644 index 000000000..67aef1776 --- /dev/null +++ b/tests/test-maxfrag-dtls.conf @@ -0,0 +1,215 @@ +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 1 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 1 + +# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 1 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 2 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 2 + +# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 2 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 3 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 3 + +# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 3 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 4 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 4 + +# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 4 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 5 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 5 + +# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 5 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 6 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 6 + +# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 6 diff --git a/tests/test-maxfrag.conf b/tests/test-maxfrag.conf new file mode 100644 index 000000000..2ca6cc8dd --- /dev/null +++ b/tests/test-maxfrag.conf @@ -0,0 +1,179 @@ +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 1 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 1 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 1 + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 2 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 2 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 2 + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 3 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 3 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 3 + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 4 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 4 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 4 + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 5 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 5 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 5 + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem +-F 6 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-F 6 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 +-F 6