Added cipher suite unit tests for max fragment options 1-6 for TLS v1.2 and DTLS v1.2. Fix for client usage comment for max fragment.

2018-10-16 16:47:24 -07:00 · 2018-10-16 16:47:24 -07:00 · d7d102d90a
parent ab61cefa58
commit d7d102d90a
5 changed files with 420 additions and 1 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -858,7 +858,7 @@ static void Usage(void)
    printf("-S <str>    Use Host Name Indication\n");
 #endif
 #ifdef HAVE_MAX_FRAGMENT
-    printf("-F <num>    Use Maximum Fragment Length [0-5]\n");
+    printf("-F <num>    Use Maximum Fragment Length [0-6]\n");
 #endif
 #ifdef HAVE_TRUNCATED_HMAC
    printf("-T          Use Truncated HMAC\n");
--- a/tests/include.am
+++ b/tests/include.am
@ -32,5 +32,7 @@ EXTRA_DIST += tests/test.conf \
              tests/test-sig.conf \
              tests/test-ed25519.conf \
              tests/test-enckeys.conf \
              tests/test-maxfrag.conf \
              tests/test-maxfrag-dtls.conf \
              tests/test-fails.conf
 DISTCLEANFILES+= tests/.libs/unit.test
--- a/tests/suites.c
+++ b/tests/suites.c
@ -783,6 +783,29 @@ int SuiteTest(void)
    }
 #endif
 #ifdef HAVE_MAX_FRAGMENT
    /* Max fragment cipher suite tests */
    strcpy(argv0[1], "tests/test-maxfrag.conf");
    printf("starting max fragment cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        args.return_code = EXIT_FAILURE;
        goto exit;
    }
    #ifdef WOLFSSL_DTLS
    strcpy(argv0[1], "tests/test-maxfrag-dtls.conf");
    printf("starting dtls max fragment cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        args.return_code = EXIT_FAILURE;
        goto exit;
    }
    #endif
 #endif
    /* failure tests */
    args.argc = 3;
    strcpy(argv0[1], "tests/test-fails.conf");
--- a/tests/test-maxfrag-dtls.conf
+++ b/tests/test-maxfrag-dtls.conf
@ -0,0 +1,215 @@
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 1
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 1
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 1
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 2
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 2
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 2
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 3
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 3
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 3
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 4
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 4
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 4
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 5
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 5
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 5
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 6
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 6
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 6
--- a/tests/test-maxfrag.conf
+++ b/tests/test-maxfrag.conf
@ -0,0 +1,179 @@
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 1
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 1
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 1
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 2
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 2
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 2
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 3
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 3
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 3
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 4
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 4
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 4
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 5
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 5
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 5
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 6
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 6
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 6