From 8501f98ec48d045b2b3b8a3116aaf02772b6c34f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Nov 2017 08:59:04 +0000 Subject: [PATCH] Extend small packet tests for TLS This commit ensures that there is a small packet test for at least any combination of - SSL/TLS version: SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 - Stream cipher (RC4) or Block cipher (AES) - Usage of Encrypt then MAC extension [TLS only] - Usage of truncated HMAC extension [TLS only] --- tests/ssl-opt.sh | 127 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 110 insertions(+), 17 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 93fa3c426..558f6daca 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3285,7 +3285,7 @@ run_test "Small packet TLS 1.0 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 BlockCipher without EtM" \ +run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3293,7 +3293,7 @@ run_test "Small packet TLS 1.0 BlockCipher without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ +run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3302,7 +3302,32 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ +run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +run_test "Small packet TLS 1.0 StreamCipher" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3310,6 +3335,16 @@ run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + run_test "Small packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ @@ -3317,10 +3352,30 @@ run_test "Small packet TLS 1.1 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 BlockCipher without EtM" \ +run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls1_1 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 \ + etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3331,21 +3386,30 @@ run_test "Small packet TLS 1.1 StreamCipher" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ - "$P_SRV" \ +run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ +run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + trunc_hmac=1 \ + etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3356,10 +3420,11 @@ run_test "Small packet TLS 1.2 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher without EtM" \ +run_test "Small packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls1_2 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3371,7 +3436,7 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ +run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3379,6 +3444,16 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + run_test "Small packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ @@ -3386,8 +3461,16 @@ run_test "Small packet TLS 1.2 StreamCipher" \ 0 \ -s "Read from client: 1 bytes read" +run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ +run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3395,6 +3478,16 @@ run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + run_test "Small packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \