Extend small packet tests for TLS

This commit ensures that there is a small packet test for at least any
combination of
- SSL/TLS version: SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
- Stream cipher (RC4) or Block cipher (AES)
- Usage of Encrypt then MAC extension [TLS only]
- Usage of truncated HMAC extension [TLS only]
This commit is contained in:
Hanno Becker 2017-11-10 08:59:04 +00:00
parent 32c550141f
commit 8501f98ec4

View File

@ -3285,7 +3285,7 @@ run_test "Small packet TLS 1.0 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 BlockCipher without EtM" \ run_test "Small packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 etm=0 \ "$P_CLI request_size=1 force_version=tls1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -3293,7 +3293,7 @@ run_test "Small packet TLS 1.0 BlockCipher without EtM" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 \ "$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
@ -3302,7 +3302,32 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1 \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \ "$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
@ -3310,6 +3335,16 @@ run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1 \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 BlockCipher" \ run_test "Small packet TLS 1.1 BlockCipher" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
@ -3317,10 +3352,30 @@ run_test "Small packet TLS 1.1 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 BlockCipher without EtM" \ run_test "Small packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 etm=0 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA
etm=0" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1 \
etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3331,21 +3386,30 @@ run_test "Small packet TLS 1.1 StreamCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 StreamCipher, without EtM" \
run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1 \
etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3356,10 +3420,11 @@ run_test "Small packet TLS 1.2 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 BlockCipher without EtM" \ run_test "Small packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 etm=0 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3371,7 +3436,7 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
@ -3379,6 +3444,16 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1 \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher" \ run_test "Small packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
@ -3386,8 +3461,16 @@ run_test "Small packet TLS 1.2 StreamCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
@ -3395,6 +3478,16 @@ run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1 \
etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 AEAD" \ run_test "Small packet TLS 1.2 AEAD" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \