diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a99bb6c35..2be4e582f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -199,157 +199,163 @@ move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_RE Negative test moving servers ssl to state: NEW_SESSION_TICKET move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 +# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code. Handshake, SSL3 depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake:"":MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_PK_RSA:"":0:0 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:0:0:0:0 +# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code. Handshake, tls1 depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC -handshake:"":MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_PK_RSA:"":0:0 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:0:0:0:0 Handshake, tls1_1 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC -handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":0:0 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 +handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, RSA-WITH-AES-128-CCM depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 +handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 +handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0 +handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C -handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0 +handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":0:0 +handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, tls1_1 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS -handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":1:0 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 +handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, RSA-WITH-AES-128-CCM depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 +handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 +handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0 +handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS -handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0 +handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":1:0 +handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 DTLS Handshake with serialization, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS -handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:1 +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:1:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1 Sending app data via TLS, MFL=512 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 Sending app data via TLS, MFL=512 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3 Sending app data via TLS, MFL=1024 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 Sending app data via TLS, MFL=1024 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5 Sending app data via TLS, MFL=2048 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 Sending app data via TLS, MFL=2048 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4 Sending app data via TLS, MFL=4096 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 Sending app data via TLS, MFL=4096 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3 Sending app data via TLS without MFL and without fragmentation -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 Sending app data via TLS without MFL and with fragmentation -send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7 Sending app data via DTLS, MFL=512 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 Sending app data via DTLS, MFL=512 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0 Sending app data via DTLS, MFL=1024 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 Sending app data via DTLS, MFL=1024 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0 Sending app data via DTLS, MFL=2048 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 Sending app data via DTLS, MFL=2048 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0 Sending app data via DTLS, MFL=4096 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 Sending app data via DTLS, MFL=4096 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0 +depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0 Sending app data via DTLS, without MFL and without fragmentation -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 Sending app data via DTLS, without MFL and with fragmentation -send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0 DTLS renegotiation: no legacy renegotiation dtls_renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 513043b5f..3f0123b1b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3302,11 +3302,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ void handshake( const char *cipher, int version, int pk_alg, - data_t *psk_str, int dtls, int serialize ) + data_t *psk_str, int dtls, int serialize, int mfl, + int cli_msg_len, int srv_msg_len, + const int expected_cli_fragments, + const int expected_srv_fragments ) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; - enum { BUFFSIZE = 16384 }; + enum { BUFFSIZE = 17000 }; mbedtls_endpoint client, server; #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) const char *psk_identity = "foo"; @@ -3317,11 +3320,8 @@ void handshake( const char *cipher, int version, int pk_alg, mbedtls_timing_delay_context timer_client, timer_server; #endif #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - enum { MSGLEN = 5 }; unsigned char *context_buf = NULL; size_t context_buf_len; - unsigned char cli_buf[MSGLEN]; - unsigned char srv_buf[MSGLEN]; #else (void) serialize; #endif @@ -3376,6 +3376,15 @@ void handshake( const char *cipher, int version, int pk_alg, } mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, version ); +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf), + (unsigned char) mfl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf), + (unsigned char) mfl ) == 0 ); +#else + TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl ); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( psk_str->len > 0 ) { @@ -3403,6 +3412,14 @@ void handshake( const char *cipher, int version, int pk_alg, TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); + if( cli_msg_len != 0 || srv_msg_len != 0 ) + { + /* Start data exchanging test */ + TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), cli_msg_len, + expected_cli_fragments, + &(server.ssl), srv_msg_len, + expected_srv_fragments ) == 0 ); + } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if( dtls == 0 || serialize == 0 ) { @@ -3411,14 +3428,6 @@ void handshake( const char *cipher, int version, int pk_alg, goto exit; } - memset( cli_buf, 'X', MSGLEN ); - memset( srv_buf, 'Y', MSGLEN ); - - /* Make sure that writing/reading works */ - TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN ); - TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN ); - TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 ); - TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL, 0, &context_buf_len ) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); @@ -3449,12 +3458,13 @@ void handshake( const char *cipher, int version, int pk_alg, context_buf_len ) == 0 ); /* Retest writing/reading */ - memset( cli_buf, 'X', MSGLEN ); - memset( srv_buf, 'Y', MSGLEN ); - - TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN ); - TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN ); - TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 ); + if( cli_msg_len != 0 || srv_msg_len != 0 ) + { + TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), cli_msg_len, + expected_cli_fragments, + &(server.ssl), srv_msg_len, + expected_srv_fragments ) == 0 ); + } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ exit: @@ -3469,121 +3479,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ -void send_application_data( int mfl, int cli_msg_len, int srv_msg_len, - const int expected_cli_fragments, - const int expected_srv_fragments ) -{ - enum { BUFFSIZE = 2048 }; - mbedtls_endpoint server, client; - int ret = -1; - - ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA, - NULL, NULL, NULL ); - TEST_ASSERT( ret == 0 ); - - ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA, - NULL, NULL, NULL ); - TEST_ASSERT( ret == 0 ); - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl ); - TEST_ASSERT( ret == 0 ); - - ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl ); - TEST_ASSERT( ret == 0 ); -#else - TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl ); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - - ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket), - BUFFSIZE ); - TEST_ASSERT( ret == 0 ); - - ret = mbedtls_move_handshake_to_state( &(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER ); - TEST_ASSERT( ret == 0 ); - TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); - TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); - - /* Start data exchanging test */ - ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments, - &(server.ssl), srv_msg_len, expected_srv_fragments ); - TEST_ASSERT( ret == 0 ); - -exit: - mbedtls_endpoint_free( &client, NULL ); - mbedtls_endpoint_free( &server, NULL ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ -void send_application_data_dtls( int mfl, int cli_msg_len, int srv_msg_len, - const int expected_cli_fragments, - const int expected_srv_fragments ) -{ - enum { BUFFSIZE = 17000 }; -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif - mbedtls_endpoint server, client; - mbedtls_test_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - int ret = -1; - - /* Initializing endpoints and communication */ - ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA, - &server_context, &server_queue, &client_queue ); - TEST_ASSERT( ret == 0 ); - - ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA, - &client_context, &client_queue, &server_queue ); - TEST_ASSERT( ret == 0 ); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); - - mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); -#endif /* MBEDTLS_TIMING_C */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl ); - TEST_ASSERT( ret == 0 ); - - ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl ); - TEST_ASSERT( ret == 0 ); -#else - TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl ); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - - ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket), - BUFFSIZE ); - TEST_ASSERT( ret == 0 ); - - ret = mbedtls_move_handshake_to_state( &(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER ); - TEST_ASSERT( ret == 0 ); - TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); - TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); - - /* Start data exchanging test */ - ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments, - &(server.ssl), srv_msg_len, expected_srv_fragments ); - TEST_ASSERT( ret == 0 ); - - -exit: - mbedtls_endpoint_free( &client, &client_context ); - mbedtls_endpoint_free( &server, &server_context ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_RENEGOTIATION */ void dtls_renegotiation( int legacy_option ) {