mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.

Browse Source
This commit is contained in:
John Safranek 2013-03-07 22:52:51 -08:00
parent 591e1fc772
commit 43ed4a7424
9 changed files with 377 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cyassl/test.h
View File

@ -106,7 +106,11 @@
#define SERVER_DEFAULT_VERSION 3
#define SERVER_DTLS_DEFAULT_VERSION (-2)
#define SERVER_INVALID_VERSION (-99)
#define CLIENT_DEFAULT_VERSION 3
#define CLIENT_DTLS_DEFAULT_VERSION (-2)
#define CLIENT_INVALID_VERSION (-99)
/* all certs relative to CyaSSL home directory now */
#define caCert "./certs/ca-cert.pem"

28
examples/client/client.c
View File

@ -99,7 +99,8 @@ static void Usage(void)
printf("-s Use pre Shared keys\n");
printf("-d Disable peer checks\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n");
@ -129,7 +130,7 @@ void client_test(void* args)
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
@ -164,7 +165,6 @@ void client_test(void* args)
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
@ -190,8 +190,6 @@ void client_test(void* args)
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
@ -234,6 +232,22 @@ void client_test(void* args)
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@ -257,6 +271,10 @@ void client_test(void* args)
case -1:
method = CyaDTLSv1_client_method();
break;
case -2:
method = CyaDTLSv1_2_client_method();
break;
#endif
default:

26
examples/server/server.c
View File

@ -98,7 +98,8 @@ static void Usage(void)
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-u Use UDP DTLS\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-N Use Non-blocking sockets\n");
}
@ -157,7 +158,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 'p' :
@ -170,8 +170,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* stay with DTLS */
break;
case 'l' :
@ -202,6 +200,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@ -225,6 +239,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case -1:
method = DTLSv1_server_method();
break;
case -2:
method = DTLSv1_2_server_method();
break;
#endif
default:

14
src/internal.c
View File

@ -3375,6 +3375,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
const byte* additionalSrc = input - 5;
XMEMSET(additional, 0, AES_BLOCK_SIZE);
@ -3384,7 +3385,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
/* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */
XMEMCPY(additional + AEAD_TYPE_OFFSET, input - 5, 3);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
#endif
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */
@ -3411,6 +3416,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
const byte* additionalSrc = input - 5;
XMEMSET(additional, 0, AES_BLOCK_SIZE);
@ -3420,7 +3426,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
/* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */
XMEMCPY(additional + AEAD_TYPE_OFFSET, input - 5, 3);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
#endif
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */

2
tests/include.am
View File

@ -27,9 +27,11 @@ EXTRA_DIST += tests/test.conf \
tests/test-ecc-sha384.conf \
tests/test-aesgcm.conf \
tests/test-aesgcm-ecc.conf \
tests/test-aesgcm-ecc-dtls.conf \
tests/test-aesgcm-openssl.conf \
tests/test-aesccm.conf \
tests/test-aesccm-ecc.conf \
tests/test-aesccm-ecc-dtls.conf \
tests/test-camellia.conf \
tests/test-camellia-openssl.conf \
tests/test-dtls.conf \

20
tests/suites.c
View File

@ -400,6 +400,16 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef CYASSL_DTLS
/* add aesgcm ecc dtls extra suites */
strcpy(argv0[1], "tests/test-aesgcm-ecc-dtls.conf");
printf("starting aesgcm ecc dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#if defined(HAVE_AESCCM)
@ -420,6 +430,16 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef CYASSL_DTLS
/* add aesccm ecc dtls extra suites */
strcpy(argv0[1], "tests/test-aesccm-ecc-dtls.conf");
printf("starting aesccm ecc dtls cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#endif

56
tests/test-aesccm-ecc-dtls.conf Normal file
View File

@ -0,0 +1,56 @@
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
-N
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
-N

96
tests/test-aesgcm-ecc-dtls.conf Normal file
View File

@ -0,0 +1,96 @@
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-RSA-AES256-GCM-SHA384

142
tests/test-dtls.conf
View File

@ -1,98 +1,240 @@
# server DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# client DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# server DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# client DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# server DTLSv1 DES-CBC3-SHA
-u
-v 2
-l DES-CBC3-SHA
# client DTLSv1 DES-CBC3-SHA
-u
-v 2
-l DES-CBC3-SHA
# server DTLSv1.2 DES-CBC3-SHA
-u
-v 3
-l DES-CBC3-SHA
# client DTLSv1.2 DES-CBC3-SHA
-u
-v 3
-l DES-CBC3-SHA
# server DTLSv1 AES128-SHA
-u
-v 2
-l AES128-SHA
# client DTLSv1 AES128-SHA
-u
-v 2
-l AES128-SHA
# server DTLSv1.2 AES128-SHA
-u
-v 3
-l AES128-SHA
# client DTLSv1.2 AES128-SHA
-u
-v 3
-l AES128-SHA
# server DTLSv1 AES256-SHA
-u
-v 2
-l AES256-SHA
# client DTLSv1 AES256-SHA
-u
-v 2
-l AES256-SHA
# server DTLSv1.2 AES256-SHA
-u
-v 3
-l AES256-SHA
# client DTLSv1.2 AES256-SHA
-u
-v 3
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256
-u
-v 3
-l AES128-SHA256
# client DTLSv1.2 AES128-SHA256
-u
-v 3
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server DTLSv1.2 AES256-SHA256
-u
-v 3
-l AES256-SHA256
# client DTLSv1.2 AES256-SHA256
-u
-v 3
-l AES256-SHA256
# server DTLSv1 DES-CBC3-SHA NON-BLOCKING
-u
-v 2
-l DES-CBC3-SHA
-N
# client DTLSv1 DES-CBC3-SHA NON-BLOCKING
-u
-v 2
-l DES-CBC3-SHA
-N
# server DTLSv1.2 DES-CBC3-SHA NON-BLOCKING
-u
-v 3
-l DES-CBC3-SHA
-N
# client DTLSv1.2 DES-CBC3-SHA NON-BLOCKING
-u
-v 3
-l DES-CBC3-SHA
-N
# server DTLSv1 AES128-SHA NON-BLOCKING
-u
-v 2
-l AES128-SHA
-N
# client DTLSv1 AES128-SHA NON-BLOCKING
-u
-v 2
-l AES128-SHA
-N
# server DTLSv1.2 AES128-SHA NON-BLOCKING
-u
-v 3
-l AES128-SHA
-N
# client DTLSv1.2 AES128-SHA NON-BLOCKING
-u
-v 3
-l AES128-SHA
-N
# server DTLSv1 AES256-SHA NON-BLOCKING
-u
-v 2
-l AES256-SHA
-N
# client DTLSv1 AES256-SHA NON-BLOCKING
-u
-v 2
-l AES256-SHA
-N
# server DTLSv1.2 AES256-SHA NON-BLOCKING
-u
-v 3
-l AES256-SHA
-N
# client DTLSv1.2 AES256-SHA NON-BLOCKING
-u
-v 3
-l AES256-SHA
-N
# server DTLSv1 AES128-SHA256 NON-BLOCKING
-u
-v 2
-l AES128-SHA256
-N
# client DTLSv1 AES128-SHA256 NON-BLOCKING
-u
-v 2
-l AES128-SHA256
-N
# server DTLSv1.2 AES128-SHA256 NON-BLOCKING
-u
-v 3
-l AES128-SHA256
-N
# client DTLSv1.2 AES128-SHA256 NON-BLOCKING
-u
-v 3
-l AES128-SHA256
-N
# server DTLSv1 AES256-SHA256 NON-BLOCKING
-u
-v 2
-l AES256-SHA256
-N
# client DTLSv1 AES256-SHA256 NON-BLOCKING
-u
-v 2
-l AES256-SHA256
-N
# server DTLSv1.2 AES256-SHA256 NON-BLOCKING
-u
-v 3
-l AES256-SHA256
-N
# client DTLSv1.2 AES256-SHA256 NON-BLOCKING
-u
-v 3
-l AES256-SHA256
-N