tests: add dtls downgrade tests

2022-07-05 10:37:12 +02:00 · 2022-07-05 10:37:12 +02:00 · 683adb5917
commit 683adb5917
parent fd4836772b
4 changed files with 70 additions and 5 deletions
--- a/tests/include.am
+++ b/tests/include.am
@ -30,6 +30,7 @@ EXTRA_DIST += tests/unit.h \
              tests/test-psk-no-id.conf \
              tests/test-psk-no-id-sha2.conf \
              tests/test-dtls.conf \
+              tests/test-dtls-downgrade.conf \
              tests/test-dtls-fails.conf \
              tests/test-dtls-fails-cipher.conf \
              tests/test-dtls-group.conf \
--- a/tests/suites.c
+++ b/tests/suites.c
@ -1023,6 +1023,17 @@ int SuiteTest(int argc, char** argv)
        goto exit;
    }
 #endif
+
+    /* Add dtls downgrade test */
+    XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
+    printf("starting dtls downgrade tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+
 #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
    /* add dtls extra suites */
    XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
--- a/tests/test-dtls-downgrade.conf
+++ b/tests/test-dtls-downgrade.conf
@ -0,0 +1,21 @@
+# server DTLS multiversion allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
--- a/tests/test-dtls13-downgrade.conf
+++ b/tests/test-dtls13-downgrade.conf
@ -1,11 +1,43 @@
-# server DTLSv1.3 allow downgrading
+# server DTLS multiversion allow downgrade
 -vd
 -7 2
 -u
-l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

-# client TLSv1.2 group message
+# client DTLSv1.2
 -v 3
 -u
-l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-f
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLS multiversion allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion, allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.2
+-v 3
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion, allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA