Browse Source

tests: add dtls downgrade tests

Marco Oliverio 1 year ago
parent
commit
683adb5917
4 changed files with 70 additions and 5 deletions
  1. 1 0
      tests/include.am
  2. 11 0
      tests/suites.c
  3. 21 0
      tests/test-dtls-downgrade.conf
  4. 37 5
      tests/test-dtls13-downgrade.conf

+ 1 - 0
tests/include.am

@@ -30,6 +30,7 @@ EXTRA_DIST += tests/unit.h \
               tests/test-psk-no-id.conf \
               tests/test-psk-no-id-sha2.conf \
               tests/test-dtls.conf \
+              tests/test-dtls-downgrade.conf \
               tests/test-dtls-fails.conf \
               tests/test-dtls-fails-cipher.conf \
               tests/test-dtls-group.conf \

+ 11 - 0
tests/suites.c

@@ -1023,6 +1023,17 @@ int SuiteTest(int argc, char** argv)
         goto exit;
     }
 #endif
+
+    /* Add dtls downgrade test */
+    XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
+    printf("starting dtls downgrade tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+
 #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
     /* add dtls extra suites */
     XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));

+ 21 - 0
tests/test-dtls-downgrade.conf

@@ -0,0 +1,21 @@
+# server DTLS multiversion allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

+ 37 - 5
tests/test-dtls13-downgrade.conf

@@ -1,11 +1,43 @@
-# server DTLSv1.3 allow downgrading
+# server DTLS multiversion allow downgrade
 -vd
 -7 2
 -u
--l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 
-# client TLSv1.2 group message
+# client DTLSv1.2
 -v 3
 -u
--l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
--f
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLS multiversion allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion, allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.2
+-v 3
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion, allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA