suites.c 45 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458
  1. /* suites.c
  2. *
  3. * Copyright (C) 2006-2023 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <wolfssl/wolfcrypt/settings.h>
  25. #ifdef NO_INLINE
  26. #include <wolfssl/wolfcrypt/misc.h>
  27. #else
  28. #define WOLFSSL_MISC_INCLUDED
  29. #include <wolfcrypt/src/misc.c>
  30. #endif
  31. #include <stdlib.h>
  32. #include <stdio.h>
  33. #include <string.h>
  34. #include <wolfssl/ssl.h>
  35. #include <tests/unit.h>
  36. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  37. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  38. #include <wolfssl/wolfcrypt/ecc.h>
  39. #endif
  40. #include <wolfssl/wolfcrypt/memory.h> /* for LARGEST_MEM_BUCKET */
  41. #define MAX_ARGS 40
  42. #define MAX_COMMAND_SZ 240
  43. #ifdef WOLFSSL_TLS13
  44. #define MAX_SUITE_SZ 200
  45. #else
  46. #define MAX_SUITE_SZ 80
  47. #endif
  48. #define NOT_BUILT_IN (-123)
  49. #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
  50. !defined(WOLFSSL_ALLOW_TLSV10)
  51. #define VERSION_TOO_OLD (-124)
  52. #endif
  53. #include "examples/client/client.h"
  54. #include "examples/server/server.h"
  55. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
  56. !defined(SINGLE_THREADED)
  57. static WOLFSSL_CTX* cipherSuiteCtx = NULL;
  58. static char nonblockFlag[] = "-N";
  59. static char noVerifyFlag[] = "-d";
  60. static char disableEMSFlag[] = "-n";
  61. static char flagSep[] = " ";
  62. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  63. static char portFlag[] = "-p";
  64. static char svrPort[] = "0";
  65. #endif
  66. static char intTestFlag[] = "-H";
  67. static char forceDefCipherListFlag[] = "defCipherList";
  68. static char exitWithRetFlag[] = "exitWithRet";
  69. static char disableDHPrimeTest[] = "-2";
  70. #ifdef WOLFSSL_ASYNC_CRYPT
  71. static int devId = INVALID_DEVID;
  72. #endif
  73. #ifdef VERSION_TOO_OLD
  74. static int GetTlsVersion(const char* line)
  75. {
  76. int version = -1;
  77. const char* find = "-v ";
  78. const char* begin = strstr(line, find);
  79. if (begin) {
  80. begin += 3;
  81. if (*begin == 'd' || *begin == 'e')
  82. begin += 2;
  83. version = atoi(begin);
  84. }
  85. return version;
  86. }
  87. #ifndef WOLFSSL_ALLOW_SSLV3
  88. /* if the protocol version is sslv3 return 1, else 0 */
  89. static int IsSslVersion(const char* line)
  90. {
  91. int version = GetTlsVersion(line);
  92. return (version == 0) ? 1 : 0;
  93. }
  94. #endif /* !WOLFSSL_ALLOW_SSLV3 */
  95. #ifndef WOLFSSL_ALLOW_TLSV10
  96. /* if the protocol version is TLSv1.0 return 1, else 0 */
  97. static int IsTls10Version(const char* line)
  98. {
  99. int version = GetTlsVersion(line);
  100. return (version == 1) ? 1 : 0;
  101. }
  102. #endif /* !WOLFSSL_ALLOW_TLSV10 */
  103. #ifdef NO_OLD_TLS
  104. /* if the protocol version is less than tls 1.2 return 1, else 0 */
  105. static int IsOldTlsVersion(const char* line)
  106. {
  107. int version = GetTlsVersion(line);
  108. return (version < 3) ? 1 : 0;
  109. }
  110. #endif /* NO_OLD_TLS */
  111. #endif /* VERSION_TOO_OLD */
  112. /* if the cipher suite on line is valid store in suite and return 1, else 0 */
  113. static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
  114. {
  115. int found = 0;
  116. int valid = 0;
  117. const char* find = "-l ";
  118. const char* begin = strstr(line, find);
  119. const char* end;
  120. if (suite_spc < MAX_SUITE_SZ+1)
  121. return 0;
  122. suite[0] = '\0';
  123. if (begin) {
  124. begin += 3;
  125. end = XSTRSTR(begin, " ");
  126. if (end) {
  127. long len = end - begin;
  128. if (len > MAX_SUITE_SZ) {
  129. printf("suite too long!\n");
  130. return 0;
  131. }
  132. XMEMCPY(suite, begin, len);
  133. suite[len] = '\0';
  134. }
  135. else
  136. XSTRNCPY(suite, begin, MAX_SUITE_SZ);
  137. suite[MAX_SUITE_SZ] = '\0';
  138. found = 1;
  139. }
  140. if (found) {
  141. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
  142. valid = 1;
  143. }
  144. return valid;
  145. }
  146. static int IsValidCert(const char* line)
  147. {
  148. int ret = 1;
  149. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  150. WOLFSSL_CTX* ctx;
  151. size_t i;
  152. const char* begin;
  153. char cert[80];
  154. #ifdef WOLFSSL_STATIC_MEMORY
  155. FILE* fStream = NULL;
  156. long chkSz = 0;
  157. #endif
  158. begin = XSTRSTR(line, "-c ");
  159. if (begin == NULL)
  160. return 1;
  161. begin += 3;
  162. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  163. cert[i] = *(begin++);
  164. cert[i] = '\0';
  165. #ifdef WOLFSSL_STATIC_MEMORY
  166. fStream = XFOPEN(cert, "rb");
  167. if (fStream == NULL) {
  168. printf("Failed to open file %s\n", cert);
  169. printf("Invalid cert, skipping test\n");
  170. return 0;
  171. } else {
  172. printf("Successfully opened file\n");
  173. }
  174. XFSEEK(fStream, 0L, SEEK_END);
  175. chkSz = XFTELL(fStream);
  176. XFCLOSE(fStream);
  177. if (chkSz > LARGEST_MEM_BUCKET) {
  178. printf("File is larger than largest bucket, skipping this test\n");
  179. return 0;
  180. }
  181. #endif
  182. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  183. if (ctx == NULL)
  184. return 0;
  185. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  186. wolfSSL_CTX_free(ctx);
  187. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  188. (void)line;
  189. return ret;
  190. }
  191. static int IsValidCA(const char* line)
  192. {
  193. int ret = 1;
  194. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  195. WOLFSSL_CTX* ctx;
  196. size_t i;
  197. const char* begin;
  198. char cert[80];
  199. begin = XSTRSTR(line, "-A ");
  200. if (begin == NULL)
  201. return 1;
  202. begin += 3;
  203. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  204. cert[i] = *(begin++);
  205. cert[i] = '\0';
  206. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  207. if (ctx == NULL)
  208. return 0;
  209. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  210. wolfSSL_CTX_free(ctx);
  211. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  212. (void)line;
  213. return ret;
  214. }
  215. #ifdef WOLFSSL_NO_CLIENT_AUTH
  216. static int IsClientAuth(const char* line, int* reqClientCert)
  217. {
  218. const char* begin;
  219. begin = XSTRSTR(line, "-H verifyFail");
  220. if (begin != NULL) {
  221. return 1;
  222. }
  223. begin = XSTRSTR(line, "-d");
  224. if (begin != NULL) {
  225. *reqClientCert = 0;
  226. }
  227. else {
  228. *reqClientCert = 1;
  229. }
  230. return 0;
  231. }
  232. #endif
  233. #ifdef NO_CERTS
  234. static int IsUsingCert(const char* line)
  235. {
  236. return XSTRSTR(line, "-c ") != NULL;
  237. }
  238. #endif
  239. #if defined(NO_CERTS) || defined(WOLFSSL_NO_CLIENT_AUTH)
  240. static int IsNoClientCert(const char* line)
  241. {
  242. const char* begin;
  243. begin = XSTRSTR(line, "-x");
  244. if (begin != NULL) {
  245. return 1;
  246. }
  247. return 0;
  248. }
  249. #endif
  250. static int execute_test_case(int svr_argc, char** svr_argv,
  251. int cli_argc, char** cli_argv,
  252. int addNoVerify, int addNonBlocking,
  253. int addDisableEMS, int forceSrvDefCipherList,
  254. int forceCliDefCipherList)
  255. {
  256. #if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
  257. func_args cliArgs = {0};
  258. func_args svrArgs = {0};
  259. cliArgs.argc = cli_argc;
  260. cliArgs.argv = cli_argv;
  261. svrArgs.argc = svr_argc;
  262. svrArgs.argv = svr_argv;
  263. #else
  264. func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
  265. func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
  266. #endif
  267. tcp_ready ready;
  268. THREAD_TYPE serverThread;
  269. char commandLine[MAX_COMMAND_SZ];
  270. char cipherSuite[MAX_SUITE_SZ+1];
  271. int i;
  272. size_t added;
  273. static int tests = 1;
  274. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  275. static char portNumber[8];
  276. #endif
  277. int cliTestShouldFail = 0, svrTestShouldFail = 0;
  278. #ifdef WOLFSSL_NO_CLIENT_AUTH
  279. int reqClientCert;
  280. #endif
  281. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  282. srtp_test_helper srtp_helper;
  283. #endif
  284. /* Is Valid Cipher and Version Checks */
  285. /* build command list for the Is checks below */
  286. commandLine[0] = '\0';
  287. added = 0;
  288. for (i = 0; i < svrArgs.argc; i++) {
  289. added += XSTRLEN(svr_argv[i]) + 2;
  290. if (added >= MAX_COMMAND_SZ) {
  291. printf("server command line too long\n");
  292. break;
  293. }
  294. XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine);
  295. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  296. }
  297. if (IsValidCipherSuite(commandLine, cipherSuite, sizeof cipherSuite) == 0) {
  298. #ifdef DEBUG_SUITE_TESTS
  299. printf("cipher suite %s not supported in build\n", cipherSuite);
  300. #endif
  301. return NOT_BUILT_IN;
  302. }
  303. if (!IsValidCert(commandLine)) {
  304. #ifdef DEBUG_SUITE_TESTS
  305. printf("certificate %s not supported in build\n", commandLine);
  306. #endif
  307. return NOT_BUILT_IN;
  308. }
  309. #ifndef WOLFSSL_ALLOW_SSLV3
  310. if (IsSslVersion(commandLine) == 1) {
  311. #ifdef DEBUG_SUITE_TESTS
  312. printf("protocol version on line %s is too old\n", commandLine);
  313. #endif
  314. return VERSION_TOO_OLD;
  315. }
  316. #endif
  317. #ifndef WOLFSSL_ALLOW_TLSV10
  318. if (IsTls10Version(commandLine) == 1) {
  319. #ifdef DEBUG_SUITE_TESTS
  320. printf("protocol version on line %s is too old\n", commandLine);
  321. #endif
  322. return VERSION_TOO_OLD;
  323. }
  324. #endif
  325. #ifdef NO_OLD_TLS
  326. if (IsOldTlsVersion(commandLine) == 1) {
  327. #ifdef DEBUG_SUITE_TESTS
  328. printf("protocol version on line %s is too old\n", commandLine);
  329. #endif
  330. return VERSION_TOO_OLD;
  331. }
  332. #endif
  333. #ifdef WOLFSSL_NO_CLIENT_AUTH
  334. if (IsClientAuth(commandLine, &reqClientCert)) {
  335. #ifdef DEBUG_SUITE_TESTS
  336. printf("client auth on line %s not supported in build\n",
  337. commandLine);
  338. #endif
  339. return NOT_BUILT_IN;
  340. }
  341. #endif
  342. #ifdef NO_CERTS
  343. if (IsUsingCert(commandLine)) {
  344. #ifdef DEBUG_SUITE_TESTS
  345. printf("certificate %s not supported in build\n", commandLine);
  346. #endif
  347. return NOT_BUILT_IN;
  348. }
  349. #endif
  350. /* Build Server Command */
  351. if (addNoVerify) {
  352. printf("repeating test with client cert request off\n");
  353. if (svrArgs.argc >= MAX_ARGS)
  354. printf("server command line too long\n");
  355. else
  356. svr_argv[svrArgs.argc++] = noVerifyFlag;
  357. }
  358. if (addNonBlocking) {
  359. printf("repeating test with non blocking on\n");
  360. if (svrArgs.argc >= MAX_ARGS)
  361. printf("server command line too long\n");
  362. else
  363. svr_argv[svrArgs.argc++] = nonblockFlag;
  364. }
  365. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  366. /* add port */
  367. if (svrArgs.argc + 2 > MAX_ARGS)
  368. printf("cannot add the magic port number flag to server\n");
  369. else {
  370. svr_argv[svrArgs.argc++] = portFlag;
  371. svr_argv[svrArgs.argc++] = svrPort;
  372. }
  373. #endif
  374. if (forceSrvDefCipherList) {
  375. if (svrArgs.argc + 2 > MAX_ARGS)
  376. printf("cannot add the force def cipher list flag to server\n");
  377. else {
  378. svr_argv[svrArgs.argc++] = intTestFlag;
  379. svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
  380. }
  381. }
  382. #ifdef TEST_PK_PRIVKEY
  383. svr_argv[svrArgs.argc++] = (char*)"-P";
  384. #endif
  385. /* update server flags list */
  386. commandLine[0] = '\0';
  387. added = 0;
  388. for (i = 0; i < svrArgs.argc; i++) {
  389. added += XSTRLEN(svr_argv[i]) + 2;
  390. if (added >= MAX_COMMAND_SZ) {
  391. printf("server command line too long\n");
  392. break;
  393. }
  394. XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine);
  395. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  396. }
  397. printf("trying server command line[%d]: %s\n", tests, commandLine);
  398. tests++; /* test count */
  399. /* determine based on args if this test is expected to fail */
  400. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  401. svrTestShouldFail = 1;
  402. }
  403. InitTcpReady(&ready);
  404. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  405. srtp_helper_init(&srtp_helper);
  406. cliArgs.srtp_helper = &srtp_helper;
  407. svrArgs.srtp_helper = &srtp_helper;
  408. #endif
  409. #ifdef WOLFSSL_TIRTOS
  410. fdOpenSession(Task_self());
  411. #endif
  412. /* start server */
  413. svrArgs.signal = &ready;
  414. start_thread(server_test, &svrArgs, &serverThread);
  415. wait_tcp_ready(&svrArgs);
  416. /* Build Client Command */
  417. if (addNonBlocking) {
  418. if (cliArgs.argc >= MAX_ARGS)
  419. printf("cannot add the non block flag to client\n");
  420. else
  421. cli_argv[cliArgs.argc++] = nonblockFlag;
  422. }
  423. if (addDisableEMS) {
  424. printf("repeating test without extended master secret\n");
  425. if (cliArgs.argc >= MAX_ARGS)
  426. printf("cannot add the disable EMS flag to client\n");
  427. else
  428. cli_argv[cliArgs.argc++] = disableEMSFlag;
  429. }
  430. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  431. if (ready.port != 0) {
  432. if (cliArgs.argc + 2 > MAX_ARGS)
  433. printf("cannot add the magic port number flag to client\n");
  434. else {
  435. (void)snprintf(portNumber, sizeof(portNumber), "%d",
  436. (int)ready.port);
  437. cli_argv[cliArgs.argc++] = portFlag;
  438. cli_argv[cliArgs.argc++] = portNumber;
  439. }
  440. }
  441. #endif
  442. if (forceCliDefCipherList) {
  443. if (cliArgs.argc + 2 > MAX_ARGS)
  444. printf("cannot add the force def cipher list flag to client\n");
  445. else {
  446. cli_argv[cliArgs.argc++] = intTestFlag;
  447. cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
  448. }
  449. }
  450. #ifdef TEST_PK_PRIVKEY
  451. cli_argv[cliArgs.argc++] = (char*)"-P";
  452. #endif
  453. commandLine[0] = '\0';
  454. added = 0;
  455. for (i = 0; i < cliArgs.argc; i++) {
  456. added += XSTRLEN(cli_argv[i]) + 2;
  457. if (added >= MAX_COMMAND_SZ) {
  458. printf("client command line too long\n");
  459. break;
  460. }
  461. XSTRLCAT(commandLine, cli_argv[i], sizeof commandLine);
  462. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  463. }
  464. if (!IsValidCA(commandLine)) {
  465. #ifdef DEBUG_SUITE_TESTS
  466. printf("certificate %s not supported in build\n", commandLine);
  467. #endif
  468. return NOT_BUILT_IN;
  469. }
  470. #ifdef WOLFSSL_NO_CLIENT_AUTH
  471. if (reqClientCert && IsNoClientCert(commandLine)) {
  472. #ifdef DEBUG_SUITE_TESTS
  473. printf("client auth on line %s not supported in build\n",
  474. commandLine);
  475. #endif
  476. return NOT_BUILT_IN;
  477. }
  478. #endif
  479. #ifdef NO_CERTS
  480. if (IsNoClientCert(commandLine)) {
  481. #ifdef DEBUG_SUITE_TESTS
  482. printf("certificate %s not supported in build\n", commandLine);
  483. #endif
  484. return NOT_BUILT_IN;
  485. }
  486. #endif
  487. printf("trying client command line[%d]: %s\n", tests, commandLine);
  488. tests++;
  489. /* determine based on args if this test is expected to fail */
  490. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  491. cliTestShouldFail = 1;
  492. }
  493. /* start client */
  494. client_test(&cliArgs);
  495. /* verify results */
  496. if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
  497. (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
  498. printf("client_test failed %d %s\n", cliArgs.return_code,
  499. cliTestShouldFail ? "(should fail)" : "");
  500. XEXIT(EXIT_FAILURE);
  501. }
  502. join_thread(serverThread);
  503. if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
  504. (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
  505. printf("server_test failed %d %s\n", svrArgs.return_code,
  506. svrTestShouldFail ? "(should fail)" : "");
  507. XEXIT(EXIT_FAILURE);
  508. }
  509. #ifdef WOLFSSL_TIRTOS
  510. fdCloseSession(Task_self());
  511. #endif
  512. FreeTcpReady(&ready);
  513. #if defined (WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  514. srtp_helper_free(&srtp_helper);
  515. #endif
  516. /* only run the first test for expected failure cases */
  517. /* the example server/client are not designed to handle expected failure in
  518. all cases, such as non-blocking, etc... */
  519. if (svrTestShouldFail || cliTestShouldFail) {
  520. return NOT_BUILT_IN;
  521. }
  522. return 0;
  523. }
  524. static void test_harness(void* vargs)
  525. {
  526. func_args* args = (func_args*)vargs;
  527. char* script;
  528. long sz, len;
  529. int cliMode = 0; /* server or client command flag, server first */
  530. int ret;
  531. FILE* file;
  532. char* svrArgs[MAX_ARGS];
  533. int svrArgsSz;
  534. char* cliArgs[MAX_ARGS];
  535. int cliArgsSz;
  536. char* cursor;
  537. char* comment;
  538. char lastChar = '\0';
  539. int do_it = 0;
  540. const char* fname = "tests/test.conf";
  541. const char* addArgs = NULL;
  542. if (args->argc == 1) {
  543. printf("notice: using default file %s\n", fname);
  544. }
  545. else if (args->argc == 3) {
  546. addArgs = args->argv[2];
  547. }
  548. else if (args->argc > 3) {
  549. printf("usage: harness [FILE] [ARG]\n");
  550. args->return_code = 1;
  551. return;
  552. }
  553. if (args->argc >= 2) {
  554. fname = args->argv[1];
  555. }
  556. file = fopen(fname, "rb");
  557. if (file == NULL) {
  558. fprintf(stderr, "unable to open %s\n", fname);
  559. args->return_code = 1;
  560. return;
  561. }
  562. if (fseek(file, 0, SEEK_END) < 0) {
  563. fprintf(stderr, "error %d fseeking %s\n", errno, fname);
  564. fclose(file);
  565. args->return_code = 1;
  566. return;
  567. }
  568. sz = ftell(file);
  569. if (sz <= 0) {
  570. fprintf(stderr, "%s is empty\n", fname);
  571. fclose(file);
  572. args->return_code = 1;
  573. return;
  574. }
  575. if (fseek(file, 0, SEEK_SET) < 0) {
  576. fprintf(stderr, "error %d fseeking %s\n", errno, fname);
  577. fclose(file);
  578. args->return_code = 1;
  579. return;
  580. }
  581. script = (char*)malloc(sz+1);
  582. if (script == 0) {
  583. fprintf(stderr, "unable to allocate script buffer\n");
  584. fclose(file);
  585. args->return_code = 1;
  586. return;
  587. }
  588. len = fread(script, 1, sz, file);
  589. if (len != sz) {
  590. fprintf(stderr, "read error\n");
  591. fclose(file);
  592. free(script);
  593. args->return_code = 1;
  594. return;
  595. }
  596. fclose(file);
  597. script[sz] = 0;
  598. cursor = script;
  599. svrArgsSz = 1;
  600. svrArgs[0] = args->argv[0];
  601. cliArgsSz = 1;
  602. cliArgs[0] = args->argv[0];
  603. while (cursor && *cursor != 0) {
  604. switch (*cursor) {
  605. case '\n':
  606. /* A blank line triggers test case execution or switches
  607. to client mode if we don't have the client command yet */
  608. if (lastChar != '\n' && (cliArgsSz > 1 || svrArgsSz > 1)) {
  609. if (cliMode == 0)
  610. cliMode = 1; /* switch to client mode processing */
  611. else
  612. do_it = 1; /* Do It, we have server and client */
  613. }
  614. #ifdef DEBUG_SUITE_TESTS
  615. else {
  616. /* skip extra new-lines */
  617. printf("skipping extra new line\n");
  618. }
  619. #endif
  620. lastChar = *cursor;
  621. cursor++;
  622. break;
  623. case '#':
  624. lastChar = *cursor;
  625. /* Ignore lines that start with a # */
  626. comment = XSTRSEP(&cursor, "\n");
  627. #ifdef DEBUG_SUITE_TESTS
  628. printf("%s\n", comment);
  629. #else
  630. (void)comment;
  631. #endif
  632. break;
  633. case '-':
  634. default:
  635. /* Parameters start with a -. They end in either a newline
  636. * or a space. Capture until either, save in Args list. */
  637. lastChar = *cursor;
  638. if (cliMode)
  639. cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n");
  640. else
  641. svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n");
  642. if (cursor == NULL || *cursor == '\0') /* eof */
  643. do_it = 1;
  644. break;
  645. }
  646. if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
  647. fprintf(stderr, "too many arguments, forcing test run\n");
  648. do_it = 1;
  649. }
  650. if (do_it) {
  651. /* additional arguments processing */
  652. if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) {
  653. if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) {
  654. /* The `-2` disable DH prime check is added to all tests by default */
  655. cliArgs[cliArgsSz++] = disableDHPrimeTest;
  656. svrArgs[svrArgsSz++] = disableDHPrimeTest;
  657. }
  658. if (addArgs && XSTRSTR(addArgs, "expFail")) {
  659. /* Tests should expect to fail */
  660. cliArgs[cliArgsSz++] = intTestFlag;
  661. cliArgs[cliArgsSz++] = exitWithRetFlag;
  662. svrArgs[svrArgsSz++] = intTestFlag;
  663. svrArgs[svrArgsSz++] = exitWithRetFlag;
  664. }
  665. }
  666. ret = execute_test_case(svrArgsSz, svrArgs,
  667. cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
  668. /* don't repeat if not supported in build */
  669. if (ret == 0) {
  670. /* test with default cipher list on server side */
  671. execute_test_case(svrArgsSz, svrArgs,
  672. cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
  673. /* test with default cipher list on client side */
  674. execute_test_case(svrArgsSz, svrArgs,
  675. cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
  676. execute_test_case(svrArgsSz, svrArgs,
  677. cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
  678. execute_test_case(svrArgsSz, svrArgs,
  679. cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
  680. execute_test_case(svrArgsSz, svrArgs,
  681. cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
  682. #ifdef HAVE_EXTENDED_MASTER
  683. execute_test_case(svrArgsSz, svrArgs,
  684. cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
  685. execute_test_case(svrArgsSz, svrArgs,
  686. cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
  687. execute_test_case(svrArgsSz, svrArgs,
  688. cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
  689. execute_test_case(svrArgsSz, svrArgs,
  690. cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
  691. #endif
  692. }
  693. svrArgsSz = 1;
  694. cliArgsSz = 1;
  695. cliMode = 0;
  696. do_it = 0;
  697. }
  698. }
  699. free(script);
  700. args->return_code = 0;
  701. }
  702. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  703. int SuiteTest(int argc, char** argv)
  704. {
  705. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
  706. !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
  707. !defined(SINGLE_THREADED)
  708. func_args args;
  709. char argv0[3][80];
  710. char* myArgv[3];
  711. printf(" Begin Cipher Suite Tests\n");
  712. /* setup */
  713. myArgv[0] = argv0[0];
  714. myArgv[1] = argv0[1];
  715. myArgv[2] = argv0[2];
  716. args.argv = myArgv;
  717. XSTRLCPY(argv0[0], "SuiteTest", sizeof(argv0[0]));
  718. #ifdef WOLFSSL_STATIC_MEMORY
  719. byte memory[200000];
  720. #endif
  721. cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  722. if (cipherSuiteCtx == NULL) {
  723. printf("can't get cipher suite ctx\n");
  724. args.return_code = EXIT_FAILURE;
  725. goto exit;
  726. }
  727. /* load in static memory buffer if enabled */
  728. #ifdef WOLFSSL_STATIC_MEMORY
  729. if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
  730. memory, sizeof(memory), 0, 1)
  731. != WOLFSSL_SUCCESS) {
  732. printf("unable to load static memory and create ctx");
  733. args.return_code = EXIT_FAILURE;
  734. goto exit;
  735. }
  736. #endif
  737. #ifdef WOLFSSL_ASYNC_CRYPT
  738. if (wolfAsync_DevOpen(&devId) < 0) {
  739. printf("Async device open failed");
  740. args.return_code = EXIT_FAILURE;
  741. goto exit;
  742. }
  743. wolfSSL_CTX_SetDevId(cipherSuiteCtx, devId);
  744. #endif /* WOLFSSL_ASYNC_CRYPT */
  745. /* support for custom command line tests */
  746. if (argc > 1) {
  747. /* Examples:
  748. ./tests/unit.test tests/test-altchains.conf
  749. ./tests/unit.test tests/test-fails.conf expFail
  750. ./tests/unit.test tests/test-dhprime.conf doDH
  751. */
  752. args.argc = argc;
  753. args.argv = argv;
  754. test_harness(&args);
  755. if (args.return_code != 0) {
  756. printf("error from script %d\n", args.return_code);
  757. args.return_code = EXIT_FAILURE;
  758. }
  759. goto exit;
  760. }
  761. /* default case */
  762. args.argc = 1;
  763. printf("starting default cipher suite tests\n");
  764. test_harness(&args);
  765. if (args.return_code != 0) {
  766. printf("error from script %d\n", args.return_code);
  767. args.return_code = EXIT_FAILURE;
  768. goto exit;
  769. }
  770. /* any extra cases will need another argument */
  771. args.argc = 2;
  772. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  773. /* SHA-2 cipher suites in old TLS versions */
  774. XSTRLCPY(argv0[1], "tests/test-sha2.conf", sizeof(argv0[1]));
  775. printf("starting SHA-2 cipher suite in old TLS versions tests\n");
  776. test_harness(&args);
  777. if (args.return_code != 0) {
  778. printf("error from script %d\n", args.return_code);
  779. args.return_code = EXIT_FAILURE;
  780. goto exit;
  781. }
  782. #endif
  783. #ifdef WOLFSSL_TLS13
  784. /* add TLSv13 extra suites */
  785. XSTRLCPY(argv0[1], "tests/test-tls13.conf", sizeof(argv0[1]));
  786. printf("starting TLSv13 extra cipher suite tests\n");
  787. test_harness(&args);
  788. if (args.return_code != 0) {
  789. printf("error from script %d\n", args.return_code);
  790. args.return_code = EXIT_FAILURE;
  791. goto exit;
  792. }
  793. #ifdef HAVE_ECC
  794. /* add TLSv13 ECC extra suites */
  795. XSTRLCPY(argv0[1], "tests/test-tls13-ecc.conf", sizeof(argv0[1]));
  796. printf("starting TLSv13 ECC extra cipher suite tests\n");
  797. test_harness(&args);
  798. if (args.return_code != 0) {
  799. printf("error from script %d\n", args.return_code);
  800. args.return_code = EXIT_FAILURE;
  801. goto exit;
  802. }
  803. #endif
  804. #ifndef WOLFSSL_NO_TLS12
  805. /* add TLSv13 downgrade tests */
  806. XSTRLCPY(argv0[1], "tests/test-tls13-down.conf", sizeof(argv0[1]));
  807. printf("starting TLSv13 Downgrade extra tests\n");
  808. test_harness(&args);
  809. if (args.return_code != 0) {
  810. printf("error from script %d\n", args.return_code);
  811. args.return_code = EXIT_FAILURE;
  812. goto exit;
  813. }
  814. #endif
  815. #ifdef HAVE_PQC
  816. /* add TLSv13 pq tests */
  817. XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
  818. printf("starting TLSv13 post-quantum groups tests\n");
  819. test_harness(&args);
  820. if (args.return_code != 0) {
  821. printf("error from script %d\n", args.return_code);
  822. args.return_code = EXIT_FAILURE;
  823. goto exit;
  824. }
  825. #ifdef HAVE_LIBOQS
  826. /* add TLSv13 pq tests */
  827. XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
  828. printf("starting TLSv13 post-quantum groups tests\n");
  829. test_harness(&args);
  830. if (args.return_code != 0) {
  831. printf("error from script %d\n", args.return_code);
  832. args.return_code = EXIT_FAILURE;
  833. goto exit;
  834. }
  835. #endif
  836. #endif
  837. #ifdef HAVE_PQC
  838. /* add TLSv13 pq tests */
  839. XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
  840. printf("starting TLSv13 post-quantum groups tests\n");
  841. test_harness(&args);
  842. if (args.return_code != 0) {
  843. printf("error from script %d\n", args.return_code);
  844. args.return_code = EXIT_FAILURE;
  845. goto exit;
  846. }
  847. #ifdef HAVE_LIBOQS
  848. /* add TLSv13 pq tests */
  849. XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
  850. printf("starting TLSv13 post-quantum groups tests\n");
  851. test_harness(&args);
  852. if (args.return_code != 0) {
  853. printf("error from script %d\n", args.return_code);
  854. args.return_code = EXIT_FAILURE;
  855. goto exit;
  856. }
  857. #endif
  858. #endif
  859. #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
  860. /* add DTLSv13 pq tests */
  861. XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
  862. printf("starting DTLSv13 post-quantum groups tests\n");
  863. test_harness(&args);
  864. if (args.return_code != 0) {
  865. printf("error from script %d\n", args.return_code);
  866. args.return_code = EXIT_FAILURE;
  867. goto exit;
  868. }
  869. #ifdef WOLFSSL_DTLS_CH_FRAG
  870. /* add DTLSv13 pq frag tests */
  871. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1]));
  872. printf("starting DTLSv13 post-quantum groups tests with fragmentation\n");
  873. test_harness(&args);
  874. if (args.return_code != 0) {
  875. printf("error from script %d\n", args.return_code);
  876. args.return_code = EXIT_FAILURE;
  877. goto exit;
  878. }
  879. #endif
  880. #ifdef HAVE_LIBOQS
  881. /* add DTLSv13 pq 2 tests */
  882. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2.conf", sizeof(argv0[1]));
  883. printf("starting DTLSv13 post-quantum 2 groups tests\n");
  884. test_harness(&args);
  885. if (args.return_code != 0) {
  886. printf("error from script %d\n", args.return_code);
  887. args.return_code = EXIT_FAILURE;
  888. goto exit;
  889. }
  890. #ifdef WOLFSSL_DTLS_CH_FRAG
  891. /* add DTLSv13 pq 2 frag tests */
  892. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2-frag.conf", sizeof(argv0[1]));
  893. printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
  894. test_harness(&args);
  895. if (args.return_code != 0) {
  896. printf("error from script %d\n", args.return_code);
  897. args.return_code = EXIT_FAILURE;
  898. goto exit;
  899. }
  900. #endif
  901. #endif
  902. #endif
  903. #endif
  904. #if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
  905. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
  906. (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \
  907. (HAVE_SELFTEST_VERSION > 2)))
  908. /* add RSA-PSS certificate cipher suite tests */
  909. XSTRLCPY(argv0[1], "tests/test-rsapss.conf", sizeof(argv0[1]));
  910. printf("starting RSA-PSS extra cipher suite tests\n");
  911. test_harness(&args);
  912. if (args.return_code != 0) {
  913. printf("error from script %d\n", args.return_code);
  914. args.return_code = EXIT_FAILURE;
  915. goto exit;
  916. }
  917. #endif
  918. #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \
  919. defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \
  920. defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT)
  921. /* add ED25519 certificate cipher suite tests */
  922. XSTRLCPY(argv0[1], "tests/test-ed25519.conf", sizeof(argv0[1]));
  923. printf("starting ED25519 extra cipher suite tests\n");
  924. test_harness(&args);
  925. if (args.return_code != 0) {
  926. printf("error from script %d\n", args.return_code);
  927. args.return_code = EXIT_FAILURE;
  928. goto exit;
  929. }
  930. #endif
  931. #if defined(HAVE_CURVE448) && defined(HAVE_ED448) && \
  932. defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) && \
  933. defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT)
  934. /* add ED448 certificate cipher suite tests */
  935. XSTRLCPY(argv0[1], "tests/test-ed448.conf", sizeof(argv0[1]));
  936. printf("starting ED448 extra cipher suite tests\n");
  937. test_harness(&args);
  938. if (args.return_code != 0) {
  939. printf("error from script %d\n", args.return_code);
  940. args.return_code = EXIT_FAILURE;
  941. goto exit;
  942. }
  943. #endif
  944. #if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
  945. (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  946. /* add P-521 certificate cipher suite tests */
  947. XSTRLCPY(argv0[1], "tests/test-p521.conf", sizeof(argv0[1]));
  948. printf("starting P-521 extra cipher suite tests\n");
  949. test_harness(&args);
  950. if (args.return_code != 0) {
  951. printf("error from script %d\n", args.return_code);
  952. args.return_code = EXIT_FAILURE;
  953. goto exit;
  954. }
  955. #endif
  956. #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
  957. defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \
  958. /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \
  959. !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V)
  960. /* TLS non-NIST curves (Koblitz / Brainpool) */
  961. XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1]));
  962. printf("starting TLS test of non-NIST curves (Koblitz / Brainpool)\n");
  963. test_harness(&args);
  964. if (args.return_code != 0) {
  965. printf("error from script %d\n", args.return_code);
  966. args.return_code = EXIT_FAILURE;
  967. goto exit;
  968. }
  969. #endif
  970. #ifdef WOLFSSL_DTLS
  971. /* add dtls extra suites */
  972. XSTRLCPY(argv0[1], "tests/test-dtls.conf", sizeof(argv0[1]));
  973. printf("starting dtls extra cipher suite tests\n");
  974. test_harness(&args);
  975. if (args.return_code != 0) {
  976. printf("error from script %d\n", args.return_code);
  977. args.return_code = EXIT_FAILURE;
  978. goto exit;
  979. }
  980. /* add dtls grouping tests */
  981. XSTRLCPY(argv0[1], "tests/test-dtls-group.conf", sizeof(argv0[1]));
  982. printf("starting dtls message grouping tests\n");
  983. test_harness(&args);
  984. if (args.return_code != 0) {
  985. printf("error from script %d\n", args.return_code);
  986. args.return_code = EXIT_FAILURE;
  987. goto exit;
  988. }
  989. /* add dtls session resumption tests */
  990. XSTRLCPY(argv0[1], "tests/test-dtls-resume.conf", sizeof(argv0[1]));
  991. printf("starting dtls session resumption tests\n");
  992. test_harness(&args);
  993. if (args.return_code != 0) {
  994. printf("error from script %d\n", args.return_code);
  995. args.return_code = EXIT_FAILURE;
  996. goto exit;
  997. }
  998. #ifdef HAVE_SECURE_RENEGOTIATION
  999. /* add dtls renegotiation tests */
  1000. XSTRLCPY(argv0[1], "tests/test-dtls-reneg-client.conf", sizeof(argv0[1]));
  1001. printf("starting dtls secure renegotiation client tests\n");
  1002. test_harness(&args);
  1003. if (args.return_code != 0) {
  1004. printf("error from script %d\n", args.return_code);
  1005. args.return_code = EXIT_FAILURE;
  1006. goto exit;
  1007. }
  1008. XSTRLCPY(argv0[1], "tests/test-dtls-reneg-server.conf", sizeof(argv0[1]));
  1009. printf("starting dtls secure renegotiation server tests\n");
  1010. test_harness(&args);
  1011. if (args.return_code != 0) {
  1012. printf("error from script %d\n", args.return_code);
  1013. args.return_code = EXIT_FAILURE;
  1014. goto exit;
  1015. }
  1016. #endif
  1017. #ifdef WOLFSSL_DTLS_MTU
  1018. /* Add dtls different MTU size tests.
  1019. * These also use grouping to force wolfSSL to
  1020. * bounce off the MTU limit more */
  1021. XSTRLCPY(argv0[1], "tests/test-dtls-mtu.conf", sizeof(argv0[1]));
  1022. printf("starting dtls MTU tests\n");
  1023. test_harness(&args);
  1024. if (args.return_code != 0) {
  1025. printf("error from script %d\n", args.return_code);
  1026. args.return_code = EXIT_FAILURE;
  1027. goto exit;
  1028. }
  1029. #endif
  1030. /* Add dtls downgrade test */
  1031. XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
  1032. printf("starting dtls downgrade tests\n");
  1033. test_harness(&args);
  1034. if (args.return_code != 0) {
  1035. printf("error from script %d\n", args.return_code);
  1036. args.return_code = EXIT_FAILURE;
  1037. goto exit;
  1038. }
  1039. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  1040. /* add dtls extra suites */
  1041. XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
  1042. printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n");
  1043. test_harness(&args);
  1044. if (args.return_code != 0) {
  1045. printf("error from script %d\n", args.return_code);
  1046. args.return_code = EXIT_FAILURE;
  1047. goto exit;
  1048. }
  1049. #endif
  1050. #ifndef WOLFSSL_NO_DTLS_SIZE_CHECK
  1051. /* failure tests */
  1052. args.argc = 3;
  1053. XSTRLCPY(argv0[1], "tests/test-dtls-fails.conf", sizeof(argv0[1]));
  1054. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1055. printf("starting dtls tests that expect failure\n");
  1056. test_harness(&args);
  1057. if (args.return_code != 0) {
  1058. printf("error from script %d\n", args.return_code);
  1059. args.return_code = EXIT_FAILURE;
  1060. goto exit;
  1061. }
  1062. XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
  1063. #endif
  1064. #ifdef WOLFSSL_EXTRA_ALERTS
  1065. /* failure tests */
  1066. args.argc = 3;
  1067. XSTRLCPY(argv0[1], "tests/test-dtls-fails-cipher.conf", sizeof(argv0[1]));
  1068. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1069. printf("starting dtls cipher mismatch tests that expect failure\n");
  1070. test_harness(&args);
  1071. if (args.return_code != 0) {
  1072. printf("error from script %d\n", args.return_code);
  1073. args.return_code = EXIT_FAILURE;
  1074. goto exit;
  1075. }
  1076. XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
  1077. #endif
  1078. #ifdef WOLFSSL_SRTP
  1079. args.argc = 2;
  1080. strcpy(argv0[1], "tests/test-dtls-srtp.conf");
  1081. printf("starting dtls srtp suite tests\n");
  1082. test_harness(&args);
  1083. if (args.return_code != 0) {
  1084. printf("error from script %d\n", args.return_code);
  1085. args.return_code = EXIT_FAILURE;
  1086. goto exit;
  1087. }
  1088. /* failure tests */
  1089. args.argc = 3;
  1090. strcpy(argv0[1], "tests/test-dtls-srtp-fails.conf");
  1091. strcpy(argv0[2], "expFail"); /* tests are expected to fail */
  1092. printf("starting dtls srtp profile mismatch tests that expect failure\n");
  1093. test_harness(&args);
  1094. if (args.return_code != 0) {
  1095. printf("error from script %d\n", args.return_code);
  1096. args.return_code = EXIT_FAILURE;
  1097. goto exit;
  1098. }
  1099. strcpy(argv0[2], "");
  1100. #endif
  1101. #ifdef WOLFSSL_DTLS13
  1102. args.argc = 2;
  1103. strcpy(argv0[1], "tests/test-dtls13.conf");
  1104. printf("starting DTLSv1.3 suite\n");
  1105. test_harness(&args);
  1106. if (args.return_code != 0) {
  1107. printf("error from script %d\n", args.return_code);
  1108. args.return_code = EXIT_FAILURE;
  1109. goto exit;
  1110. }
  1111. #ifndef WOLFSSL_NO_TLS12
  1112. args.argc = 2;
  1113. strcpy(argv0[1], "tests/test-dtls13-downgrade.conf");
  1114. printf("starting DTLSv1.3 suite - downgrade\n");
  1115. test_harness(&args);
  1116. if (args.return_code != 0) {
  1117. printf("error from script %d\n", args.return_code);
  1118. args.return_code = EXIT_FAILURE;
  1119. goto exit;
  1120. }
  1121. args.argc = 3;
  1122. strcpy(argv0[1], "tests/test-dtls13-downgrade-fails.conf");
  1123. strcpy(argv0[2], "expFail");
  1124. printf("starting DTLSv1.3 suite - downgrade - (expFails)\n");
  1125. test_harness(&args);
  1126. if (args.return_code != 0) {
  1127. printf("error from script %d\n", args.return_code);
  1128. args.return_code = EXIT_FAILURE;
  1129. goto exit;
  1130. }
  1131. args.argc = 2;
  1132. XMEMSET(argv0[2], 0, sizeof(argv0[2]));
  1133. #endif /* WOLFSSL_NO_TLS12 */
  1134. #ifndef NO_PSK
  1135. XSTRLCPY(argv0[1], "tests/test-dtls13-psk.conf", sizeof(argv0[1]));
  1136. printf("starting DTLS 1.3 psk suite tests\n");
  1137. test_harness(&args);
  1138. if (args.return_code != 0) {
  1139. printf("error from script %d\n", args.return_code);
  1140. args.return_code = EXIT_FAILURE;
  1141. goto exit;
  1142. }
  1143. #endif /* NO_PSK */
  1144. #ifdef WOLFSSL_DTLS_CID
  1145. XSTRLCPY(argv0[1], "tests/test-dtls13-cid.conf", sizeof(argv0[1]));
  1146. printf("starting DTLS 1.3 ConnectionID suite tests\n");
  1147. test_harness(&args);
  1148. if (args.return_code != 0) {
  1149. printf("error from script %d\n", args.return_code);
  1150. args.return_code = EXIT_FAILURE;
  1151. goto exit;
  1152. }
  1153. #endif /* WOLFSSL_DTLS_CID */
  1154. #endif /* WOLFSSL_DTLS13 */
  1155. #endif
  1156. #ifdef WOLFSSL_SCTP
  1157. /* add dtls-sctp extra suites */
  1158. XSTRLCPY(argv0[1], "tests/test-sctp.conf", sizeof(argv0[1]));
  1159. printf("starting dtls-sctp extra cipher suite tests\n");
  1160. test_harness(&args);
  1161. if (args.return_code != 0) {
  1162. printf("error from script %d\n", args.return_code);
  1163. args.return_code = EXIT_FAILURE;
  1164. goto exit;
  1165. }
  1166. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  1167. /* add dtls-sctp extra suites */
  1168. XSTRLCPY(argv0[1], "tests/test-sctp-sha2.conf", sizeof(argv0[1]));
  1169. printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n");
  1170. test_harness(&args);
  1171. if (args.return_code != 0) {
  1172. printf("error from script %d\n", args.return_code);
  1173. args.return_code = EXIT_FAILURE;
  1174. goto exit;
  1175. }
  1176. #endif
  1177. #endif
  1178. #ifndef WC_STRICT_SIG
  1179. #if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
  1180. /* add extra signature test suites */
  1181. XSTRLCPY(argv0[1], "tests/test-sig.conf", sizeof(argv0[1]));
  1182. printf("starting sig extra cipher suite tests\n");
  1183. test_harness(&args);
  1184. if (args.return_code != 0) {
  1185. printf("error from script %d\n", args.return_code);
  1186. args.return_code = EXIT_FAILURE;
  1187. goto exit;
  1188. }
  1189. #endif /* HAVE_RSA and HAVE_ECC */
  1190. #endif /* !WC_STRICT_SIG */
  1191. #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \
  1192. (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM))
  1193. /* add SM2/SM3/SM4 test suites */
  1194. XSTRLCPY(argv0[1], "tests/test-sm2.conf", sizeof(argv0[1]));
  1195. printf("starting SM2/SM3/SM4 cipher suite tests\n");
  1196. test_harness(&args);
  1197. if (args.return_code != 0) {
  1198. printf("error from script %d\n", args.return_code);
  1199. args.return_code = EXIT_FAILURE;
  1200. goto exit;
  1201. }
  1202. #endif
  1203. #ifndef NO_PSK
  1204. #ifndef WOLFSSL_NO_TLS12
  1205. #if !defined(NO_RSA) || defined(HAVE_ECC)
  1206. /* add psk cipher suites */
  1207. XSTRLCPY(argv0[1], "tests/test-psk.conf", sizeof(argv0[1]));
  1208. printf("starting psk cipher suite tests\n");
  1209. test_harness(&args);
  1210. if (args.return_code != 0) {
  1211. printf("error from script %d\n", args.return_code);
  1212. args.return_code = EXIT_FAILURE;
  1213. goto exit;
  1214. }
  1215. #endif
  1216. #endif
  1217. #ifdef WOLFSSL_TLS13
  1218. /* add psk extra suites */
  1219. XSTRLCPY(argv0[1], "tests/test-tls13-psk.conf", sizeof(argv0[1]));
  1220. printf("starting TLS 1.3 psk no identity extra cipher suite tests\n");
  1221. test_harness(&args);
  1222. if (args.return_code != 0) {
  1223. printf("error from script %d\n", args.return_code);
  1224. args.return_code = EXIT_FAILURE;
  1225. goto exit;
  1226. }
  1227. #endif
  1228. #endif
  1229. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_MD5) &&\
  1230. !defined(NO_SHA)
  1231. /* test encrypted keys */
  1232. XSTRLCPY(argv0[1], "tests/test-enckeys.conf", sizeof(argv0[1]));
  1233. printf("starting encrypted keys extra cipher suite tests\n");
  1234. test_harness(&args);
  1235. if (args.return_code != 0) {
  1236. printf("error from script %d\n", args.return_code);
  1237. args.return_code = EXIT_FAILURE;
  1238. goto exit;
  1239. }
  1240. #endif
  1241. #ifdef HAVE_MAX_FRAGMENT
  1242. /* Max fragment cipher suite tests */
  1243. XSTRLCPY(argv0[1], "tests/test-maxfrag.conf", sizeof(argv0[1]));
  1244. printf("starting max fragment cipher suite tests\n");
  1245. test_harness(&args);
  1246. if (args.return_code != 0) {
  1247. printf("error from script %d\n", args.return_code);
  1248. args.return_code = EXIT_FAILURE;
  1249. goto exit;
  1250. }
  1251. #ifdef WOLFSSL_DTLS
  1252. XSTRLCPY(argv0[1], "tests/test-maxfrag-dtls.conf", sizeof(argv0[1]));
  1253. printf("starting dtls max fragment cipher suite tests\n");
  1254. test_harness(&args);
  1255. if (args.return_code != 0) {
  1256. printf("error from script %d\n", args.return_code);
  1257. args.return_code = EXIT_FAILURE;
  1258. goto exit;
  1259. }
  1260. #endif
  1261. #endif
  1262. #ifdef WOLFSSL_ALT_CERT_CHAINS
  1263. /* tests for alt chains */
  1264. XSTRLCPY(argv0[1], "tests/test-altchains.conf", sizeof(argv0[1]));
  1265. printf("starting certificate alternate chain cipher suite tests\n");
  1266. test_harness(&args);
  1267. if (args.return_code != 0) {
  1268. printf("error from script %d\n", args.return_code);
  1269. args.return_code = EXIT_FAILURE;
  1270. goto exit;
  1271. }
  1272. #else
  1273. /* tests for chains */
  1274. XSTRLCPY(argv0[1], "tests/test-chains.conf", sizeof(argv0[1]));
  1275. printf("starting certificate chain cipher suite tests\n");
  1276. test_harness(&args);
  1277. if (args.return_code != 0) {
  1278. printf("error from script %d\n", args.return_code);
  1279. args.return_code = EXIT_FAILURE;
  1280. goto exit;
  1281. }
  1282. #endif
  1283. #ifdef WOLFSSL_TRUST_PEER_CERT
  1284. /* tests for trusted peer cert */
  1285. XSTRLCPY(argv0[1], "tests/test-trustpeer.conf", sizeof(argv0[1]));
  1286. printf("starting trusted peer certificate cipher suite tests\n");
  1287. test_harness(&args);
  1288. if (args.return_code != 0) {
  1289. printf("error from script %d\n", args.return_code);
  1290. args.return_code = EXIT_FAILURE;
  1291. goto exit;
  1292. }
  1293. #endif
  1294. /* tests for dh prime */
  1295. args.argc = 3;
  1296. XSTRLCPY(argv0[1], "tests/test-dhprime.conf", sizeof(argv0[1]));
  1297. XSTRLCPY(argv0[2], "doDH", sizeof(argv0[2])); /* add DH prime flag */
  1298. printf("starting dh prime tests\n");
  1299. test_harness(&args);
  1300. if (args.return_code != 0) {
  1301. printf("error from script %d\n", args.return_code);
  1302. args.return_code = EXIT_FAILURE;
  1303. goto exit;
  1304. }
  1305. /* failure tests */
  1306. args.argc = 3;
  1307. XSTRLCPY(argv0[1], "tests/test-fails.conf", sizeof(argv0[1]));
  1308. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1309. printf("starting tests that expect failure\n");
  1310. test_harness(&args);
  1311. if (args.return_code != 0) {
  1312. printf("error from script %d\n", args.return_code);
  1313. args.return_code = EXIT_FAILURE;
  1314. goto exit;
  1315. }
  1316. exit:
  1317. if (args.return_code == 0)
  1318. printf("\n Success -- All results as expected.\n");
  1319. printf(" End Cipher Suite Tests\n");
  1320. wolfSSL_CTX_free(cipherSuiteCtx);
  1321. wolfSSL_Cleanup();
  1322. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  1323. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  1324. wc_ecc_fp_free(); /* free per thread cache */
  1325. #endif
  1326. #ifdef WOLFSSL_ASYNC_CRYPT
  1327. wolfAsync_DevClose(&devId);
  1328. #endif
  1329. return args.return_code;
  1330. #else
  1331. return NOT_COMPILED_IN;
  1332. (void)argc;
  1333. (void)argv;
  1334. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  1335. }