2
0

suites.c 47 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526
  1. /* suites.c
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #include <tests/unit.h>
  22. #ifdef NO_INLINE
  23. #include <wolfssl/wolfcrypt/misc.h>
  24. #else
  25. #define WOLFSSL_MISC_INCLUDED
  26. #include <wolfcrypt/src/misc.c>
  27. #endif
  28. #include <stdlib.h>
  29. #include <stdio.h>
  30. #include <string.h>
  31. #include <wolfssl/ssl.h>
  32. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  33. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  34. #include <wolfssl/wolfcrypt/ecc.h>
  35. #endif
  36. #include <wolfssl/wolfcrypt/memory.h> /* for LARGEST_MEM_BUCKET */
  37. #define MAX_ARGS 40
  38. #define MAX_COMMAND_SZ 240
  39. #ifdef WOLFSSL_TLS13
  40. #define MAX_SUITE_SZ 200
  41. #else
  42. #define MAX_SUITE_SZ 80
  43. #endif
  44. #define NOT_BUILT_IN (-123)
  45. #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
  46. !defined(WOLFSSL_ALLOW_TLSV10)
  47. #define VERSION_TOO_OLD (-124)
  48. #endif
  49. #include "examples/client/client.h"
  50. #include "examples/server/server.h"
  51. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
  52. !defined(NO_TLS) && !defined(SINGLE_THREADED)
  53. static WOLFSSL_CTX* cipherSuiteCtx = NULL;
  54. static char nonblockFlag[] = "-N";
  55. static char noVerifyFlag[] = "-d";
  56. static char disableEMSFlag[] = "-n";
  57. static char flagSep[] = " ";
  58. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  59. static char portFlag[] = "-p";
  60. static char svrPort[] = "0";
  61. #endif
  62. static char intTestFlag[] = "-H";
  63. static char forceDefCipherListFlag[] = "defCipherList";
  64. static char exitWithRetFlag[] = "exitWithRet";
  65. static char disableDHPrimeTest[] = "-2";
  66. #ifdef WOLFSSL_ASYNC_CRYPT
  67. static int devId = INVALID_DEVID;
  68. #endif
  69. #ifdef VERSION_TOO_OLD
  70. static int GetTlsVersion(const char* line)
  71. {
  72. int version = -1;
  73. const char* find = "-v ";
  74. const char* begin = strstr(line, find);
  75. if (begin) {
  76. begin += 3;
  77. if (*begin == 'd' || *begin == 'e')
  78. begin += 2;
  79. version = atoi(begin);
  80. }
  81. return version;
  82. }
  83. #ifndef WOLFSSL_ALLOW_SSLV3
  84. /* if the protocol version is sslv3 return 1, else 0 */
  85. static int IsSslVersion(const char* line)
  86. {
  87. int version = GetTlsVersion(line);
  88. return (version == 0) ? 1 : 0;
  89. }
  90. #endif /* !WOLFSSL_ALLOW_SSLV3 */
  91. #ifndef WOLFSSL_ALLOW_TLSV10
  92. /* if the protocol version is TLSv1.0 return 1, else 0 */
  93. static int IsTls10Version(const char* line)
  94. {
  95. int version = GetTlsVersion(line);
  96. return (version == 1) ? 1 : 0;
  97. }
  98. #endif /* !WOLFSSL_ALLOW_TLSV10 */
  99. #ifdef NO_OLD_TLS
  100. /* if the protocol version is less than tls 1.2 return 1, else 0 */
  101. static int IsOldTlsVersion(const char* line)
  102. {
  103. int version = GetTlsVersion(line);
  104. return (version < 3) ? 1 : 0;
  105. }
  106. #endif /* NO_OLD_TLS */
  107. #endif /* VERSION_TOO_OLD */
  108. /* if the cipher suite on line is valid store in suite and return 1, else 0 */
  109. static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
  110. {
  111. int found = 0;
  112. int valid = 0;
  113. const char* find = "-l ";
  114. const char* begin = strstr(line, find);
  115. const char* end;
  116. if (suite_spc < MAX_SUITE_SZ+1)
  117. return 0;
  118. suite[0] = '\0';
  119. if (begin) {
  120. begin += 3;
  121. end = XSTRSTR(begin, " ");
  122. if (end) {
  123. long len = end - begin;
  124. if (len > MAX_SUITE_SZ) {
  125. printf("suite too long!\n");
  126. return 0;
  127. }
  128. XMEMCPY(suite, begin, (size_t) len);
  129. suite[len] = '\0';
  130. }
  131. else
  132. XSTRNCPY(suite, begin, MAX_SUITE_SZ);
  133. suite[MAX_SUITE_SZ] = '\0';
  134. found = 1;
  135. }
  136. if (found) {
  137. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
  138. valid = 1;
  139. }
  140. return valid;
  141. }
  142. #ifdef WOLFSSL_HAVE_KYBER
  143. static int IsKyberLevelAvailable(const char* line)
  144. {
  145. int available = 0;
  146. const char* find = "--pqc ";
  147. const char* begin = strstr(line, find);
  148. const char* end;
  149. if (begin != NULL) {
  150. begin += 6;
  151. end = XSTRSTR(begin, " ");
  152. #ifndef WOLFSSL_NO_ML_KEM
  153. if ((size_t)end - (size_t)begin == 10) {
  154. #ifndef WOLFSSL_NO_ML_KEM_512
  155. if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) {
  156. available = 1;
  157. }
  158. #endif
  159. #ifndef WOLFSSL_NO_ML_KEM_768
  160. if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) {
  161. available = 1;
  162. }
  163. #endif
  164. }
  165. #ifndef WOLFSSL_NO_ML_KEM_1024
  166. if ((size_t)end - (size_t)begin == 11) {
  167. if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) {
  168. available = 1;
  169. }
  170. }
  171. #endif
  172. #endif
  173. #ifdef WOLFSSL_KYBER_ORIGINAL
  174. if ((size_t)end - (size_t)begin == 12) {
  175. #ifndef WOLFSSL_NO_KYBER512
  176. if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) {
  177. available = 1;
  178. }
  179. #endif
  180. #ifndef WOLFSSL_NO_KYBER768
  181. if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) {
  182. available = 1;
  183. }
  184. #endif
  185. #ifndef WOLFSSL_NO_KYBER1024
  186. if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) {
  187. available = 1;
  188. }
  189. #endif
  190. }
  191. #endif
  192. }
  193. return (begin == NULL) || available;
  194. }
  195. #endif
  196. static int IsValidCert(const char* line)
  197. {
  198. int ret = 1;
  199. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  200. WOLFSSL_CTX* ctx;
  201. size_t i;
  202. const char* begin;
  203. char cert[80];
  204. #ifdef WOLFSSL_STATIC_MEMORY
  205. FILE* fStream = NULL;
  206. long chkSz = 0;
  207. #endif
  208. begin = XSTRSTR(line, "-c ");
  209. if (begin == NULL)
  210. return 1;
  211. begin += 3;
  212. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  213. cert[i] = *(begin++);
  214. cert[i] = '\0';
  215. #ifdef WOLFSSL_STATIC_MEMORY
  216. fStream = XFOPEN(cert, "rb");
  217. if (fStream == NULL) {
  218. printf("Failed to open file %s\n", cert);
  219. printf("Invalid cert, skipping test\n");
  220. return 0;
  221. } else {
  222. printf("Successfully opened file\n");
  223. }
  224. XFSEEK(fStream, 0L, SEEK_END);
  225. chkSz = XFTELL(fStream);
  226. XFCLOSE(fStream);
  227. if (chkSz > LARGEST_MEM_BUCKET) {
  228. printf("File is larger than largest bucket, skipping this test\n");
  229. return 0;
  230. }
  231. #endif
  232. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  233. if (ctx == NULL)
  234. return 0;
  235. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  236. wolfSSL_CTX_free(ctx);
  237. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  238. (void)line;
  239. return ret;
  240. }
  241. static int IsValidCA(const char* line)
  242. {
  243. int ret = 1;
  244. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  245. WOLFSSL_CTX* ctx;
  246. size_t i;
  247. const char* begin;
  248. char cert[80];
  249. begin = XSTRSTR(line, "-A ");
  250. if (begin == NULL)
  251. return 1;
  252. begin += 3;
  253. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  254. cert[i] = *(begin++);
  255. cert[i] = '\0';
  256. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  257. if (ctx == NULL)
  258. return 0;
  259. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  260. wolfSSL_CTX_free(ctx);
  261. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  262. (void)line;
  263. return ret;
  264. }
  265. #ifdef WOLFSSL_NO_CLIENT_AUTH
  266. static int IsClientAuth(const char* line, int* reqClientCert)
  267. {
  268. const char* begin;
  269. begin = XSTRSTR(line, "-H verifyFail");
  270. if (begin != NULL) {
  271. return 1;
  272. }
  273. begin = XSTRSTR(line, "-d");
  274. if (begin != NULL) {
  275. *reqClientCert = 0;
  276. }
  277. else {
  278. *reqClientCert = 1;
  279. }
  280. return 0;
  281. }
  282. #endif
  283. #ifdef NO_CERTS
  284. static int IsUsingCert(const char* line)
  285. {
  286. return XSTRSTR(line, "-c ") != NULL;
  287. }
  288. #endif
  289. #if defined(NO_CERTS) || defined(WOLFSSL_NO_CLIENT_AUTH)
  290. static int IsNoClientCert(const char* line)
  291. {
  292. const char* begin;
  293. begin = XSTRSTR(line, "-x");
  294. if (begin != NULL) {
  295. return 1;
  296. }
  297. return 0;
  298. }
  299. #endif
  300. static int execute_test_case(int svr_argc, char** svr_argv,
  301. int cli_argc, char** cli_argv,
  302. int addNoVerify, int addNonBlocking,
  303. int addDisableEMS, int forceSrvDefCipherList,
  304. int forceCliDefCipherList)
  305. {
  306. #if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
  307. func_args cliArgs = {0, NULL, 0, NULL, NULL, NULL};
  308. func_args svrArgs = {0, NULL, 0, NULL, NULL, NULL};
  309. #else
  310. func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
  311. func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
  312. #endif
  313. tcp_ready ready;
  314. THREAD_TYPE serverThread;
  315. char commandLine[MAX_COMMAND_SZ];
  316. char cipherSuite[MAX_SUITE_SZ+1];
  317. int i;
  318. size_t added;
  319. static int tests = 1;
  320. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  321. static char portNumber[8];
  322. #endif
  323. int cliTestShouldFail = 0, svrTestShouldFail = 0;
  324. #ifdef WOLFSSL_NO_CLIENT_AUTH
  325. int reqClientCert;
  326. #endif
  327. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  328. srtp_test_helper srtp_helper;
  329. #endif
  330. #if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
  331. cliArgs.argc = cli_argc;
  332. cliArgs.argv = cli_argv;
  333. svrArgs.argc = svr_argc;
  334. svrArgs.argv = svr_argv;
  335. #endif
  336. /* Is Valid Cipher and Version Checks */
  337. /* build command list for the Is checks below */
  338. commandLine[0] = '\0';
  339. added = 0;
  340. for (i = 0; i < svrArgs.argc; i++) {
  341. added += XSTRLEN(svr_argv[i]) + 2;
  342. if (added >= MAX_COMMAND_SZ) {
  343. printf("server command line too long\n");
  344. break;
  345. }
  346. XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine);
  347. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  348. }
  349. if (IsValidCipherSuite(commandLine, cipherSuite, sizeof cipherSuite) == 0) {
  350. #ifdef DEBUG_SUITE_TESTS
  351. printf("cipher suite %s not supported in build\n", cipherSuite);
  352. #endif
  353. return NOT_BUILT_IN;
  354. }
  355. #ifdef WOLFSSL_HAVE_KYBER
  356. if (!IsKyberLevelAvailable(commandLine)) {
  357. #ifdef DEBUG_SUITE_TESTS
  358. printf("Kyber level not supported in build: %s\n", commandLine);
  359. #endif
  360. return NOT_BUILT_IN;
  361. }
  362. #endif
  363. if (!IsValidCert(commandLine)) {
  364. #ifdef DEBUG_SUITE_TESTS
  365. printf("certificate %s not supported in build\n", commandLine);
  366. #endif
  367. return NOT_BUILT_IN;
  368. }
  369. #ifndef WOLFSSL_ALLOW_SSLV3
  370. if (IsSslVersion(commandLine) == 1) {
  371. #ifdef DEBUG_SUITE_TESTS
  372. printf("protocol version on line %s is too old\n", commandLine);
  373. #endif
  374. return VERSION_TOO_OLD;
  375. }
  376. #endif
  377. #ifndef WOLFSSL_ALLOW_TLSV10
  378. if (IsTls10Version(commandLine) == 1) {
  379. #ifdef DEBUG_SUITE_TESTS
  380. printf("protocol version on line %s is too old\n", commandLine);
  381. #endif
  382. return VERSION_TOO_OLD;
  383. }
  384. #endif
  385. #ifdef NO_OLD_TLS
  386. if (IsOldTlsVersion(commandLine) == 1) {
  387. #ifdef DEBUG_SUITE_TESTS
  388. printf("protocol version on line %s is too old\n", commandLine);
  389. #endif
  390. return VERSION_TOO_OLD;
  391. }
  392. #endif
  393. #ifdef WOLFSSL_NO_CLIENT_AUTH
  394. if (IsClientAuth(commandLine, &reqClientCert)) {
  395. #ifdef DEBUG_SUITE_TESTS
  396. printf("client auth on line %s not supported in build\n",
  397. commandLine);
  398. #endif
  399. return NOT_BUILT_IN;
  400. }
  401. #endif
  402. #ifdef NO_CERTS
  403. if (IsUsingCert(commandLine)) {
  404. #ifdef DEBUG_SUITE_TESTS
  405. printf("certificate %s not supported in build\n", commandLine);
  406. #endif
  407. return NOT_BUILT_IN;
  408. }
  409. #endif
  410. /* Build Server Command */
  411. if (addNoVerify) {
  412. printf("repeating test with client cert request off\n");
  413. if (svrArgs.argc >= MAX_ARGS)
  414. printf("server command line too long\n");
  415. else
  416. svr_argv[svrArgs.argc++] = noVerifyFlag;
  417. }
  418. if (addNonBlocking) {
  419. printf("repeating test with non blocking on\n");
  420. if (svrArgs.argc >= MAX_ARGS)
  421. printf("server command line too long\n");
  422. else
  423. svr_argv[svrArgs.argc++] = nonblockFlag;
  424. }
  425. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  426. /* add port */
  427. if (svrArgs.argc + 2 > MAX_ARGS)
  428. printf("cannot add the magic port number flag to server\n");
  429. else {
  430. svr_argv[svrArgs.argc++] = portFlag;
  431. svr_argv[svrArgs.argc++] = svrPort;
  432. }
  433. #endif
  434. if (forceSrvDefCipherList) {
  435. if (svrArgs.argc + 2 > MAX_ARGS)
  436. printf("cannot add the force def cipher list flag to server\n");
  437. else {
  438. svr_argv[svrArgs.argc++] = intTestFlag;
  439. svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
  440. }
  441. }
  442. #ifdef TEST_PK_PRIVKEY
  443. svr_argv[svrArgs.argc++] = (char*)"-P";
  444. #endif
  445. /* update server flags list */
  446. commandLine[0] = '\0';
  447. added = 0;
  448. for (i = 0; i < svrArgs.argc; i++) {
  449. added += XSTRLEN(svr_argv[i]) + 2;
  450. if (added >= MAX_COMMAND_SZ) {
  451. printf("server command line too long\n");
  452. break;
  453. }
  454. XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine);
  455. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  456. }
  457. printf("trying server command line[%d]: %s\n", tests, commandLine);
  458. tests++; /* test count */
  459. /* determine based on args if this test is expected to fail */
  460. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  461. svrTestShouldFail = 1;
  462. }
  463. InitTcpReady(&ready);
  464. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  465. srtp_helper_init(&srtp_helper);
  466. cliArgs.srtp_helper = &srtp_helper;
  467. svrArgs.srtp_helper = &srtp_helper;
  468. #endif
  469. #ifdef WOLFSSL_TIRTOS
  470. fdOpenSession(Task_self());
  471. #endif
  472. /* start server */
  473. svrArgs.signal = &ready;
  474. start_thread(server_test, &svrArgs, &serverThread);
  475. wait_tcp_ready(&svrArgs);
  476. /* Build Client Command */
  477. if (addNonBlocking) {
  478. if (cliArgs.argc >= MAX_ARGS)
  479. printf("cannot add the non block flag to client\n");
  480. else
  481. cli_argv[cliArgs.argc++] = nonblockFlag;
  482. }
  483. if (addDisableEMS) {
  484. printf("repeating test without extended master secret\n");
  485. if (cliArgs.argc >= MAX_ARGS)
  486. printf("cannot add the disable EMS flag to client\n");
  487. else
  488. cli_argv[cliArgs.argc++] = disableEMSFlag;
  489. }
  490. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  491. if (ready.port != 0) {
  492. if (cliArgs.argc + 2 > MAX_ARGS)
  493. printf("cannot add the magic port number flag to client\n");
  494. else {
  495. (void)snprintf(portNumber, sizeof(portNumber), "%d",
  496. (int)ready.port);
  497. cli_argv[cliArgs.argc++] = portFlag;
  498. cli_argv[cliArgs.argc++] = portNumber;
  499. }
  500. }
  501. #endif
  502. if (forceCliDefCipherList) {
  503. if (cliArgs.argc + 2 > MAX_ARGS)
  504. printf("cannot add the force def cipher list flag to client\n");
  505. else {
  506. cli_argv[cliArgs.argc++] = intTestFlag;
  507. cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
  508. }
  509. }
  510. #ifdef TEST_PK_PRIVKEY
  511. cli_argv[cliArgs.argc++] = (char*)"-P";
  512. #endif
  513. commandLine[0] = '\0';
  514. added = 0;
  515. for (i = 0; i < cliArgs.argc; i++) {
  516. added += XSTRLEN(cli_argv[i]) + 2;
  517. if (added >= MAX_COMMAND_SZ) {
  518. printf("client command line too long\n");
  519. break;
  520. }
  521. XSTRLCAT(commandLine, cli_argv[i], sizeof commandLine);
  522. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  523. }
  524. if (!IsValidCA(commandLine)) {
  525. #ifdef DEBUG_SUITE_TESTS
  526. printf("certificate %s not supported in build\n", commandLine);
  527. #endif
  528. return NOT_BUILT_IN;
  529. }
  530. #ifdef WOLFSSL_NO_CLIENT_AUTH
  531. if (reqClientCert && IsNoClientCert(commandLine)) {
  532. #ifdef DEBUG_SUITE_TESTS
  533. printf("client auth on line %s not supported in build\n",
  534. commandLine);
  535. #endif
  536. return NOT_BUILT_IN;
  537. }
  538. #endif
  539. #ifdef NO_CERTS
  540. if (IsNoClientCert(commandLine)) {
  541. #ifdef DEBUG_SUITE_TESTS
  542. printf("certificate %s not supported in build\n", commandLine);
  543. #endif
  544. return NOT_BUILT_IN;
  545. }
  546. #endif
  547. printf("trying client command line[%d]: %s\n", tests, commandLine);
  548. tests++;
  549. /* determine based on args if this test is expected to fail */
  550. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  551. cliTestShouldFail = 1;
  552. }
  553. /* start client */
  554. client_test(&cliArgs);
  555. /* verify results */
  556. if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
  557. (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
  558. printf("client_test failed %d %s\n", cliArgs.return_code,
  559. cliTestShouldFail ? "(should fail)" : "");
  560. XEXIT(EXIT_FAILURE);
  561. }
  562. join_thread(serverThread);
  563. if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
  564. (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
  565. printf("server_test failed %d %s\n", svrArgs.return_code,
  566. svrTestShouldFail ? "(should fail)" : "");
  567. XEXIT(EXIT_FAILURE);
  568. }
  569. #ifdef WOLFSSL_TIRTOS
  570. fdCloseSession(Task_self());
  571. #endif
  572. FreeTcpReady(&ready);
  573. #if defined (WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  574. srtp_helper_free(&srtp_helper);
  575. #endif
  576. /* only run the first test for expected failure cases */
  577. /* the example server/client are not designed to handle expected failure in
  578. all cases, such as non-blocking, etc... */
  579. if (svrTestShouldFail || cliTestShouldFail) {
  580. return NOT_BUILT_IN;
  581. }
  582. return 0;
  583. }
  584. static void test_harness(void* vargs)
  585. {
  586. func_args* args = (func_args*)vargs;
  587. char* script;
  588. long sz, len;
  589. int cliMode = 0; /* server or client command flag, server first */
  590. int ret;
  591. FILE* file;
  592. char* svrArgs[MAX_ARGS];
  593. int svrArgsSz;
  594. char* cliArgs[MAX_ARGS];
  595. int cliArgsSz;
  596. char* cursor;
  597. char* comment;
  598. char lastChar = '\0';
  599. int do_it = 0;
  600. const char* fname = "tests/test.conf";
  601. const char* addArgs = NULL;
  602. if (args->argc == 1) {
  603. printf("notice: using default file %s\n", fname);
  604. }
  605. else if (args->argc == 3) {
  606. addArgs = args->argv[2];
  607. }
  608. else if (args->argc > 3) {
  609. printf("usage: harness [FILE] [ARG]\n");
  610. args->return_code = 1;
  611. return;
  612. }
  613. if (args->argc >= 2) {
  614. fname = args->argv[1];
  615. }
  616. file = fopen(fname, "rb");
  617. if (file == NULL) {
  618. fprintf(stderr, "unable to open %s\n", fname);
  619. args->return_code = 1;
  620. return;
  621. }
  622. if (fseek(file, 0, SEEK_END) < 0) {
  623. fprintf(stderr, "error %d fseeking %s\n", errno, fname);
  624. fclose(file);
  625. args->return_code = 1;
  626. return;
  627. }
  628. sz = ftell(file);
  629. if (sz <= 0) {
  630. fprintf(stderr, "%s is empty\n", fname);
  631. fclose(file);
  632. args->return_code = 1;
  633. return;
  634. }
  635. if (fseek(file, 0, SEEK_SET) < 0) {
  636. fprintf(stderr, "error %d fseeking %s\n", errno, fname);
  637. fclose(file);
  638. args->return_code = 1;
  639. return;
  640. }
  641. script = (char*)malloc((size_t)(sz+1));
  642. if (script == 0) {
  643. fprintf(stderr, "unable to allocate script buffer\n");
  644. fclose(file);
  645. args->return_code = 1;
  646. return;
  647. }
  648. len = (long) fread(script, 1, (size_t)sz, file);
  649. if (len != sz) {
  650. fprintf(stderr, "read error\n");
  651. fclose(file);
  652. free(script);
  653. args->return_code = 1;
  654. return;
  655. }
  656. fclose(file);
  657. script[sz] = 0;
  658. cursor = script;
  659. svrArgsSz = 1;
  660. svrArgs[0] = args->argv[0];
  661. cliArgsSz = 1;
  662. cliArgs[0] = args->argv[0];
  663. while (cursor && *cursor != 0) {
  664. switch (*cursor) {
  665. case '\n':
  666. /* A blank line triggers test case execution or switches
  667. to client mode if we don't have the client command yet */
  668. if (lastChar != '\n' && (cliArgsSz > 1 || svrArgsSz > 1)) {
  669. if (cliMode == 0)
  670. cliMode = 1; /* switch to client mode processing */
  671. else
  672. do_it = 1; /* Do It, we have server and client */
  673. }
  674. #ifdef DEBUG_SUITE_TESTS
  675. else {
  676. /* skip extra new-lines */
  677. printf("skipping extra new line\n");
  678. }
  679. #endif
  680. lastChar = *cursor;
  681. cursor++;
  682. break;
  683. case '#':
  684. lastChar = *cursor;
  685. /* Ignore lines that start with a # */
  686. comment = XSTRSEP(&cursor, "\n");
  687. #ifdef DEBUG_SUITE_TESTS
  688. printf("%s\n", comment);
  689. #else
  690. (void)comment;
  691. #endif
  692. break;
  693. case '-':
  694. default:
  695. /* Parameters start with a -. They end in either a newline
  696. * or a space. Capture until either, save in Args list. */
  697. lastChar = *cursor;
  698. if (cliMode)
  699. cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n");
  700. else
  701. svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n");
  702. if (cursor == NULL || *cursor == '\0') /* eof */
  703. do_it = 1;
  704. break;
  705. }
  706. if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
  707. fprintf(stderr, "too many arguments, forcing test run\n");
  708. do_it = 1;
  709. }
  710. if (do_it) {
  711. /* additional arguments processing */
  712. if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) {
  713. if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) {
  714. /* The `-2` disable DH prime check is added to all tests by default */
  715. cliArgs[cliArgsSz++] = disableDHPrimeTest;
  716. svrArgs[svrArgsSz++] = disableDHPrimeTest;
  717. }
  718. if (addArgs && XSTRSTR(addArgs, "expFail")) {
  719. /* Tests should expect to fail */
  720. cliArgs[cliArgsSz++] = intTestFlag;
  721. cliArgs[cliArgsSz++] = exitWithRetFlag;
  722. svrArgs[svrArgsSz++] = intTestFlag;
  723. svrArgs[svrArgsSz++] = exitWithRetFlag;
  724. }
  725. }
  726. ret = execute_test_case(svrArgsSz, svrArgs,
  727. cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
  728. /* don't repeat if not supported in build */
  729. if (ret == 0) {
  730. /* test with default cipher list on server side */
  731. execute_test_case(svrArgsSz, svrArgs,
  732. cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
  733. /* test with default cipher list on client side */
  734. execute_test_case(svrArgsSz, svrArgs,
  735. cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
  736. execute_test_case(svrArgsSz, svrArgs,
  737. cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
  738. execute_test_case(svrArgsSz, svrArgs,
  739. cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
  740. execute_test_case(svrArgsSz, svrArgs,
  741. cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
  742. #ifdef HAVE_EXTENDED_MASTER
  743. execute_test_case(svrArgsSz, svrArgs,
  744. cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
  745. execute_test_case(svrArgsSz, svrArgs,
  746. cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
  747. execute_test_case(svrArgsSz, svrArgs,
  748. cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
  749. execute_test_case(svrArgsSz, svrArgs,
  750. cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
  751. #endif
  752. }
  753. svrArgsSz = 1;
  754. cliArgsSz = 1;
  755. cliMode = 0;
  756. do_it = 0;
  757. }
  758. }
  759. free(script);
  760. args->return_code = 0;
  761. }
  762. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  763. int SuiteTest(int argc, char** argv)
  764. {
  765. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
  766. !defined(NO_TLS) && !defined(SINGLE_THREADED) && \
  767. !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  768. func_args args;
  769. char argv0[3][80];
  770. char* myArgv[3];
  771. printf(" Begin Cipher Suite Tests\n");
  772. /* setup */
  773. myArgv[0] = argv0[0];
  774. myArgv[1] = argv0[1];
  775. myArgv[2] = argv0[2];
  776. args.argv = myArgv;
  777. XSTRLCPY(argv0[0], "SuiteTest", sizeof(argv0[0]));
  778. #ifdef WOLFSSL_STATIC_MEMORY
  779. byte memory[200000];
  780. #endif
  781. cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  782. if (cipherSuiteCtx == NULL) {
  783. printf("can't get cipher suite ctx\n");
  784. args.return_code = EXIT_FAILURE;
  785. goto exit;
  786. }
  787. /* load in static memory buffer if enabled */
  788. #ifdef WOLFSSL_STATIC_MEMORY
  789. if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
  790. memory, sizeof(memory), 0, 1)
  791. != WOLFSSL_SUCCESS) {
  792. printf("unable to load static memory and create ctx");
  793. args.return_code = EXIT_FAILURE;
  794. goto exit;
  795. }
  796. #endif
  797. #ifdef WOLFSSL_ASYNC_CRYPT
  798. if (wolfAsync_DevOpen(&devId) < 0) {
  799. printf("Async device open failed");
  800. args.return_code = EXIT_FAILURE;
  801. goto exit;
  802. }
  803. wolfSSL_CTX_SetDevId(cipherSuiteCtx, devId);
  804. #endif /* WOLFSSL_ASYNC_CRYPT */
  805. /* support for custom command line tests */
  806. if (argc > 1) {
  807. /* Examples:
  808. ./tests/unit.test tests/test-altchains.conf
  809. ./tests/unit.test tests/test-fails.conf expFail
  810. ./tests/unit.test tests/test-dhprime.conf doDH
  811. */
  812. args.argc = argc;
  813. args.argv = argv;
  814. test_harness(&args);
  815. if (args.return_code != 0) {
  816. printf("error from script %d\n", args.return_code);
  817. args.return_code = EXIT_FAILURE;
  818. }
  819. goto exit;
  820. }
  821. /* default case */
  822. args.argc = 1;
  823. printf("starting default cipher suite tests\n");
  824. test_harness(&args);
  825. if (args.return_code != 0) {
  826. printf("error from script %d\n", args.return_code);
  827. args.return_code = EXIT_FAILURE;
  828. goto exit;
  829. }
  830. /* any extra cases will need another argument */
  831. args.argc = 2;
  832. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  833. /* SHA-2 cipher suites in old TLS versions */
  834. XSTRLCPY(argv0[1], "tests/test-sha2.conf", sizeof(argv0[1]));
  835. printf("starting SHA-2 cipher suite in old TLS versions tests\n");
  836. test_harness(&args);
  837. if (args.return_code != 0) {
  838. printf("error from script %d\n", args.return_code);
  839. args.return_code = EXIT_FAILURE;
  840. goto exit;
  841. }
  842. #endif
  843. #ifdef WOLFSSL_TLS13
  844. /* add TLSv13 extra suites */
  845. XSTRLCPY(argv0[1], "tests/test-tls13.conf", sizeof(argv0[1]));
  846. printf("starting TLSv13 extra cipher suite tests\n");
  847. test_harness(&args);
  848. if (args.return_code != 0) {
  849. printf("error from script %d\n", args.return_code);
  850. args.return_code = EXIT_FAILURE;
  851. goto exit;
  852. }
  853. #ifdef HAVE_ECC
  854. /* add TLSv13 ECC extra suites */
  855. XSTRLCPY(argv0[1], "tests/test-tls13-ecc.conf", sizeof(argv0[1]));
  856. printf("starting TLSv13 ECC extra cipher suite tests\n");
  857. test_harness(&args);
  858. if (args.return_code != 0) {
  859. printf("error from script %d\n", args.return_code);
  860. args.return_code = EXIT_FAILURE;
  861. goto exit;
  862. }
  863. #endif
  864. #ifndef WOLFSSL_NO_TLS12
  865. /* add TLSv13 downgrade tests */
  866. XSTRLCPY(argv0[1], "tests/test-tls13-down.conf", sizeof(argv0[1]));
  867. printf("starting TLSv13 Downgrade extra tests\n");
  868. test_harness(&args);
  869. if (args.return_code != 0) {
  870. printf("error from script %d\n", args.return_code);
  871. args.return_code = EXIT_FAILURE;
  872. goto exit;
  873. }
  874. #endif
  875. #ifdef HAVE_PQC
  876. /* add TLSv13 pq tests */
  877. XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
  878. printf("starting TLSv13 post-quantum groups tests\n");
  879. test_harness(&args);
  880. if (args.return_code != 0) {
  881. printf("error from script %d\n", args.return_code);
  882. args.return_code = EXIT_FAILURE;
  883. goto exit;
  884. }
  885. #ifdef HAVE_LIBOQS
  886. /* add TLSv13 pq tests */
  887. XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
  888. printf("starting TLSv13 post-quantum groups tests\n");
  889. test_harness(&args);
  890. if (args.return_code != 0) {
  891. printf("error from script %d\n", args.return_code);
  892. args.return_code = EXIT_FAILURE;
  893. goto exit;
  894. }
  895. #endif
  896. #endif
  897. #ifdef HAVE_PQC
  898. /* add TLSv13 pq tests */
  899. XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
  900. printf("starting TLSv13 post-quantum groups tests\n");
  901. test_harness(&args);
  902. if (args.return_code != 0) {
  903. printf("error from script %d\n", args.return_code);
  904. args.return_code = EXIT_FAILURE;
  905. goto exit;
  906. }
  907. #ifdef HAVE_LIBOQS
  908. /* add TLSv13 pq tests */
  909. XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
  910. printf("starting TLSv13 post-quantum groups tests\n");
  911. test_harness(&args);
  912. if (args.return_code != 0) {
  913. printf("error from script %d\n", args.return_code);
  914. args.return_code = EXIT_FAILURE;
  915. goto exit;
  916. }
  917. #endif
  918. #endif
  919. #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
  920. /* add DTLSv13 pq tests */
  921. XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
  922. printf("starting DTLSv13 post-quantum groups tests\n");
  923. test_harness(&args);
  924. if (args.return_code != 0) {
  925. printf("error from script %d\n", args.return_code);
  926. args.return_code = EXIT_FAILURE;
  927. goto exit;
  928. }
  929. #ifdef WOLFSSL_DTLS_CH_FRAG
  930. /* add DTLSv13 pq frag tests */
  931. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1]));
  932. printf("starting DTLSv13 post-quantum groups tests with fragmentation\n");
  933. test_harness(&args);
  934. if (args.return_code != 0) {
  935. printf("error from script %d\n", args.return_code);
  936. args.return_code = EXIT_FAILURE;
  937. goto exit;
  938. }
  939. #endif
  940. #ifdef HAVE_LIBOQS
  941. /* add DTLSv13 pq 2 tests */
  942. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2.conf", sizeof(argv0[1]));
  943. printf("starting DTLSv13 post-quantum 2 groups tests\n");
  944. test_harness(&args);
  945. if (args.return_code != 0) {
  946. printf("error from script %d\n", args.return_code);
  947. args.return_code = EXIT_FAILURE;
  948. goto exit;
  949. }
  950. #ifdef WOLFSSL_DTLS_CH_FRAG
  951. /* add DTLSv13 pq 2 frag tests */
  952. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2-frag.conf", sizeof(argv0[1]));
  953. printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
  954. test_harness(&args);
  955. if (args.return_code != 0) {
  956. printf("error from script %d\n", args.return_code);
  957. args.return_code = EXIT_FAILURE;
  958. goto exit;
  959. }
  960. #endif
  961. #endif
  962. #endif
  963. #endif
  964. #if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
  965. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
  966. (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \
  967. (HAVE_SELFTEST_VERSION > 2)))
  968. /* add RSA-PSS certificate cipher suite tests */
  969. XSTRLCPY(argv0[1], "tests/test-rsapss.conf", sizeof(argv0[1]));
  970. printf("starting RSA-PSS extra cipher suite tests\n");
  971. test_harness(&args);
  972. if (args.return_code != 0) {
  973. printf("error from script %d\n", args.return_code);
  974. args.return_code = EXIT_FAILURE;
  975. goto exit;
  976. }
  977. #endif
  978. #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \
  979. defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \
  980. defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT)
  981. /* add ED25519 certificate cipher suite tests */
  982. XSTRLCPY(argv0[1], "tests/test-ed25519.conf", sizeof(argv0[1]));
  983. printf("starting ED25519 extra cipher suite tests\n");
  984. test_harness(&args);
  985. if (args.return_code != 0) {
  986. printf("error from script %d\n", args.return_code);
  987. args.return_code = EXIT_FAILURE;
  988. goto exit;
  989. }
  990. #endif
  991. #if defined(HAVE_CURVE448) && defined(HAVE_ED448) && \
  992. defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) && \
  993. defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT)
  994. /* add ED448 certificate cipher suite tests */
  995. XSTRLCPY(argv0[1], "tests/test-ed448.conf", sizeof(argv0[1]));
  996. printf("starting ED448 extra cipher suite tests\n");
  997. test_harness(&args);
  998. if (args.return_code != 0) {
  999. printf("error from script %d\n", args.return_code);
  1000. args.return_code = EXIT_FAILURE;
  1001. goto exit;
  1002. }
  1003. #endif
  1004. #if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
  1005. (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  1006. /* add P-521 certificate cipher suite tests */
  1007. XSTRLCPY(argv0[1], "tests/test-p521.conf", sizeof(argv0[1]));
  1008. printf("starting P-521 extra cipher suite tests\n");
  1009. test_harness(&args);
  1010. if (args.return_code != 0) {
  1011. printf("error from script %d\n", args.return_code);
  1012. args.return_code = EXIT_FAILURE;
  1013. goto exit;
  1014. }
  1015. #endif
  1016. #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
  1017. defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \
  1018. /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \
  1019. !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) && \
  1020. /* only supported with newer ASN template code */ \
  1021. defined(WOLFSSL_ASN_TEMPLATE)
  1022. /* TLS non-NIST curves (Koblitz / Brainpool) */
  1023. XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1]));
  1024. printf("starting TLS test of non-NIST curves (Koblitz / Brainpool)\n");
  1025. test_harness(&args);
  1026. if (args.return_code != 0) {
  1027. printf("error from script %d\n", args.return_code);
  1028. args.return_code = EXIT_FAILURE;
  1029. goto exit;
  1030. }
  1031. #endif
  1032. #ifdef WOLFSSL_DTLS
  1033. /* add dtls extra suites */
  1034. XSTRLCPY(argv0[1], "tests/test-dtls.conf", sizeof(argv0[1]));
  1035. printf("starting dtls extra cipher suite tests\n");
  1036. test_harness(&args);
  1037. if (args.return_code != 0) {
  1038. printf("error from script %d\n", args.return_code);
  1039. args.return_code = EXIT_FAILURE;
  1040. goto exit;
  1041. }
  1042. /* add dtls grouping tests */
  1043. XSTRLCPY(argv0[1], "tests/test-dtls-group.conf", sizeof(argv0[1]));
  1044. printf("starting dtls message grouping tests\n");
  1045. test_harness(&args);
  1046. if (args.return_code != 0) {
  1047. printf("error from script %d\n", args.return_code);
  1048. args.return_code = EXIT_FAILURE;
  1049. goto exit;
  1050. }
  1051. /* add dtls session resumption tests */
  1052. XSTRLCPY(argv0[1], "tests/test-dtls-resume.conf", sizeof(argv0[1]));
  1053. printf("starting dtls session resumption tests\n");
  1054. test_harness(&args);
  1055. if (args.return_code != 0) {
  1056. printf("error from script %d\n", args.return_code);
  1057. args.return_code = EXIT_FAILURE;
  1058. goto exit;
  1059. }
  1060. #ifdef HAVE_SECURE_RENEGOTIATION
  1061. /* add dtls renegotiation tests */
  1062. XSTRLCPY(argv0[1], "tests/test-dtls-reneg-client.conf", sizeof(argv0[1]));
  1063. printf("starting dtls secure renegotiation client tests\n");
  1064. test_harness(&args);
  1065. if (args.return_code != 0) {
  1066. printf("error from script %d\n", args.return_code);
  1067. args.return_code = EXIT_FAILURE;
  1068. goto exit;
  1069. }
  1070. XSTRLCPY(argv0[1], "tests/test-dtls-reneg-server.conf", sizeof(argv0[1]));
  1071. printf("starting dtls secure renegotiation server tests\n");
  1072. test_harness(&args);
  1073. if (args.return_code != 0) {
  1074. printf("error from script %d\n", args.return_code);
  1075. args.return_code = EXIT_FAILURE;
  1076. goto exit;
  1077. }
  1078. #endif
  1079. #ifdef WOLFSSL_DTLS_MTU
  1080. /* Add dtls different MTU size tests.
  1081. * These also use grouping to force wolfSSL to
  1082. * bounce off the MTU limit more */
  1083. XSTRLCPY(argv0[1], "tests/test-dtls-mtu.conf", sizeof(argv0[1]));
  1084. printf("starting dtls MTU tests\n");
  1085. test_harness(&args);
  1086. if (args.return_code != 0) {
  1087. printf("error from script %d\n", args.return_code);
  1088. args.return_code = EXIT_FAILURE;
  1089. goto exit;
  1090. }
  1091. #endif
  1092. /* Add dtls downgrade test */
  1093. XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
  1094. printf("starting dtls downgrade tests\n");
  1095. test_harness(&args);
  1096. if (args.return_code != 0) {
  1097. printf("error from script %d\n", args.return_code);
  1098. args.return_code = EXIT_FAILURE;
  1099. goto exit;
  1100. }
  1101. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  1102. /* add dtls extra suites */
  1103. XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
  1104. printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n");
  1105. test_harness(&args);
  1106. if (args.return_code != 0) {
  1107. printf("error from script %d\n", args.return_code);
  1108. args.return_code = EXIT_FAILURE;
  1109. goto exit;
  1110. }
  1111. #endif
  1112. #ifndef WOLFSSL_NO_DTLS_SIZE_CHECK
  1113. /* failure tests */
  1114. args.argc = 3;
  1115. XSTRLCPY(argv0[1], "tests/test-dtls-fails.conf", sizeof(argv0[1]));
  1116. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1117. printf("starting dtls tests that expect failure\n");
  1118. test_harness(&args);
  1119. if (args.return_code != 0) {
  1120. printf("error from script %d\n", args.return_code);
  1121. args.return_code = EXIT_FAILURE;
  1122. goto exit;
  1123. }
  1124. XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
  1125. #endif
  1126. #ifdef WOLFSSL_EXTRA_ALERTS
  1127. /* failure tests */
  1128. args.argc = 3;
  1129. XSTRLCPY(argv0[1], "tests/test-dtls-fails-cipher.conf", sizeof(argv0[1]));
  1130. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1131. printf("starting dtls cipher mismatch tests that expect failure\n");
  1132. test_harness(&args);
  1133. if (args.return_code != 0) {
  1134. printf("error from script %d\n", args.return_code);
  1135. args.return_code = EXIT_FAILURE;
  1136. goto exit;
  1137. }
  1138. XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
  1139. #endif
  1140. #ifdef WOLFSSL_SRTP
  1141. args.argc = 2;
  1142. strcpy(argv0[1], "tests/test-dtls-srtp.conf");
  1143. printf("starting dtls srtp suite tests\n");
  1144. test_harness(&args);
  1145. if (args.return_code != 0) {
  1146. printf("error from script %d\n", args.return_code);
  1147. args.return_code = EXIT_FAILURE;
  1148. goto exit;
  1149. }
  1150. /* failure tests */
  1151. args.argc = 3;
  1152. strcpy(argv0[1], "tests/test-dtls-srtp-fails.conf");
  1153. strcpy(argv0[2], "expFail"); /* tests are expected to fail */
  1154. printf("starting dtls srtp profile mismatch tests that expect failure\n");
  1155. test_harness(&args);
  1156. if (args.return_code != 0) {
  1157. printf("error from script %d\n", args.return_code);
  1158. args.return_code = EXIT_FAILURE;
  1159. goto exit;
  1160. }
  1161. strcpy(argv0[2], "");
  1162. #endif
  1163. #ifdef WOLFSSL_DTLS13
  1164. args.argc = 2;
  1165. strcpy(argv0[1], "tests/test-dtls13.conf");
  1166. printf("starting DTLSv1.3 suite\n");
  1167. test_harness(&args);
  1168. if (args.return_code != 0) {
  1169. printf("error from script %d\n", args.return_code);
  1170. args.return_code = EXIT_FAILURE;
  1171. goto exit;
  1172. }
  1173. #ifndef WOLFSSL_NO_TLS12
  1174. args.argc = 2;
  1175. strcpy(argv0[1], "tests/test-dtls13-downgrade.conf");
  1176. printf("starting DTLSv1.3 suite - downgrade\n");
  1177. test_harness(&args);
  1178. if (args.return_code != 0) {
  1179. printf("error from script %d\n", args.return_code);
  1180. args.return_code = EXIT_FAILURE;
  1181. goto exit;
  1182. }
  1183. args.argc = 3;
  1184. strcpy(argv0[1], "tests/test-dtls13-downgrade-fails.conf");
  1185. strcpy(argv0[2], "expFail");
  1186. printf("starting DTLSv1.3 suite - downgrade - (expFails)\n");
  1187. test_harness(&args);
  1188. if (args.return_code != 0) {
  1189. printf("error from script %d\n", args.return_code);
  1190. args.return_code = EXIT_FAILURE;
  1191. goto exit;
  1192. }
  1193. args.argc = 2;
  1194. XMEMSET(argv0[2], 0, sizeof(argv0[2]));
  1195. #endif /* WOLFSSL_NO_TLS12 */
  1196. #ifndef NO_PSK
  1197. XSTRLCPY(argv0[1], "tests/test-dtls13-psk.conf", sizeof(argv0[1]));
  1198. printf("starting DTLS 1.3 psk suite tests\n");
  1199. test_harness(&args);
  1200. if (args.return_code != 0) {
  1201. printf("error from script %d\n", args.return_code);
  1202. args.return_code = EXIT_FAILURE;
  1203. goto exit;
  1204. }
  1205. #endif /* NO_PSK */
  1206. #ifdef WOLFSSL_DTLS_CID
  1207. XSTRLCPY(argv0[1], "tests/test-dtls13-cid.conf", sizeof(argv0[1]));
  1208. printf("starting DTLS 1.3 ConnectionID suite tests\n");
  1209. test_harness(&args);
  1210. if (args.return_code != 0) {
  1211. printf("error from script %d\n", args.return_code);
  1212. args.return_code = EXIT_FAILURE;
  1213. goto exit;
  1214. }
  1215. #endif /* WOLFSSL_DTLS_CID */
  1216. #endif /* WOLFSSL_DTLS13 */
  1217. #endif
  1218. #ifdef WOLFSSL_SCTP
  1219. /* add dtls-sctp extra suites */
  1220. XSTRLCPY(argv0[1], "tests/test-sctp.conf", sizeof(argv0[1]));
  1221. printf("starting dtls-sctp extra cipher suite tests\n");
  1222. test_harness(&args);
  1223. if (args.return_code != 0) {
  1224. printf("error from script %d\n", args.return_code);
  1225. args.return_code = EXIT_FAILURE;
  1226. goto exit;
  1227. }
  1228. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  1229. /* add dtls-sctp extra suites */
  1230. XSTRLCPY(argv0[1], "tests/test-sctp-sha2.conf", sizeof(argv0[1]));
  1231. printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n");
  1232. test_harness(&args);
  1233. if (args.return_code != 0) {
  1234. printf("error from script %d\n", args.return_code);
  1235. args.return_code = EXIT_FAILURE;
  1236. goto exit;
  1237. }
  1238. #endif
  1239. #endif
  1240. #ifndef WC_STRICT_SIG
  1241. #if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
  1242. /* add extra signature test suites */
  1243. XSTRLCPY(argv0[1], "tests/test-sig.conf", sizeof(argv0[1]));
  1244. printf("starting sig extra cipher suite tests\n");
  1245. test_harness(&args);
  1246. if (args.return_code != 0) {
  1247. printf("error from script %d\n", args.return_code);
  1248. args.return_code = EXIT_FAILURE;
  1249. goto exit;
  1250. }
  1251. #endif /* !NO__RSA and HAVE_ECC */
  1252. #endif /* !WC_STRICT_SIG */
  1253. #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \
  1254. (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM))
  1255. /* add SM2/SM3/SM4 test suites */
  1256. XSTRLCPY(argv0[1], "tests/test-sm2.conf", sizeof(argv0[1]));
  1257. printf("starting SM2/SM3/SM4 cipher suite tests\n");
  1258. test_harness(&args);
  1259. if (args.return_code != 0) {
  1260. printf("error from script %d\n", args.return_code);
  1261. args.return_code = EXIT_FAILURE;
  1262. goto exit;
  1263. }
  1264. #endif
  1265. #ifndef NO_PSK
  1266. #ifndef WOLFSSL_NO_TLS12
  1267. #if !defined(NO_RSA) || defined(HAVE_ECC)
  1268. /* add psk cipher suites */
  1269. XSTRLCPY(argv0[1], "tests/test-psk.conf", sizeof(argv0[1]));
  1270. printf("starting psk cipher suite tests\n");
  1271. test_harness(&args);
  1272. if (args.return_code != 0) {
  1273. printf("error from script %d\n", args.return_code);
  1274. args.return_code = EXIT_FAILURE;
  1275. goto exit;
  1276. }
  1277. #endif
  1278. #endif
  1279. #ifdef WOLFSSL_TLS13
  1280. /* add psk extra suites */
  1281. XSTRLCPY(argv0[1], "tests/test-tls13-psk.conf", sizeof(argv0[1]));
  1282. printf("starting TLS 1.3 psk no identity extra cipher suite tests\n");
  1283. test_harness(&args);
  1284. if (args.return_code != 0) {
  1285. printf("error from script %d\n", args.return_code);
  1286. args.return_code = EXIT_FAILURE;
  1287. goto exit;
  1288. }
  1289. #endif
  1290. #endif
  1291. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_MD5) &&\
  1292. !defined(NO_SHA)
  1293. /* test encrypted keys */
  1294. XSTRLCPY(argv0[1], "tests/test-enckeys.conf", sizeof(argv0[1]));
  1295. printf("starting encrypted keys extra cipher suite tests\n");
  1296. test_harness(&args);
  1297. if (args.return_code != 0) {
  1298. printf("error from script %d\n", args.return_code);
  1299. args.return_code = EXIT_FAILURE;
  1300. goto exit;
  1301. }
  1302. #endif
  1303. #ifdef HAVE_MAX_FRAGMENT
  1304. /* Max fragment cipher suite tests */
  1305. XSTRLCPY(argv0[1], "tests/test-maxfrag.conf", sizeof(argv0[1]));
  1306. printf("starting max fragment cipher suite tests\n");
  1307. test_harness(&args);
  1308. if (args.return_code != 0) {
  1309. printf("error from script %d\n", args.return_code);
  1310. args.return_code = EXIT_FAILURE;
  1311. goto exit;
  1312. }
  1313. #ifdef WOLFSSL_DTLS
  1314. XSTRLCPY(argv0[1], "tests/test-maxfrag-dtls.conf", sizeof(argv0[1]));
  1315. printf("starting dtls max fragment cipher suite tests\n");
  1316. test_harness(&args);
  1317. if (args.return_code != 0) {
  1318. printf("error from script %d\n", args.return_code);
  1319. args.return_code = EXIT_FAILURE;
  1320. goto exit;
  1321. }
  1322. #endif
  1323. #endif
  1324. #ifdef WOLFSSL_ALT_CERT_CHAINS
  1325. /* tests for alt chains */
  1326. XSTRLCPY(argv0[1], "tests/test-altchains.conf", sizeof(argv0[1]));
  1327. printf("starting certificate alternate chain cipher suite tests\n");
  1328. test_harness(&args);
  1329. if (args.return_code != 0) {
  1330. printf("error from script %d\n", args.return_code);
  1331. args.return_code = EXIT_FAILURE;
  1332. goto exit;
  1333. }
  1334. #else
  1335. /* tests for chains */
  1336. XSTRLCPY(argv0[1], "tests/test-chains.conf", sizeof(argv0[1]));
  1337. printf("starting certificate chain cipher suite tests\n");
  1338. test_harness(&args);
  1339. if (args.return_code != 0) {
  1340. printf("error from script %d\n", args.return_code);
  1341. args.return_code = EXIT_FAILURE;
  1342. goto exit;
  1343. }
  1344. #endif
  1345. #ifdef WOLFSSL_TRUST_PEER_CERT
  1346. /* tests for trusted peer cert */
  1347. XSTRLCPY(argv0[1], "tests/test-trustpeer.conf", sizeof(argv0[1]));
  1348. printf("starting trusted peer certificate cipher suite tests\n");
  1349. test_harness(&args);
  1350. if (args.return_code != 0) {
  1351. printf("error from script %d\n", args.return_code);
  1352. args.return_code = EXIT_FAILURE;
  1353. goto exit;
  1354. }
  1355. #endif
  1356. /* tests for dh prime */
  1357. args.argc = 3;
  1358. XSTRLCPY(argv0[1], "tests/test-dhprime.conf", sizeof(argv0[1]));
  1359. XSTRLCPY(argv0[2], "doDH", sizeof(argv0[2])); /* add DH prime flag */
  1360. printf("starting dh prime tests\n");
  1361. test_harness(&args);
  1362. if (args.return_code != 0) {
  1363. printf("error from script %d\n", args.return_code);
  1364. args.return_code = EXIT_FAILURE;
  1365. goto exit;
  1366. }
  1367. /* failure tests */
  1368. args.argc = 3;
  1369. XSTRLCPY(argv0[1], "tests/test-fails.conf", sizeof(argv0[1]));
  1370. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1371. printf("starting tests that expect failure\n");
  1372. test_harness(&args);
  1373. if (args.return_code != 0) {
  1374. printf("error from script %d\n", args.return_code);
  1375. args.return_code = EXIT_FAILURE;
  1376. goto exit;
  1377. }
  1378. exit:
  1379. if (args.return_code == 0)
  1380. printf("\n Success -- All results as expected.\n");
  1381. printf(" End Cipher Suite Tests\n");
  1382. wolfSSL_CTX_free(cipherSuiteCtx);
  1383. wolfSSL_Cleanup();
  1384. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  1385. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  1386. wc_ecc_fp_free(); /* free per thread cache */
  1387. #endif
  1388. #ifdef WOLFSSL_ASYNC_CRYPT
  1389. wolfAsync_DevClose(&devId);
  1390. #endif
  1391. return args.return_code;
  1392. #else
  1393. (void)argc;
  1394. (void)argv;
  1395. return NOT_COMPILED_IN;
  1396. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT && !NO_TLS */
  1397. }