suites.c 45 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462
  1. /* suites.c
  2. *
  3. * Copyright (C) 2006-2023 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <wolfssl/wolfcrypt/settings.h>
  25. #ifdef NO_INLINE
  26. #include <wolfssl/wolfcrypt/misc.h>
  27. #else
  28. #define WOLFSSL_MISC_INCLUDED
  29. #include <wolfcrypt/src/misc.c>
  30. #endif
  31. #include <stdlib.h>
  32. #include <stdio.h>
  33. #include <string.h>
  34. #include <wolfssl/ssl.h>
  35. #include <tests/unit.h>
  36. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  37. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  38. #include <wolfssl/wolfcrypt/ecc.h>
  39. #endif
  40. #include <wolfssl/wolfcrypt/memory.h> /* for LARGEST_MEM_BUCKET */
  41. #define MAX_ARGS 40
  42. #define MAX_COMMAND_SZ 240
  43. #ifdef WOLFSSL_TLS13
  44. #define MAX_SUITE_SZ 200
  45. #else
  46. #define MAX_SUITE_SZ 80
  47. #endif
  48. #define NOT_BUILT_IN (-123)
  49. #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
  50. !defined(WOLFSSL_ALLOW_TLSV10)
  51. #define VERSION_TOO_OLD (-124)
  52. #endif
  53. #include "examples/client/client.h"
  54. #include "examples/server/server.h"
  55. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
  56. !defined(SINGLE_THREADED)
  57. static WOLFSSL_CTX* cipherSuiteCtx = NULL;
  58. static char nonblockFlag[] = "-N";
  59. static char noVerifyFlag[] = "-d";
  60. static char disableEMSFlag[] = "-n";
  61. static char flagSep[] = " ";
  62. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  63. static char portFlag[] = "-p";
  64. static char svrPort[] = "0";
  65. #endif
  66. static char intTestFlag[] = "-H";
  67. static char forceDefCipherListFlag[] = "defCipherList";
  68. static char exitWithRetFlag[] = "exitWithRet";
  69. static char disableDHPrimeTest[] = "-2";
  70. #ifdef WOLFSSL_ASYNC_CRYPT
  71. static int devId = INVALID_DEVID;
  72. #endif
  73. #ifdef VERSION_TOO_OLD
  74. static int GetTlsVersion(const char* line)
  75. {
  76. int version = -1;
  77. const char* find = "-v ";
  78. const char* begin = strstr(line, find);
  79. if (begin) {
  80. begin += 3;
  81. if (*begin == 'd' || *begin == 'e')
  82. begin += 2;
  83. version = atoi(begin);
  84. }
  85. return version;
  86. }
  87. #ifndef WOLFSSL_ALLOW_SSLV3
  88. /* if the protocol version is sslv3 return 1, else 0 */
  89. static int IsSslVersion(const char* line)
  90. {
  91. int version = GetTlsVersion(line);
  92. return (version == 0) ? 1 : 0;
  93. }
  94. #endif /* !WOLFSSL_ALLOW_SSLV3 */
  95. #ifndef WOLFSSL_ALLOW_TLSV10
  96. /* if the protocol version is TLSv1.0 return 1, else 0 */
  97. static int IsTls10Version(const char* line)
  98. {
  99. int version = GetTlsVersion(line);
  100. return (version == 1) ? 1 : 0;
  101. }
  102. #endif /* !WOLFSSL_ALLOW_TLSV10 */
  103. #ifdef NO_OLD_TLS
  104. /* if the protocol version is less than tls 1.2 return 1, else 0 */
  105. static int IsOldTlsVersion(const char* line)
  106. {
  107. int version = GetTlsVersion(line);
  108. return (version < 3) ? 1 : 0;
  109. }
  110. #endif /* NO_OLD_TLS */
  111. #endif /* VERSION_TOO_OLD */
  112. /* if the cipher suite on line is valid store in suite and return 1, else 0 */
  113. static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
  114. {
  115. int found = 0;
  116. int valid = 0;
  117. const char* find = "-l ";
  118. const char* begin = strstr(line, find);
  119. const char* end;
  120. if (suite_spc < MAX_SUITE_SZ+1)
  121. return 0;
  122. suite[0] = '\0';
  123. if (begin) {
  124. begin += 3;
  125. end = XSTRSTR(begin, " ");
  126. if (end) {
  127. long len = end - begin;
  128. if (len > MAX_SUITE_SZ) {
  129. printf("suite too long!\n");
  130. return 0;
  131. }
  132. XMEMCPY(suite, begin, (size_t) len);
  133. suite[len] = '\0';
  134. }
  135. else
  136. XSTRNCPY(suite, begin, MAX_SUITE_SZ);
  137. suite[MAX_SUITE_SZ] = '\0';
  138. found = 1;
  139. }
  140. if (found) {
  141. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
  142. valid = 1;
  143. }
  144. return valid;
  145. }
  146. static int IsValidCert(const char* line)
  147. {
  148. int ret = 1;
  149. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  150. WOLFSSL_CTX* ctx;
  151. size_t i;
  152. const char* begin;
  153. char cert[80];
  154. #ifdef WOLFSSL_STATIC_MEMORY
  155. FILE* fStream = NULL;
  156. long chkSz = 0;
  157. #endif
  158. begin = XSTRSTR(line, "-c ");
  159. if (begin == NULL)
  160. return 1;
  161. begin += 3;
  162. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  163. cert[i] = *(begin++);
  164. cert[i] = '\0';
  165. #ifdef WOLFSSL_STATIC_MEMORY
  166. fStream = XFOPEN(cert, "rb");
  167. if (fStream == NULL) {
  168. printf("Failed to open file %s\n", cert);
  169. printf("Invalid cert, skipping test\n");
  170. return 0;
  171. } else {
  172. printf("Successfully opened file\n");
  173. }
  174. XFSEEK(fStream, 0L, SEEK_END);
  175. chkSz = XFTELL(fStream);
  176. XFCLOSE(fStream);
  177. if (chkSz > LARGEST_MEM_BUCKET) {
  178. printf("File is larger than largest bucket, skipping this test\n");
  179. return 0;
  180. }
  181. #endif
  182. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  183. if (ctx == NULL)
  184. return 0;
  185. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  186. wolfSSL_CTX_free(ctx);
  187. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  188. (void)line;
  189. return ret;
  190. }
  191. static int IsValidCA(const char* line)
  192. {
  193. int ret = 1;
  194. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  195. WOLFSSL_CTX* ctx;
  196. size_t i;
  197. const char* begin;
  198. char cert[80];
  199. begin = XSTRSTR(line, "-A ");
  200. if (begin == NULL)
  201. return 1;
  202. begin += 3;
  203. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  204. cert[i] = *(begin++);
  205. cert[i] = '\0';
  206. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  207. if (ctx == NULL)
  208. return 0;
  209. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  210. wolfSSL_CTX_free(ctx);
  211. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  212. (void)line;
  213. return ret;
  214. }
  215. #ifdef WOLFSSL_NO_CLIENT_AUTH
  216. static int IsClientAuth(const char* line, int* reqClientCert)
  217. {
  218. const char* begin;
  219. begin = XSTRSTR(line, "-H verifyFail");
  220. if (begin != NULL) {
  221. return 1;
  222. }
  223. begin = XSTRSTR(line, "-d");
  224. if (begin != NULL) {
  225. *reqClientCert = 0;
  226. }
  227. else {
  228. *reqClientCert = 1;
  229. }
  230. return 0;
  231. }
  232. #endif
  233. #ifdef NO_CERTS
  234. static int IsUsingCert(const char* line)
  235. {
  236. return XSTRSTR(line, "-c ") != NULL;
  237. }
  238. #endif
  239. #if defined(NO_CERTS) || defined(WOLFSSL_NO_CLIENT_AUTH)
  240. static int IsNoClientCert(const char* line)
  241. {
  242. const char* begin;
  243. begin = XSTRSTR(line, "-x");
  244. if (begin != NULL) {
  245. return 1;
  246. }
  247. return 0;
  248. }
  249. #endif
  250. static int execute_test_case(int svr_argc, char** svr_argv,
  251. int cli_argc, char** cli_argv,
  252. int addNoVerify, int addNonBlocking,
  253. int addDisableEMS, int forceSrvDefCipherList,
  254. int forceCliDefCipherList)
  255. {
  256. #if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
  257. func_args cliArgs = {0, NULL, 0, NULL, NULL, NULL};
  258. func_args svrArgs = {0, NULL, 0, NULL, NULL, NULL};
  259. #else
  260. func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
  261. func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
  262. #endif
  263. tcp_ready ready;
  264. THREAD_TYPE serverThread;
  265. char commandLine[MAX_COMMAND_SZ];
  266. char cipherSuite[MAX_SUITE_SZ+1];
  267. int i;
  268. size_t added;
  269. static int tests = 1;
  270. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  271. static char portNumber[8];
  272. #endif
  273. int cliTestShouldFail = 0, svrTestShouldFail = 0;
  274. #ifdef WOLFSSL_NO_CLIENT_AUTH
  275. int reqClientCert;
  276. #endif
  277. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  278. srtp_test_helper srtp_helper;
  279. #endif
  280. #if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
  281. cliArgs.argc = cli_argc;
  282. cliArgs.argv = cli_argv;
  283. svrArgs.argc = svr_argc;
  284. svrArgs.argv = svr_argv;
  285. #endif
  286. /* Is Valid Cipher and Version Checks */
  287. /* build command list for the Is checks below */
  288. commandLine[0] = '\0';
  289. added = 0;
  290. for (i = 0; i < svrArgs.argc; i++) {
  291. added += XSTRLEN(svr_argv[i]) + 2;
  292. if (added >= MAX_COMMAND_SZ) {
  293. printf("server command line too long\n");
  294. break;
  295. }
  296. XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine);
  297. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  298. }
  299. if (IsValidCipherSuite(commandLine, cipherSuite, sizeof cipherSuite) == 0) {
  300. #ifdef DEBUG_SUITE_TESTS
  301. printf("cipher suite %s not supported in build\n", cipherSuite);
  302. #endif
  303. return NOT_BUILT_IN;
  304. }
  305. if (!IsValidCert(commandLine)) {
  306. #ifdef DEBUG_SUITE_TESTS
  307. printf("certificate %s not supported in build\n", commandLine);
  308. #endif
  309. return NOT_BUILT_IN;
  310. }
  311. #ifndef WOLFSSL_ALLOW_SSLV3
  312. if (IsSslVersion(commandLine) == 1) {
  313. #ifdef DEBUG_SUITE_TESTS
  314. printf("protocol version on line %s is too old\n", commandLine);
  315. #endif
  316. return VERSION_TOO_OLD;
  317. }
  318. #endif
  319. #ifndef WOLFSSL_ALLOW_TLSV10
  320. if (IsTls10Version(commandLine) == 1) {
  321. #ifdef DEBUG_SUITE_TESTS
  322. printf("protocol version on line %s is too old\n", commandLine);
  323. #endif
  324. return VERSION_TOO_OLD;
  325. }
  326. #endif
  327. #ifdef NO_OLD_TLS
  328. if (IsOldTlsVersion(commandLine) == 1) {
  329. #ifdef DEBUG_SUITE_TESTS
  330. printf("protocol version on line %s is too old\n", commandLine);
  331. #endif
  332. return VERSION_TOO_OLD;
  333. }
  334. #endif
  335. #ifdef WOLFSSL_NO_CLIENT_AUTH
  336. if (IsClientAuth(commandLine, &reqClientCert)) {
  337. #ifdef DEBUG_SUITE_TESTS
  338. printf("client auth on line %s not supported in build\n",
  339. commandLine);
  340. #endif
  341. return NOT_BUILT_IN;
  342. }
  343. #endif
  344. #ifdef NO_CERTS
  345. if (IsUsingCert(commandLine)) {
  346. #ifdef DEBUG_SUITE_TESTS
  347. printf("certificate %s not supported in build\n", commandLine);
  348. #endif
  349. return NOT_BUILT_IN;
  350. }
  351. #endif
  352. /* Build Server Command */
  353. if (addNoVerify) {
  354. printf("repeating test with client cert request off\n");
  355. if (svrArgs.argc >= MAX_ARGS)
  356. printf("server command line too long\n");
  357. else
  358. svr_argv[svrArgs.argc++] = noVerifyFlag;
  359. }
  360. if (addNonBlocking) {
  361. printf("repeating test with non blocking on\n");
  362. if (svrArgs.argc >= MAX_ARGS)
  363. printf("server command line too long\n");
  364. else
  365. svr_argv[svrArgs.argc++] = nonblockFlag;
  366. }
  367. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  368. /* add port */
  369. if (svrArgs.argc + 2 > MAX_ARGS)
  370. printf("cannot add the magic port number flag to server\n");
  371. else {
  372. svr_argv[svrArgs.argc++] = portFlag;
  373. svr_argv[svrArgs.argc++] = svrPort;
  374. }
  375. #endif
  376. if (forceSrvDefCipherList) {
  377. if (svrArgs.argc + 2 > MAX_ARGS)
  378. printf("cannot add the force def cipher list flag to server\n");
  379. else {
  380. svr_argv[svrArgs.argc++] = intTestFlag;
  381. svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
  382. }
  383. }
  384. #ifdef TEST_PK_PRIVKEY
  385. svr_argv[svrArgs.argc++] = (char*)"-P";
  386. #endif
  387. /* update server flags list */
  388. commandLine[0] = '\0';
  389. added = 0;
  390. for (i = 0; i < svrArgs.argc; i++) {
  391. added += XSTRLEN(svr_argv[i]) + 2;
  392. if (added >= MAX_COMMAND_SZ) {
  393. printf("server command line too long\n");
  394. break;
  395. }
  396. XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine);
  397. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  398. }
  399. printf("trying server command line[%d]: %s\n", tests, commandLine);
  400. tests++; /* test count */
  401. /* determine based on args if this test is expected to fail */
  402. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  403. svrTestShouldFail = 1;
  404. }
  405. InitTcpReady(&ready);
  406. #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  407. srtp_helper_init(&srtp_helper);
  408. cliArgs.srtp_helper = &srtp_helper;
  409. svrArgs.srtp_helper = &srtp_helper;
  410. #endif
  411. #ifdef WOLFSSL_TIRTOS
  412. fdOpenSession(Task_self());
  413. #endif
  414. /* start server */
  415. svrArgs.signal = &ready;
  416. start_thread(server_test, &svrArgs, &serverThread);
  417. wait_tcp_ready(&svrArgs);
  418. /* Build Client Command */
  419. if (addNonBlocking) {
  420. if (cliArgs.argc >= MAX_ARGS)
  421. printf("cannot add the non block flag to client\n");
  422. else
  423. cli_argv[cliArgs.argc++] = nonblockFlag;
  424. }
  425. if (addDisableEMS) {
  426. printf("repeating test without extended master secret\n");
  427. if (cliArgs.argc >= MAX_ARGS)
  428. printf("cannot add the disable EMS flag to client\n");
  429. else
  430. cli_argv[cliArgs.argc++] = disableEMSFlag;
  431. }
  432. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  433. if (ready.port != 0) {
  434. if (cliArgs.argc + 2 > MAX_ARGS)
  435. printf("cannot add the magic port number flag to client\n");
  436. else {
  437. (void)snprintf(portNumber, sizeof(portNumber), "%d",
  438. (int)ready.port);
  439. cli_argv[cliArgs.argc++] = portFlag;
  440. cli_argv[cliArgs.argc++] = portNumber;
  441. }
  442. }
  443. #endif
  444. if (forceCliDefCipherList) {
  445. if (cliArgs.argc + 2 > MAX_ARGS)
  446. printf("cannot add the force def cipher list flag to client\n");
  447. else {
  448. cli_argv[cliArgs.argc++] = intTestFlag;
  449. cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
  450. }
  451. }
  452. #ifdef TEST_PK_PRIVKEY
  453. cli_argv[cliArgs.argc++] = (char*)"-P";
  454. #endif
  455. commandLine[0] = '\0';
  456. added = 0;
  457. for (i = 0; i < cliArgs.argc; i++) {
  458. added += XSTRLEN(cli_argv[i]) + 2;
  459. if (added >= MAX_COMMAND_SZ) {
  460. printf("client command line too long\n");
  461. break;
  462. }
  463. XSTRLCAT(commandLine, cli_argv[i], sizeof commandLine);
  464. XSTRLCAT(commandLine, flagSep, sizeof commandLine);
  465. }
  466. if (!IsValidCA(commandLine)) {
  467. #ifdef DEBUG_SUITE_TESTS
  468. printf("certificate %s not supported in build\n", commandLine);
  469. #endif
  470. return NOT_BUILT_IN;
  471. }
  472. #ifdef WOLFSSL_NO_CLIENT_AUTH
  473. if (reqClientCert && IsNoClientCert(commandLine)) {
  474. #ifdef DEBUG_SUITE_TESTS
  475. printf("client auth on line %s not supported in build\n",
  476. commandLine);
  477. #endif
  478. return NOT_BUILT_IN;
  479. }
  480. #endif
  481. #ifdef NO_CERTS
  482. if (IsNoClientCert(commandLine)) {
  483. #ifdef DEBUG_SUITE_TESTS
  484. printf("certificate %s not supported in build\n", commandLine);
  485. #endif
  486. return NOT_BUILT_IN;
  487. }
  488. #endif
  489. printf("trying client command line[%d]: %s\n", tests, commandLine);
  490. tests++;
  491. /* determine based on args if this test is expected to fail */
  492. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  493. cliTestShouldFail = 1;
  494. }
  495. /* start client */
  496. client_test(&cliArgs);
  497. /* verify results */
  498. if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
  499. (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
  500. printf("client_test failed %d %s\n", cliArgs.return_code,
  501. cliTestShouldFail ? "(should fail)" : "");
  502. XEXIT(EXIT_FAILURE);
  503. }
  504. join_thread(serverThread);
  505. if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
  506. (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
  507. printf("server_test failed %d %s\n", svrArgs.return_code,
  508. svrTestShouldFail ? "(should fail)" : "");
  509. XEXIT(EXIT_FAILURE);
  510. }
  511. #ifdef WOLFSSL_TIRTOS
  512. fdCloseSession(Task_self());
  513. #endif
  514. FreeTcpReady(&ready);
  515. #if defined (WOLFSSL_SRTP) && defined(WOLFSSL_COND)
  516. srtp_helper_free(&srtp_helper);
  517. #endif
  518. /* only run the first test for expected failure cases */
  519. /* the example server/client are not designed to handle expected failure in
  520. all cases, such as non-blocking, etc... */
  521. if (svrTestShouldFail || cliTestShouldFail) {
  522. return NOT_BUILT_IN;
  523. }
  524. return 0;
  525. }
  526. static void test_harness(void* vargs)
  527. {
  528. func_args* args = (func_args*)vargs;
  529. char* script;
  530. long sz, len;
  531. int cliMode = 0; /* server or client command flag, server first */
  532. int ret;
  533. FILE* file;
  534. char* svrArgs[MAX_ARGS];
  535. int svrArgsSz;
  536. char* cliArgs[MAX_ARGS];
  537. int cliArgsSz;
  538. char* cursor;
  539. char* comment;
  540. char lastChar = '\0';
  541. int do_it = 0;
  542. const char* fname = "tests/test.conf";
  543. const char* addArgs = NULL;
  544. if (args->argc == 1) {
  545. printf("notice: using default file %s\n", fname);
  546. }
  547. else if (args->argc == 3) {
  548. addArgs = args->argv[2];
  549. }
  550. else if (args->argc > 3) {
  551. printf("usage: harness [FILE] [ARG]\n");
  552. args->return_code = 1;
  553. return;
  554. }
  555. if (args->argc >= 2) {
  556. fname = args->argv[1];
  557. }
  558. file = fopen(fname, "rb");
  559. if (file == NULL) {
  560. fprintf(stderr, "unable to open %s\n", fname);
  561. args->return_code = 1;
  562. return;
  563. }
  564. if (fseek(file, 0, SEEK_END) < 0) {
  565. fprintf(stderr, "error %d fseeking %s\n", errno, fname);
  566. fclose(file);
  567. args->return_code = 1;
  568. return;
  569. }
  570. sz = ftell(file);
  571. if (sz <= 0) {
  572. fprintf(stderr, "%s is empty\n", fname);
  573. fclose(file);
  574. args->return_code = 1;
  575. return;
  576. }
  577. if (fseek(file, 0, SEEK_SET) < 0) {
  578. fprintf(stderr, "error %d fseeking %s\n", errno, fname);
  579. fclose(file);
  580. args->return_code = 1;
  581. return;
  582. }
  583. script = (char*)malloc((size_t)(sz+1));
  584. if (script == 0) {
  585. fprintf(stderr, "unable to allocate script buffer\n");
  586. fclose(file);
  587. args->return_code = 1;
  588. return;
  589. }
  590. len = (long) fread(script, 1, (size_t)sz, file);
  591. if (len != sz) {
  592. fprintf(stderr, "read error\n");
  593. fclose(file);
  594. free(script);
  595. args->return_code = 1;
  596. return;
  597. }
  598. fclose(file);
  599. script[sz] = 0;
  600. cursor = script;
  601. svrArgsSz = 1;
  602. svrArgs[0] = args->argv[0];
  603. cliArgsSz = 1;
  604. cliArgs[0] = args->argv[0];
  605. while (cursor && *cursor != 0) {
  606. switch (*cursor) {
  607. case '\n':
  608. /* A blank line triggers test case execution or switches
  609. to client mode if we don't have the client command yet */
  610. if (lastChar != '\n' && (cliArgsSz > 1 || svrArgsSz > 1)) {
  611. if (cliMode == 0)
  612. cliMode = 1; /* switch to client mode processing */
  613. else
  614. do_it = 1; /* Do It, we have server and client */
  615. }
  616. #ifdef DEBUG_SUITE_TESTS
  617. else {
  618. /* skip extra new-lines */
  619. printf("skipping extra new line\n");
  620. }
  621. #endif
  622. lastChar = *cursor;
  623. cursor++;
  624. break;
  625. case '#':
  626. lastChar = *cursor;
  627. /* Ignore lines that start with a # */
  628. comment = XSTRSEP(&cursor, "\n");
  629. #ifdef DEBUG_SUITE_TESTS
  630. printf("%s\n", comment);
  631. #else
  632. (void)comment;
  633. #endif
  634. break;
  635. case '-':
  636. default:
  637. /* Parameters start with a -. They end in either a newline
  638. * or a space. Capture until either, save in Args list. */
  639. lastChar = *cursor;
  640. if (cliMode)
  641. cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n");
  642. else
  643. svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n");
  644. if (cursor == NULL || *cursor == '\0') /* eof */
  645. do_it = 1;
  646. break;
  647. }
  648. if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
  649. fprintf(stderr, "too many arguments, forcing test run\n");
  650. do_it = 1;
  651. }
  652. if (do_it) {
  653. /* additional arguments processing */
  654. if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) {
  655. if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) {
  656. /* The `-2` disable DH prime check is added to all tests by default */
  657. cliArgs[cliArgsSz++] = disableDHPrimeTest;
  658. svrArgs[svrArgsSz++] = disableDHPrimeTest;
  659. }
  660. if (addArgs && XSTRSTR(addArgs, "expFail")) {
  661. /* Tests should expect to fail */
  662. cliArgs[cliArgsSz++] = intTestFlag;
  663. cliArgs[cliArgsSz++] = exitWithRetFlag;
  664. svrArgs[svrArgsSz++] = intTestFlag;
  665. svrArgs[svrArgsSz++] = exitWithRetFlag;
  666. }
  667. }
  668. ret = execute_test_case(svrArgsSz, svrArgs,
  669. cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
  670. /* don't repeat if not supported in build */
  671. if (ret == 0) {
  672. /* test with default cipher list on server side */
  673. execute_test_case(svrArgsSz, svrArgs,
  674. cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
  675. /* test with default cipher list on client side */
  676. execute_test_case(svrArgsSz, svrArgs,
  677. cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
  678. execute_test_case(svrArgsSz, svrArgs,
  679. cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
  680. execute_test_case(svrArgsSz, svrArgs,
  681. cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
  682. execute_test_case(svrArgsSz, svrArgs,
  683. cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
  684. #ifdef HAVE_EXTENDED_MASTER
  685. execute_test_case(svrArgsSz, svrArgs,
  686. cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
  687. execute_test_case(svrArgsSz, svrArgs,
  688. cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
  689. execute_test_case(svrArgsSz, svrArgs,
  690. cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
  691. execute_test_case(svrArgsSz, svrArgs,
  692. cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
  693. #endif
  694. }
  695. svrArgsSz = 1;
  696. cliArgsSz = 1;
  697. cliMode = 0;
  698. do_it = 0;
  699. }
  700. }
  701. free(script);
  702. args->return_code = 0;
  703. }
  704. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  705. int SuiteTest(int argc, char** argv)
  706. {
  707. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
  708. !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
  709. !defined(SINGLE_THREADED)
  710. func_args args;
  711. char argv0[3][80];
  712. char* myArgv[3];
  713. printf(" Begin Cipher Suite Tests\n");
  714. /* setup */
  715. myArgv[0] = argv0[0];
  716. myArgv[1] = argv0[1];
  717. myArgv[2] = argv0[2];
  718. args.argv = myArgv;
  719. XSTRLCPY(argv0[0], "SuiteTest", sizeof(argv0[0]));
  720. #ifdef WOLFSSL_STATIC_MEMORY
  721. byte memory[200000];
  722. #endif
  723. cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  724. if (cipherSuiteCtx == NULL) {
  725. printf("can't get cipher suite ctx\n");
  726. args.return_code = EXIT_FAILURE;
  727. goto exit;
  728. }
  729. /* load in static memory buffer if enabled */
  730. #ifdef WOLFSSL_STATIC_MEMORY
  731. if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
  732. memory, sizeof(memory), 0, 1)
  733. != WOLFSSL_SUCCESS) {
  734. printf("unable to load static memory and create ctx");
  735. args.return_code = EXIT_FAILURE;
  736. goto exit;
  737. }
  738. #endif
  739. #ifdef WOLFSSL_ASYNC_CRYPT
  740. if (wolfAsync_DevOpen(&devId) < 0) {
  741. printf("Async device open failed");
  742. args.return_code = EXIT_FAILURE;
  743. goto exit;
  744. }
  745. wolfSSL_CTX_SetDevId(cipherSuiteCtx, devId);
  746. #endif /* WOLFSSL_ASYNC_CRYPT */
  747. /* support for custom command line tests */
  748. if (argc > 1) {
  749. /* Examples:
  750. ./tests/unit.test tests/test-altchains.conf
  751. ./tests/unit.test tests/test-fails.conf expFail
  752. ./tests/unit.test tests/test-dhprime.conf doDH
  753. */
  754. args.argc = argc;
  755. args.argv = argv;
  756. test_harness(&args);
  757. if (args.return_code != 0) {
  758. printf("error from script %d\n", args.return_code);
  759. args.return_code = EXIT_FAILURE;
  760. }
  761. goto exit;
  762. }
  763. /* default case */
  764. args.argc = 1;
  765. printf("starting default cipher suite tests\n");
  766. test_harness(&args);
  767. if (args.return_code != 0) {
  768. printf("error from script %d\n", args.return_code);
  769. args.return_code = EXIT_FAILURE;
  770. goto exit;
  771. }
  772. /* any extra cases will need another argument */
  773. args.argc = 2;
  774. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  775. /* SHA-2 cipher suites in old TLS versions */
  776. XSTRLCPY(argv0[1], "tests/test-sha2.conf", sizeof(argv0[1]));
  777. printf("starting SHA-2 cipher suite in old TLS versions tests\n");
  778. test_harness(&args);
  779. if (args.return_code != 0) {
  780. printf("error from script %d\n", args.return_code);
  781. args.return_code = EXIT_FAILURE;
  782. goto exit;
  783. }
  784. #endif
  785. #ifdef WOLFSSL_TLS13
  786. /* add TLSv13 extra suites */
  787. XSTRLCPY(argv0[1], "tests/test-tls13.conf", sizeof(argv0[1]));
  788. printf("starting TLSv13 extra cipher suite tests\n");
  789. test_harness(&args);
  790. if (args.return_code != 0) {
  791. printf("error from script %d\n", args.return_code);
  792. args.return_code = EXIT_FAILURE;
  793. goto exit;
  794. }
  795. #ifdef HAVE_ECC
  796. /* add TLSv13 ECC extra suites */
  797. XSTRLCPY(argv0[1], "tests/test-tls13-ecc.conf", sizeof(argv0[1]));
  798. printf("starting TLSv13 ECC extra cipher suite tests\n");
  799. test_harness(&args);
  800. if (args.return_code != 0) {
  801. printf("error from script %d\n", args.return_code);
  802. args.return_code = EXIT_FAILURE;
  803. goto exit;
  804. }
  805. #endif
  806. #ifndef WOLFSSL_NO_TLS12
  807. /* add TLSv13 downgrade tests */
  808. XSTRLCPY(argv0[1], "tests/test-tls13-down.conf", sizeof(argv0[1]));
  809. printf("starting TLSv13 Downgrade extra tests\n");
  810. test_harness(&args);
  811. if (args.return_code != 0) {
  812. printf("error from script %d\n", args.return_code);
  813. args.return_code = EXIT_FAILURE;
  814. goto exit;
  815. }
  816. #endif
  817. #ifdef HAVE_PQC
  818. /* add TLSv13 pq tests */
  819. XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
  820. printf("starting TLSv13 post-quantum groups tests\n");
  821. test_harness(&args);
  822. if (args.return_code != 0) {
  823. printf("error from script %d\n", args.return_code);
  824. args.return_code = EXIT_FAILURE;
  825. goto exit;
  826. }
  827. #ifdef HAVE_LIBOQS
  828. /* add TLSv13 pq tests */
  829. XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
  830. printf("starting TLSv13 post-quantum groups tests\n");
  831. test_harness(&args);
  832. if (args.return_code != 0) {
  833. printf("error from script %d\n", args.return_code);
  834. args.return_code = EXIT_FAILURE;
  835. goto exit;
  836. }
  837. #endif
  838. #endif
  839. #ifdef HAVE_PQC
  840. /* add TLSv13 pq tests */
  841. XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
  842. printf("starting TLSv13 post-quantum groups tests\n");
  843. test_harness(&args);
  844. if (args.return_code != 0) {
  845. printf("error from script %d\n", args.return_code);
  846. args.return_code = EXIT_FAILURE;
  847. goto exit;
  848. }
  849. #ifdef HAVE_LIBOQS
  850. /* add TLSv13 pq tests */
  851. XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
  852. printf("starting TLSv13 post-quantum groups tests\n");
  853. test_harness(&args);
  854. if (args.return_code != 0) {
  855. printf("error from script %d\n", args.return_code);
  856. args.return_code = EXIT_FAILURE;
  857. goto exit;
  858. }
  859. #endif
  860. #endif
  861. #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
  862. /* add DTLSv13 pq tests */
  863. XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
  864. printf("starting DTLSv13 post-quantum groups tests\n");
  865. test_harness(&args);
  866. if (args.return_code != 0) {
  867. printf("error from script %d\n", args.return_code);
  868. args.return_code = EXIT_FAILURE;
  869. goto exit;
  870. }
  871. #ifdef WOLFSSL_DTLS_CH_FRAG
  872. /* add DTLSv13 pq frag tests */
  873. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1]));
  874. printf("starting DTLSv13 post-quantum groups tests with fragmentation\n");
  875. test_harness(&args);
  876. if (args.return_code != 0) {
  877. printf("error from script %d\n", args.return_code);
  878. args.return_code = EXIT_FAILURE;
  879. goto exit;
  880. }
  881. #endif
  882. #ifdef HAVE_LIBOQS
  883. /* add DTLSv13 pq 2 tests */
  884. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2.conf", sizeof(argv0[1]));
  885. printf("starting DTLSv13 post-quantum 2 groups tests\n");
  886. test_harness(&args);
  887. if (args.return_code != 0) {
  888. printf("error from script %d\n", args.return_code);
  889. args.return_code = EXIT_FAILURE;
  890. goto exit;
  891. }
  892. #ifdef WOLFSSL_DTLS_CH_FRAG
  893. /* add DTLSv13 pq 2 frag tests */
  894. XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2-frag.conf", sizeof(argv0[1]));
  895. printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
  896. test_harness(&args);
  897. if (args.return_code != 0) {
  898. printf("error from script %d\n", args.return_code);
  899. args.return_code = EXIT_FAILURE;
  900. goto exit;
  901. }
  902. #endif
  903. #endif
  904. #endif
  905. #endif
  906. #if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
  907. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
  908. (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \
  909. (HAVE_SELFTEST_VERSION > 2)))
  910. /* add RSA-PSS certificate cipher suite tests */
  911. XSTRLCPY(argv0[1], "tests/test-rsapss.conf", sizeof(argv0[1]));
  912. printf("starting RSA-PSS extra cipher suite tests\n");
  913. test_harness(&args);
  914. if (args.return_code != 0) {
  915. printf("error from script %d\n", args.return_code);
  916. args.return_code = EXIT_FAILURE;
  917. goto exit;
  918. }
  919. #endif
  920. #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \
  921. defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \
  922. defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT)
  923. /* add ED25519 certificate cipher suite tests */
  924. XSTRLCPY(argv0[1], "tests/test-ed25519.conf", sizeof(argv0[1]));
  925. printf("starting ED25519 extra cipher suite tests\n");
  926. test_harness(&args);
  927. if (args.return_code != 0) {
  928. printf("error from script %d\n", args.return_code);
  929. args.return_code = EXIT_FAILURE;
  930. goto exit;
  931. }
  932. #endif
  933. #if defined(HAVE_CURVE448) && defined(HAVE_ED448) && \
  934. defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) && \
  935. defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT)
  936. /* add ED448 certificate cipher suite tests */
  937. XSTRLCPY(argv0[1], "tests/test-ed448.conf", sizeof(argv0[1]));
  938. printf("starting ED448 extra cipher suite tests\n");
  939. test_harness(&args);
  940. if (args.return_code != 0) {
  941. printf("error from script %d\n", args.return_code);
  942. args.return_code = EXIT_FAILURE;
  943. goto exit;
  944. }
  945. #endif
  946. #if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
  947. (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  948. /* add P-521 certificate cipher suite tests */
  949. XSTRLCPY(argv0[1], "tests/test-p521.conf", sizeof(argv0[1]));
  950. printf("starting P-521 extra cipher suite tests\n");
  951. test_harness(&args);
  952. if (args.return_code != 0) {
  953. printf("error from script %d\n", args.return_code);
  954. args.return_code = EXIT_FAILURE;
  955. goto exit;
  956. }
  957. #endif
  958. #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
  959. defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \
  960. /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \
  961. !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V)
  962. /* TLS non-NIST curves (Koblitz / Brainpool) */
  963. XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1]));
  964. printf("starting TLS test of non-NIST curves (Koblitz / Brainpool)\n");
  965. test_harness(&args);
  966. if (args.return_code != 0) {
  967. printf("error from script %d\n", args.return_code);
  968. args.return_code = EXIT_FAILURE;
  969. goto exit;
  970. }
  971. #endif
  972. #ifdef WOLFSSL_DTLS
  973. /* add dtls extra suites */
  974. XSTRLCPY(argv0[1], "tests/test-dtls.conf", sizeof(argv0[1]));
  975. printf("starting dtls extra cipher suite tests\n");
  976. test_harness(&args);
  977. if (args.return_code != 0) {
  978. printf("error from script %d\n", args.return_code);
  979. args.return_code = EXIT_FAILURE;
  980. goto exit;
  981. }
  982. /* add dtls grouping tests */
  983. XSTRLCPY(argv0[1], "tests/test-dtls-group.conf", sizeof(argv0[1]));
  984. printf("starting dtls message grouping tests\n");
  985. test_harness(&args);
  986. if (args.return_code != 0) {
  987. printf("error from script %d\n", args.return_code);
  988. args.return_code = EXIT_FAILURE;
  989. goto exit;
  990. }
  991. /* add dtls session resumption tests */
  992. XSTRLCPY(argv0[1], "tests/test-dtls-resume.conf", sizeof(argv0[1]));
  993. printf("starting dtls session resumption tests\n");
  994. test_harness(&args);
  995. if (args.return_code != 0) {
  996. printf("error from script %d\n", args.return_code);
  997. args.return_code = EXIT_FAILURE;
  998. goto exit;
  999. }
  1000. #ifdef HAVE_SECURE_RENEGOTIATION
  1001. /* add dtls renegotiation tests */
  1002. XSTRLCPY(argv0[1], "tests/test-dtls-reneg-client.conf", sizeof(argv0[1]));
  1003. printf("starting dtls secure renegotiation client tests\n");
  1004. test_harness(&args);
  1005. if (args.return_code != 0) {
  1006. printf("error from script %d\n", args.return_code);
  1007. args.return_code = EXIT_FAILURE;
  1008. goto exit;
  1009. }
  1010. XSTRLCPY(argv0[1], "tests/test-dtls-reneg-server.conf", sizeof(argv0[1]));
  1011. printf("starting dtls secure renegotiation server tests\n");
  1012. test_harness(&args);
  1013. if (args.return_code != 0) {
  1014. printf("error from script %d\n", args.return_code);
  1015. args.return_code = EXIT_FAILURE;
  1016. goto exit;
  1017. }
  1018. #endif
  1019. #ifdef WOLFSSL_DTLS_MTU
  1020. /* Add dtls different MTU size tests.
  1021. * These also use grouping to force wolfSSL to
  1022. * bounce off the MTU limit more */
  1023. XSTRLCPY(argv0[1], "tests/test-dtls-mtu.conf", sizeof(argv0[1]));
  1024. printf("starting dtls MTU tests\n");
  1025. test_harness(&args);
  1026. if (args.return_code != 0) {
  1027. printf("error from script %d\n", args.return_code);
  1028. args.return_code = EXIT_FAILURE;
  1029. goto exit;
  1030. }
  1031. #endif
  1032. /* Add dtls downgrade test */
  1033. XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
  1034. printf("starting dtls downgrade tests\n");
  1035. test_harness(&args);
  1036. if (args.return_code != 0) {
  1037. printf("error from script %d\n", args.return_code);
  1038. args.return_code = EXIT_FAILURE;
  1039. goto exit;
  1040. }
  1041. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  1042. /* add dtls extra suites */
  1043. XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
  1044. printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n");
  1045. test_harness(&args);
  1046. if (args.return_code != 0) {
  1047. printf("error from script %d\n", args.return_code);
  1048. args.return_code = EXIT_FAILURE;
  1049. goto exit;
  1050. }
  1051. #endif
  1052. #ifndef WOLFSSL_NO_DTLS_SIZE_CHECK
  1053. /* failure tests */
  1054. args.argc = 3;
  1055. XSTRLCPY(argv0[1], "tests/test-dtls-fails.conf", sizeof(argv0[1]));
  1056. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1057. printf("starting dtls tests that expect failure\n");
  1058. test_harness(&args);
  1059. if (args.return_code != 0) {
  1060. printf("error from script %d\n", args.return_code);
  1061. args.return_code = EXIT_FAILURE;
  1062. goto exit;
  1063. }
  1064. XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
  1065. #endif
  1066. #ifdef WOLFSSL_EXTRA_ALERTS
  1067. /* failure tests */
  1068. args.argc = 3;
  1069. XSTRLCPY(argv0[1], "tests/test-dtls-fails-cipher.conf", sizeof(argv0[1]));
  1070. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1071. printf("starting dtls cipher mismatch tests that expect failure\n");
  1072. test_harness(&args);
  1073. if (args.return_code != 0) {
  1074. printf("error from script %d\n", args.return_code);
  1075. args.return_code = EXIT_FAILURE;
  1076. goto exit;
  1077. }
  1078. XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
  1079. #endif
  1080. #ifdef WOLFSSL_SRTP
  1081. args.argc = 2;
  1082. strcpy(argv0[1], "tests/test-dtls-srtp.conf");
  1083. printf("starting dtls srtp suite tests\n");
  1084. test_harness(&args);
  1085. if (args.return_code != 0) {
  1086. printf("error from script %d\n", args.return_code);
  1087. args.return_code = EXIT_FAILURE;
  1088. goto exit;
  1089. }
  1090. /* failure tests */
  1091. args.argc = 3;
  1092. strcpy(argv0[1], "tests/test-dtls-srtp-fails.conf");
  1093. strcpy(argv0[2], "expFail"); /* tests are expected to fail */
  1094. printf("starting dtls srtp profile mismatch tests that expect failure\n");
  1095. test_harness(&args);
  1096. if (args.return_code != 0) {
  1097. printf("error from script %d\n", args.return_code);
  1098. args.return_code = EXIT_FAILURE;
  1099. goto exit;
  1100. }
  1101. strcpy(argv0[2], "");
  1102. #endif
  1103. #ifdef WOLFSSL_DTLS13
  1104. args.argc = 2;
  1105. strcpy(argv0[1], "tests/test-dtls13.conf");
  1106. printf("starting DTLSv1.3 suite\n");
  1107. test_harness(&args);
  1108. if (args.return_code != 0) {
  1109. printf("error from script %d\n", args.return_code);
  1110. args.return_code = EXIT_FAILURE;
  1111. goto exit;
  1112. }
  1113. #ifndef WOLFSSL_NO_TLS12
  1114. args.argc = 2;
  1115. strcpy(argv0[1], "tests/test-dtls13-downgrade.conf");
  1116. printf("starting DTLSv1.3 suite - downgrade\n");
  1117. test_harness(&args);
  1118. if (args.return_code != 0) {
  1119. printf("error from script %d\n", args.return_code);
  1120. args.return_code = EXIT_FAILURE;
  1121. goto exit;
  1122. }
  1123. args.argc = 3;
  1124. strcpy(argv0[1], "tests/test-dtls13-downgrade-fails.conf");
  1125. strcpy(argv0[2], "expFail");
  1126. printf("starting DTLSv1.3 suite - downgrade - (expFails)\n");
  1127. test_harness(&args);
  1128. if (args.return_code != 0) {
  1129. printf("error from script %d\n", args.return_code);
  1130. args.return_code = EXIT_FAILURE;
  1131. goto exit;
  1132. }
  1133. args.argc = 2;
  1134. XMEMSET(argv0[2], 0, sizeof(argv0[2]));
  1135. #endif /* WOLFSSL_NO_TLS12 */
  1136. #ifndef NO_PSK
  1137. XSTRLCPY(argv0[1], "tests/test-dtls13-psk.conf", sizeof(argv0[1]));
  1138. printf("starting DTLS 1.3 psk suite tests\n");
  1139. test_harness(&args);
  1140. if (args.return_code != 0) {
  1141. printf("error from script %d\n", args.return_code);
  1142. args.return_code = EXIT_FAILURE;
  1143. goto exit;
  1144. }
  1145. #endif /* NO_PSK */
  1146. #ifdef WOLFSSL_DTLS_CID
  1147. XSTRLCPY(argv0[1], "tests/test-dtls13-cid.conf", sizeof(argv0[1]));
  1148. printf("starting DTLS 1.3 ConnectionID suite tests\n");
  1149. test_harness(&args);
  1150. if (args.return_code != 0) {
  1151. printf("error from script %d\n", args.return_code);
  1152. args.return_code = EXIT_FAILURE;
  1153. goto exit;
  1154. }
  1155. #endif /* WOLFSSL_DTLS_CID */
  1156. #endif /* WOLFSSL_DTLS13 */
  1157. #endif
  1158. #ifdef WOLFSSL_SCTP
  1159. /* add dtls-sctp extra suites */
  1160. XSTRLCPY(argv0[1], "tests/test-sctp.conf", sizeof(argv0[1]));
  1161. printf("starting dtls-sctp extra cipher suite tests\n");
  1162. test_harness(&args);
  1163. if (args.return_code != 0) {
  1164. printf("error from script %d\n", args.return_code);
  1165. args.return_code = EXIT_FAILURE;
  1166. goto exit;
  1167. }
  1168. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  1169. /* add dtls-sctp extra suites */
  1170. XSTRLCPY(argv0[1], "tests/test-sctp-sha2.conf", sizeof(argv0[1]));
  1171. printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n");
  1172. test_harness(&args);
  1173. if (args.return_code != 0) {
  1174. printf("error from script %d\n", args.return_code);
  1175. args.return_code = EXIT_FAILURE;
  1176. goto exit;
  1177. }
  1178. #endif
  1179. #endif
  1180. #ifndef WC_STRICT_SIG
  1181. #if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
  1182. /* add extra signature test suites */
  1183. XSTRLCPY(argv0[1], "tests/test-sig.conf", sizeof(argv0[1]));
  1184. printf("starting sig extra cipher suite tests\n");
  1185. test_harness(&args);
  1186. if (args.return_code != 0) {
  1187. printf("error from script %d\n", args.return_code);
  1188. args.return_code = EXIT_FAILURE;
  1189. goto exit;
  1190. }
  1191. #endif /* HAVE_RSA and HAVE_ECC */
  1192. #endif /* !WC_STRICT_SIG */
  1193. #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \
  1194. (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM))
  1195. /* add SM2/SM3/SM4 test suites */
  1196. XSTRLCPY(argv0[1], "tests/test-sm2.conf", sizeof(argv0[1]));
  1197. printf("starting SM2/SM3/SM4 cipher suite tests\n");
  1198. test_harness(&args);
  1199. if (args.return_code != 0) {
  1200. printf("error from script %d\n", args.return_code);
  1201. args.return_code = EXIT_FAILURE;
  1202. goto exit;
  1203. }
  1204. #endif
  1205. #ifndef NO_PSK
  1206. #ifndef WOLFSSL_NO_TLS12
  1207. #if !defined(NO_RSA) || defined(HAVE_ECC)
  1208. /* add psk cipher suites */
  1209. XSTRLCPY(argv0[1], "tests/test-psk.conf", sizeof(argv0[1]));
  1210. printf("starting psk cipher suite tests\n");
  1211. test_harness(&args);
  1212. if (args.return_code != 0) {
  1213. printf("error from script %d\n", args.return_code);
  1214. args.return_code = EXIT_FAILURE;
  1215. goto exit;
  1216. }
  1217. #endif
  1218. #endif
  1219. #ifdef WOLFSSL_TLS13
  1220. /* add psk extra suites */
  1221. XSTRLCPY(argv0[1], "tests/test-tls13-psk.conf", sizeof(argv0[1]));
  1222. printf("starting TLS 1.3 psk no identity extra cipher suite tests\n");
  1223. test_harness(&args);
  1224. if (args.return_code != 0) {
  1225. printf("error from script %d\n", args.return_code);
  1226. args.return_code = EXIT_FAILURE;
  1227. goto exit;
  1228. }
  1229. #endif
  1230. #endif
  1231. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_MD5) &&\
  1232. !defined(NO_SHA)
  1233. /* test encrypted keys */
  1234. XSTRLCPY(argv0[1], "tests/test-enckeys.conf", sizeof(argv0[1]));
  1235. printf("starting encrypted keys extra cipher suite tests\n");
  1236. test_harness(&args);
  1237. if (args.return_code != 0) {
  1238. printf("error from script %d\n", args.return_code);
  1239. args.return_code = EXIT_FAILURE;
  1240. goto exit;
  1241. }
  1242. #endif
  1243. #ifdef HAVE_MAX_FRAGMENT
  1244. /* Max fragment cipher suite tests */
  1245. XSTRLCPY(argv0[1], "tests/test-maxfrag.conf", sizeof(argv0[1]));
  1246. printf("starting max fragment cipher suite tests\n");
  1247. test_harness(&args);
  1248. if (args.return_code != 0) {
  1249. printf("error from script %d\n", args.return_code);
  1250. args.return_code = EXIT_FAILURE;
  1251. goto exit;
  1252. }
  1253. #ifdef WOLFSSL_DTLS
  1254. XSTRLCPY(argv0[1], "tests/test-maxfrag-dtls.conf", sizeof(argv0[1]));
  1255. printf("starting dtls max fragment cipher suite tests\n");
  1256. test_harness(&args);
  1257. if (args.return_code != 0) {
  1258. printf("error from script %d\n", args.return_code);
  1259. args.return_code = EXIT_FAILURE;
  1260. goto exit;
  1261. }
  1262. #endif
  1263. #endif
  1264. #ifdef WOLFSSL_ALT_CERT_CHAINS
  1265. /* tests for alt chains */
  1266. XSTRLCPY(argv0[1], "tests/test-altchains.conf", sizeof(argv0[1]));
  1267. printf("starting certificate alternate chain cipher suite tests\n");
  1268. test_harness(&args);
  1269. if (args.return_code != 0) {
  1270. printf("error from script %d\n", args.return_code);
  1271. args.return_code = EXIT_FAILURE;
  1272. goto exit;
  1273. }
  1274. #else
  1275. /* tests for chains */
  1276. XSTRLCPY(argv0[1], "tests/test-chains.conf", sizeof(argv0[1]));
  1277. printf("starting certificate chain cipher suite tests\n");
  1278. test_harness(&args);
  1279. if (args.return_code != 0) {
  1280. printf("error from script %d\n", args.return_code);
  1281. args.return_code = EXIT_FAILURE;
  1282. goto exit;
  1283. }
  1284. #endif
  1285. #ifdef WOLFSSL_TRUST_PEER_CERT
  1286. /* tests for trusted peer cert */
  1287. XSTRLCPY(argv0[1], "tests/test-trustpeer.conf", sizeof(argv0[1]));
  1288. printf("starting trusted peer certificate cipher suite tests\n");
  1289. test_harness(&args);
  1290. if (args.return_code != 0) {
  1291. printf("error from script %d\n", args.return_code);
  1292. args.return_code = EXIT_FAILURE;
  1293. goto exit;
  1294. }
  1295. #endif
  1296. /* tests for dh prime */
  1297. args.argc = 3;
  1298. XSTRLCPY(argv0[1], "tests/test-dhprime.conf", sizeof(argv0[1]));
  1299. XSTRLCPY(argv0[2], "doDH", sizeof(argv0[2])); /* add DH prime flag */
  1300. printf("starting dh prime tests\n");
  1301. test_harness(&args);
  1302. if (args.return_code != 0) {
  1303. printf("error from script %d\n", args.return_code);
  1304. args.return_code = EXIT_FAILURE;
  1305. goto exit;
  1306. }
  1307. /* failure tests */
  1308. args.argc = 3;
  1309. XSTRLCPY(argv0[1], "tests/test-fails.conf", sizeof(argv0[1]));
  1310. XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */
  1311. printf("starting tests that expect failure\n");
  1312. test_harness(&args);
  1313. if (args.return_code != 0) {
  1314. printf("error from script %d\n", args.return_code);
  1315. args.return_code = EXIT_FAILURE;
  1316. goto exit;
  1317. }
  1318. exit:
  1319. if (args.return_code == 0)
  1320. printf("\n Success -- All results as expected.\n");
  1321. printf(" End Cipher Suite Tests\n");
  1322. wolfSSL_CTX_free(cipherSuiteCtx);
  1323. wolfSSL_Cleanup();
  1324. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  1325. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  1326. wc_ecc_fp_free(); /* free per thread cache */
  1327. #endif
  1328. #ifdef WOLFSSL_ASYNC_CRYPT
  1329. wolfAsync_DevClose(&devId);
  1330. #endif
  1331. return args.return_code;
  1332. #else
  1333. (void)argc;
  1334. (void)argv;
  1335. return NOT_COMPILED_IN;
  1336. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  1337. }