feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'dtls'

Browse Source 
Conflicts:
	src/ssl.c
This commit is contained in:
John Safranek
2013-03-08 17:45:35 -08:00
parent 01a5368ffc 73f0395ca9
commit 20e4889092
17 changed files with 1029 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cyassl/internal.h
View File

@@ -501,6 +501,7 @@ enum Misc {
DTLS_MAJOR = 0xfe, /* DTLS major version number */
DTLS_MINOR = 0xff, /* DTLS minor version number */
DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
SSLv3_MINOR = 0, /* TLSv1 minor version number */
TLSv1_MINOR = 1, /* TLSv1 minor version number */
@@ -709,6 +710,7 @@ CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
#ifdef CYASSL_DTLS
CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
#endif

2
cyassl/openssl/ssl.h
View File

@@ -92,6 +92,8 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#ifdef CYASSL_DTLS
#define DTLSv1_client_method CyaDTLSv1_client_method
#define DTLSv1_server_method CyaDTLSv1_server_method
#define DTLSv1_2_client_method CyaDTLSv1_2_client_method
#define DTLSv1_2_server_method CyaDTLSv1_2_server_method
#endif

2
cyassl/ssl.h
View File

@@ -157,6 +157,8 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
#ifdef CYASSL_DTLS
CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_client_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_server_method(void);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)

4
cyassl/test.h
View File

@@ -108,7 +108,11 @@
#define SERVER_DEFAULT_VERSION 3
#define SERVER_DTLS_DEFAULT_VERSION (-2)
#define SERVER_INVALID_VERSION (-99)
#define CLIENT_DEFAULT_VERSION 3
#define CLIENT_DTLS_DEFAULT_VERSION (-2)
#define CLIENT_INVALID_VERSION (-99)
/* all certs relative to CyaSSL home directory now */
#define caCert "./certs/ca-cert.pem"

28
examples/client/client.c
View File

@@ -99,7 +99,8 @@ static void Usage(void)
printf("-s Use pre Shared keys\n");
printf("-d Disable peer checks\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n");
@@ -129,7 +130,7 @@ void client_test(void* args)
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
@@ -170,7 +171,6 @@ void client_test(void* args)
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
@@ -196,8 +196,6 @@ void client_test(void* args)
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
@@ -240,6 +238,22 @@ void client_test(void* args)
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@@ -263,6 +277,10 @@ void client_test(void* args)
case -1:
method = CyaDTLSv1_client_method();
break;
case -2:
method = CyaDTLSv1_2_client_method();
break;
#endif
default:

26
examples/server/server.c
View File

@@ -98,7 +98,8 @@ static void Usage(void)
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-u Use UDP DTLS\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-N Use Non-blocking sockets\n");
}
@@ -163,7 +164,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 'p' :
@@ -176,8 +176,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* stay with DTLS */
break;
case 'l' :
@@ -208,6 +206,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@@ -231,6 +245,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case -1:
method = DTLSv1_server_method();
break;
case -2:
method = DTLSv1_2_server_method();
break;
#endif
default:

36
src/internal.c
View File

@@ -123,6 +123,8 @@ int IsAtLeastTLSv1_2(const CYASSL* ssl)
{
if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
return 1;
if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
return 1;
return 0;
}
@@ -357,7 +359,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
ctx->CBIOSend = EmbedSend;
#ifdef CYASSL_DTLS
if (method->version.major == DTLS_MAJOR
&& method->version.minor == DTLS_MINOR) {
&& method->version.minor >= DTLSv1_2_MINOR) {
ctx->CBIORecv = EmbedReceiveFrom;
ctx->CBIOSend = EmbedSendTo;
}
@@ -591,8 +593,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
}
#ifdef CYASSL_DTLS
if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR)
tls = 1;
if (pv.major == DTLS_MAJOR) {
tls = 1;
tls1_2 = pv.minor <= DTLSv1_2_MINOR;
}
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
@@ -1303,7 +1307,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->heap = ctx->heap; /* defaults to self */
ssl->options.tls = 0;
ssl->options.tls1_1 = 0;
if (ssl->version.major == DTLS_MAJOR && ssl->version.minor == DTLS_MINOR)
if (ssl->version.major == DTLS_MAJOR
&& ssl->version.minor >= DTLSv1_2_MINOR)
ssl->options.dtls = 1;
else
ssl->options.dtls = 0;
@@ -1955,6 +1960,15 @@ ProtocolVersion MakeDTLSv1(void)
return pv;
}
ProtocolVersion MakeDTLSv1_2(void)
{
ProtocolVersion pv;
pv.major = DTLS_MAJOR;
pv.minor = DTLSv1_2_MINOR;
return pv;
}
#endif /* CYASSL_DTLS */
@@ -3380,6 +3394,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
const byte* additionalSrc = input - 5;
XMEMSET(additional, 0, AES_BLOCK_SIZE);
@@ -3389,7 +3404,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
/* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */
XMEMCPY(additional + AEAD_TYPE_OFFSET, input - 5, 3);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
#endif
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */
@@ -3416,6 +3435,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
const byte* additionalSrc = input - 5;
XMEMSET(additional, 0, AES_BLOCK_SIZE);
@@ -3425,7 +3445,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
/* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */
XMEMCPY(additional + AEAD_TYPE_OFFSET, input - 5, 3);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
#endif
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */

14
src/io.c
View File

@@ -136,16 +136,6 @@
#endif
#ifdef CYASSL_DTLS
/* sizeof(struct timeval) will pass uninit bytes to setsockopt if padded */
#ifdef USE_WINDOWS_API
#define TIMEVAL_BYTES sizeof(timeout)
#else
#define TIMEVAL_BYTES sizeof(timeout.tv_sec) + sizeof(timeout.tv_usec)
#endif
#endif
/* Translates return codes returned from
* send() and recv() if need be.
*/
@@ -201,7 +191,7 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
struct timeval timeout = {dtls_timeout, 0};
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
TIMEVAL_BYTES) != 0) {
sizeof(timeout)) != 0) {
CYASSL_MSG("setsockopt rcvtimeo failed");
}
}
@@ -329,7 +319,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
struct timeval timeout = { dtls_timeout, 0 };
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
TIMEVAL_BYTES) != 0) {
sizeof(timeout)) != 0) {
CYASSL_MSG("setsockopt rcvtimeo failed");
}
}

62
src/ssl.c
View File

@@ -2575,6 +2575,17 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
InitSSL_Method(method, MakeDTLSv1());
return method;
}
CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
{
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_ENTER("DTLSv1_2_client_method");
if (method)
InitSSL_Method(method, MakeDTLSv1_2());
return method;
}
#endif
@@ -2596,7 +2607,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR &&
ssl->version.minor == DTLS_MINOR) {
ssl->version.minor >= DTLSv1_2_MINOR) {
ssl->options.dtls = 1;
ssl->options.tls = 1;
ssl->options.tls1_1 = 1;
@@ -2671,10 +2682,14 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha);
#endif
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
InitSha256(&ssl->hashSha256);
#endif
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
#endif
}
if ( (ssl->error = SendClientHello(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
@@ -2822,6 +2837,19 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
}
return method;
}
CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
{
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_ENTER("DTLSv1_2_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1_2());
method->side = SERVER_END;
}
return method;
}
#endif
@@ -2869,7 +2897,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR &&
ssl->version.minor == DTLS_MINOR) {
ssl->version.minor >= DTLSv1_2_MINOR) {
ssl->options.dtls = 1;
ssl->options.tls = 1;
ssl->options.tls1_1 = 1;
@@ -2925,10 +2953,14 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha);
#endif
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
InitSha256(&ssl->hashSha256);
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
InitSha256(&ssl->hashSha256);
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
#endif
}
while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
if ( (ssl->error = ProcessReply(ssl)) < 0) {
@@ -5440,8 +5472,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "unknown";
}
}
else if (ssl->version.major == DTLS_MAJOR)
return "DTLS";
else if (ssl->version.major == DTLS_MAJOR) {
switch (ssl->version.minor) {
case DTLS_MINOR :
return "DTLS";
case DTLSv1_2_MINOR :
return "DTLSv1.2";
default:
return "unknown";
}
}
return "unknown";
}

5
tests/include.am
View File

@@ -22,14 +22,19 @@ EXTRA_DIST += tests/test.conf \
tests/test-openssl.conf \
tests/test-hc128.conf \
tests/test-psk.conf \
tests/test-psk-dtls.conf \
tests/test-ntru.conf \
tests/test-ecc.conf \
tests/test-ecc-dtls.conf \
tests/test-ecc-sha384.conf \
tests/test-ecc-dtls-sha384.conf \
tests/test-aesgcm.conf \
tests/test-aesgcm-ecc.conf \
tests/test-aesgcm-ecc-dtls.conf \
tests/test-aesgcm-openssl.conf \
tests/test-aesccm.conf \
tests/test-aesccm-ecc.conf \
tests/test-aesccm-ecc-dtls.conf \
tests/test-camellia.conf \
tests/test-camellia-openssl.conf \
tests/test-dtls.conf \

54
tests/suites.c
View File

@@ -317,6 +317,16 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef CYASSL_DTLS
/* add psk dtls extra suites */
strcpy(argv0[1], "tests/test-psk-dtls.conf");
printf("starting psk extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#if !defined(NO_PSK) && defined(HAVE_NULL_CIPHER) && !defined(NO_OLD_TLS)
@@ -359,10 +369,30 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef CYASSL_DTLS
/* add ecc dtls extra suites */
strcpy(argv0[1], "tests/test-ecc-dtls.conf");
printf("starting ecc dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef CYASSL_SHA384
/* add ecc extra suites */
/* add ecc sha384 extra suites */
strcpy(argv0[1], "tests/test-ecc-sha384.conf");
printf("starting ecc-sha384 extra cipher suite tests\n");
printf("starting ecc sha384 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if defined(CYASSL_DTLS) && defined(CYASSL_SHA384)
/* add ecc dtls sha384 extra suites */
strcpy(argv0[1], "tests/test-ecc-dtls-sha384.conf");
printf("starting ecc dtls sha384 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
@@ -402,6 +432,16 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef CYASSL_DTLS
/* add aesgcm ecc dtls extra suites */
strcpy(argv0[1], "tests/test-aesgcm-ecc-dtls.conf");
printf("starting aesgcm ecc dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#if defined(HAVE_AESCCM)
@@ -422,6 +462,16 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef CYASSL_DTLS
/* add aesccm ecc dtls extra suites */
strcpy(argv0[1], "tests/test-aesccm-ecc-dtls.conf");
printf("starting aesccm ecc dtls cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#endif

56
tests/test-aesccm-ecc-dtls.conf Normal file
View File

@@ -0,0 +1,56 @@
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
-N
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
-N

96
tests/test-aesgcm-ecc-dtls.conf Normal file
View File

@@ -0,0 +1,96 @@
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-RSA-AES256-GCM-SHA384

142
tests/test-dtls.conf
View File

@@ -1,98 +1,240 @@
# server DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# client DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# server DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# client DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# server DTLSv1 DES-CBC3-SHA
-u
-v 2
-l DES-CBC3-SHA
# client DTLSv1 DES-CBC3-SHA
-u
-v 2
-l DES-CBC3-SHA
# server DTLSv1.2 DES-CBC3-SHA
-u
-v 3
-l DES-CBC3-SHA
# client DTLSv1.2 DES-CBC3-SHA
-u
-v 3
-l DES-CBC3-SHA
# server DTLSv1 AES128-SHA
-u
-v 2
-l AES128-SHA
# client DTLSv1 AES128-SHA
-u
-v 2
-l AES128-SHA
# server DTLSv1.2 AES128-SHA
-u
-v 3
-l AES128-SHA
# client DTLSv1.2 AES128-SHA
-u
-v 3
-l AES128-SHA
# server DTLSv1 AES256-SHA
-u
-v 2
-l AES256-SHA
# client DTLSv1 AES256-SHA
-u
-v 2
-l AES256-SHA
# server DTLSv1.2 AES256-SHA
-u
-v 3
-l AES256-SHA
# client DTLSv1.2 AES256-SHA
-u
-v 3
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256
-u
-v 3
-l AES128-SHA256
# client DTLSv1.2 AES128-SHA256
-u
-v 3
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server DTLSv1.2 AES256-SHA256
-u
-v 3
-l AES256-SHA256
# client DTLSv1.2 AES256-SHA256
-u
-v 3
-l AES256-SHA256
# server DTLSv1 DES-CBC3-SHA NON-BLOCKING
-u
-v 2
-l DES-CBC3-SHA
-N
# client DTLSv1 DES-CBC3-SHA NON-BLOCKING
-u
-v 2
-l DES-CBC3-SHA
-N
# server DTLSv1.2 DES-CBC3-SHA NON-BLOCKING
-u
-v 3
-l DES-CBC3-SHA
-N
# client DTLSv1.2 DES-CBC3-SHA NON-BLOCKING
-u
-v 3
-l DES-CBC3-SHA
-N
# server DTLSv1 AES128-SHA NON-BLOCKING
-u
-v 2
-l AES128-SHA
-N
# client DTLSv1 AES128-SHA NON-BLOCKING
-u
-v 2
-l AES128-SHA
-N
# server DTLSv1.2 AES128-SHA NON-BLOCKING
-u
-v 3
-l AES128-SHA
-N
# client DTLSv1.2 AES128-SHA NON-BLOCKING
-u
-v 3
-l AES128-SHA
-N
# server DTLSv1 AES256-SHA NON-BLOCKING
-u
-v 2
-l AES256-SHA
-N
# client DTLSv1 AES256-SHA NON-BLOCKING
-u
-v 2
-l AES256-SHA
-N
# server DTLSv1.2 AES256-SHA NON-BLOCKING
-u
-v 3
-l AES256-SHA
-N
# client DTLSv1.2 AES256-SHA NON-BLOCKING
-u
-v 3
-l AES256-SHA
-N
# server DTLSv1 AES128-SHA256 NON-BLOCKING
-u
-v 2
-l AES128-SHA256
-N
# client DTLSv1 AES128-SHA256 NON-BLOCKING
-u
-v 2
-l AES128-SHA256
-N
# server DTLSv1.2 AES128-SHA256 NON-BLOCKING
-u
-v 3
-l AES128-SHA256
-N
# client DTLSv1.2 AES128-SHA256 NON-BLOCKING
-u
-v 3
-l AES128-SHA256
-N
# server DTLSv1 AES256-SHA256 NON-BLOCKING
-u
-v 2
-l AES256-SHA256
-N
# client DTLSv1 AES256-SHA256 NON-BLOCKING
-u
-v 2
-l AES256-SHA256
-N
# server DTLSv1.2 AES256-SHA256 NON-BLOCKING
-u
-v 3
-l AES256-SHA256
-N
# client DTLSv1.2 AES256-SHA256 NON-BLOCKING
-u
-v 3
-l AES256-SHA256
-N

48
tests/test-ecc-dtls-sha384.conf Normal file
View File

@@ -0,0 +1,48 @@
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem

432
tests/test-ecc-dtls.conf Normal file
View File

@@ -0,0 +1,432 @@
# server DTLSv1 ECDHE-RSA-RC4
-u
-v 2
-l ECDHE-RSA-RC4-SHA
# client DTLSv1 ECDHE-RSA-RC4
-u
-v 2
-l ECDHE-RSA-RC4-SHA
# server DTLSv1.1 ECDHE-RSA-DES3
-u
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# client DTLSv1.1 ECDHE-RSA-DES3
-u
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
# server DTLSv1.1 ECDHE-RSA-AES256
-u
-v 2
-l ECDHE-RSA-AES256-SHA
# client DTLSv1.1 ECDHE-RSA-AES256
-u
-v 2
-l ECDHE-RSA-AES256-SHA
# server DTLSv1.2 ECDHE-RSA-RC4
-u
-v 3
-l ECDHE-RSA-RC4-SHA
# client DTLSv1.2 ECDHE-RSA-RC4
-u
-v 3
-l ECDHE-RSA-RC4-SHA
# server DTLSv1.2 ECDHE-RSA-DES3
-u
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# client DTLSv1.2 ECDHE-RSA-DES3
-u
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
# server DTLSv1.2 ECDHE-RSA-AES128-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-SHA256
# server DTLSv1.2 ECDHE-RSA-AES256
-u
-v 3
-l ECDHE-RSA-AES256-SHA
# client DTLSv1.2 ECDHE-RSA-AES256
-u
-v 3
-l ECDHE-RSA-AES256-SHA
# server DTLSv1.1 ECDHE-EDCSA-RC4
-u
-v 2
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-RC4
-u
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-DES3
-u
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-DES3
-u
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-AES256
-u
-v 2
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-AES256
-u
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-DES3
-u
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-DES3
-u
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-RSA-RC4
-u
-v 2
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-RC4
-u
-v 2
-l ECDH-RSA-RC4-SHA
# server DTLSv1.1 ECDH-RSA-DES3
-u
-v 2
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-DES3
-u
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
# server DTLSv1.1 ECDH-RSA-AES256
-u
-v 2
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-AES256
-u
-v 2
-l ECDH-RSA-AES256-SHA
# server DTLSv1.2 ECDH-RSA-RC4
-u
-v 3
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-RC4
-u
-v 3
-l ECDH-RSA-RC4-SHA
# server DTLSv1.2 ECDH-RSA-DES3
-u
-v 3
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-DES3
-u
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
# server DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
# server DTLSv1.2 ECDH-RSA-AES256
-u
-v 3
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256
-u
-v 3
-l ECDH-RSA-AES256-SHA
# server DTLSv1.1 ECDH-EDCSA-RC4
-u
-v 2
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-RC4
-u
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-DES3
-u
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-DES3
-u
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-AES256
-u
-v 2
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-AES256
-u
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-RC4
-u
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-DES3
-u
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-DES3
-u
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES256
-u
-v 3
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256
-u
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem

60
tests/test-psk-dtls.conf Normal file
View File

@@ -0,0 +1,60 @@
# server DTLSv1 PSK-AES128
-s
-u
-v 2
-l PSK-AES128-CBC-SHA
# client DTLSv1 PSK-AES128
-s
-u
-v 2
-l PSK-AES128-CBC-SHA
# server DTLSv1 PSK-AES256
-s
-u
-v 2
-l PSK-AES256-CBC-SHA
# client DTLSv1 PSK-AES256
-s
-u
-v 2
-l PSK-AES256-CBC-SHA
# server DTLSv1.2 PSK-AES128
-s
-u
-v 3
-l PSK-AES128-CBC-SHA
# client DTLSv1.2 PSK-AES128
-s
-u
-v 3
-l PSK-AES128-CBC-SHA
# server DTLSv1.2 PSK-AES256
-s
-u
-v 3
-l PSK-AES256-CBC-SHA
# client DTLSv1.2 PSK-AES256
-s
-u
-v 3
-l PSK-AES256-CBC-SHA
# server DTLSv1.2 PSK-AES128-SHA256
-s
-u
-v 3
-l PSK-AES128-CBC-SHA256
# client DTLSv1.2 PSK-AES128-SHA256
-s
-u
-v 3
-l PSK-AES128-CBC-SHA256