TLS1.3: SRV/CLI: add support for sending Record Size Limit extension

Signed-off-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-03 17:34:03 +00:00 · 2024-01-03 17:34:03 +00:00 · 598ea09dd5
commit 598ea09dd5
parent 47d2946943
1 changed files with 24 additions and 2 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -5003,11 +5003,33 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \
            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
            0 \
-            -s "RecordSizeLimit: 4096 Bytes" \
-            -s "ClientHello: record_size_limit(28) extension exists." \
+            -s "Sent RecordSizeLimit: 16384 Bytes" \
+            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 4095" \
            -s "10240 bytes written in 3 fragments"

+# TODO: For time being, we send fixed value of RecordSizeLimit defined by
+# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of
+# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test.
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test    "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (16384)" \
+            "$P_SRV debug_level=4 force_version=tls13" \
+            "$P_CLI debug_level=4 force_version=tls13" \
+            0 \
+            -c "Sent RecordSizeLimit: 16384 Bytes"                            \
+            -c "RecordSizeLimit: 16384 Bytes"                                 \
+            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
+            -c "Maximum outgoing record payload length is 16383"              \
+            -s "RecordSizeLimit: 16384 Bytes"                                 \
+            -s "Sent RecordSizeLimit: 16384 Bytes"                            \
+            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
+            -s "Maximum outgoing record payload length is 16383"              \
+            -s "Maximum incoming record payload length is 16384"
+
 # Tests for renegotiation

 # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION