tests: write early data: Add "server rejects" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index cf00b4e..6681c04 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4110,7 +4110,6 @@
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
-
int client_state, previous_client_state;
const char *early_data_string = "This is early data.";
const unsigned char *early_data = (const unsigned char *) early_data_string;
@@ -4149,6 +4148,10 @@
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break;
+ case TEST_EARLY_DATA_SERVER_REJECTS:
+ server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+ break;
+
default:
TEST_FAIL("Unknown scenario.");
}
@@ -4213,7 +4216,8 @@
switch (client_state) {
case MBEDTLS_SSL_CLIENT_HELLO:
switch (scenario) {
- case TEST_EARLY_DATA_ACCEPTED:
+ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_SERVER_REJECTS:
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
break;
@@ -4222,7 +4226,8 @@
case MBEDTLS_SSL_SERVER_HELLO:
switch (scenario) {
- case TEST_EARLY_DATA_ACCEPTED:
+ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_SERVER_REJECTS:
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
break;
@@ -4231,7 +4236,8 @@
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
switch (scenario) {
- case TEST_EARLY_DATA_ACCEPTED:
+ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_SERVER_REJECTS:
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
break;
@@ -4244,6 +4250,11 @@
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
break;
+
+ case TEST_EARLY_DATA_SERVER_REJECTS:
+ TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
+ TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
+ break;
}
break;
@@ -4256,13 +4267,23 @@
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
switch (scenario) {
- case TEST_EARLY_DATA_ACCEPTED:
+ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_SERVER_REJECTS:
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
break;
}
break;
+ case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
+ TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
+ switch (scenario) {
+ case TEST_EARLY_DATA_SERVER_REJECTS:
+ TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
+ TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
+ break;
+ }
+ break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
case MBEDTLS_SSL_CLIENT_CERTIFICATE: /* Intentional fallthrough */
@@ -4271,7 +4292,8 @@
case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */
case MBEDTLS_SSL_HANDSHAKE_OVER:
switch (scenario) {
- case TEST_EARLY_DATA_ACCEPTED:
+ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_SERVER_REJECTS:
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, client_state);
break;