TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 016d9fd96fd134471b1fc2920b148286b87db1d3 / . / tests / suites / test_suite_ssl.function
blob: bac2e58518b4dff04ec21577ac1f29c1947f5656 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Nicholas Wilson016d9fd2016-06-21 16:17:25 +0100[diff] [blame^]4
5#if defined(MBEDTLS_X509_CRT_PARSE_C)
6static int pre_vrfy_data = 0;
7static void pre_vrfy_fn( void *data, struct mbedtls_x509_crt *crt )
8{
9 if( crt && crt->version == 3 )
10 *(int*)data = 1;
11}
12static unsigned char pre_vrfy_buffer[2048];
13static int pre_vrfy_buffer_start = 0, pre_vrfy_buffer_end = 0;
14static int pre_vrfy_send( void *ctx, const unsigned char *buf, size_t len )
15{
16 (void)ctx;
17 if ( len > sizeof( pre_vrfy_buffer ) - pre_vrfy_buffer_end )
18 len = sizeof( pre_vrfy_buffer ) - pre_vrfy_buffer_end;
19 memcpy( pre_vrfy_buffer + pre_vrfy_buffer_end, buf, len );
20 pre_vrfy_buffer_end += (int)len;
21 return( len ? (int)len : MBEDTLS_ERR_SSL_WANT_WRITE );
22}
23static int pre_vrfy_recv( void *ctx, unsigned char *buf, size_t len )
24{
25 (void)ctx;
26 if ( len > (size_t)(pre_vrfy_buffer_end - pre_vrfy_buffer_start) )
27 len = pre_vrfy_buffer_end - pre_vrfy_buffer_start;
28 memcpy( buf, pre_vrfy_buffer + pre_vrfy_buffer_start, len );
29 pre_vrfy_buffer_start += (int)len;
30 return( len ? (int)len : MBEDTLS_ERR_SSL_WANT_READ );
31}
32#endif
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]33/* END_HEADER */
34
35/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]36 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]37 * END_DEPENDENCIES
38 */
39
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]41void ssl_dtls_replay( char *prevs, char *new, int ret )
42{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]43 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]44 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]45 char *end_prevs = prevs + strlen( prevs ) + 1;
46
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]47 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]48 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]49
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]50 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
51 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]52 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
53 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]54 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]55
56 /* Read previous record numbers */
57 for( ; end_prevs - prevs >= 13; prevs += 13 )
58 {
59 prevs[12] = '\0';
60 unhexify( ssl.in_ctr + 2, prevs );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]61 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]62 }
63
64 /* Check new number */
65 unhexify( ssl.in_ctr + 2, new );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]66 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]67
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]68 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]69 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]70}
71/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]72
73/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
74void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
75{
76 mbedtls_ssl_context ssl;
77 mbedtls_ssl_init( &ssl );
78
79 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
80 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
81
82 mbedtls_ssl_free( &ssl );
83}
Nicholas Wilson016d9fd2016-06-21 16:17:25 +0100[diff] [blame^]84/* END_CASE */
85
86/* BEGIN_CASE depends_on:MBEDTLS_SSL_PREVERIFY_CB:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */
87void ssl_preverifycb( char *crt_file )
88{
89 mbedtls_ssl_context ssl;
90 mbedtls_ssl_config conf;
91 mbedtls_x509_crt crt;
92
93 mbedtls_ssl_init( &ssl );
94 mbedtls_ssl_config_init( &conf );
95 mbedtls_x509_crt_init( &crt );
96
97 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
98
99 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
100 MBEDTLS_SSL_IS_SERVER,
101 MBEDTLS_SSL_TRANSPORT_STREAM,
102 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
103 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
104 mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
105 mbedtls_ssl_conf_ca_chain( &conf, &crt, NULL );
106
107 /* Write out a certificate record to a buffer */
108 ssl.transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 );
109 mbedtls_ssl_set_bio( &ssl, NULL, pre_vrfy_send, pre_vrfy_recv, NULL );
110 TEST_ASSERT( mbedtls_ssl_conf_own_cert( &conf, &crt, NULL ) == 0 );
111 TEST_ASSERT( mbedtls_ssl_write_certificate( &ssl ) == 0 );
112
113 /* Read in the certificate record, and check it calls the pre-verify callback */
114 conf.endpoint = MBEDTLS_SSL_IS_CLIENT;
115 mbedtls_ssl_conf_pre_verify( &conf, pre_vrfy_fn, (void*)&pre_vrfy_data );
116 TEST_ASSERT( mbedtls_ssl_parse_certificate( &ssl ) == 0 );
117
118 TEST_ASSERT( pre_vrfy_data != 0 );
119
120 mbedtls_ssl_free( &ssl );
121 mbedtls_ssl_config_free( &conf );
122 mbedtls_x509_crt_free( &crt );
123}
124/* END_CASE */