Merge pull request #3069 from AndrzejKurek/handshake-tests-refactor
Handshake tests refactor
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index a99bb6c..84d840c 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -199,166 +199,168 @@
Negative test moving servers ssl to state: NEW_SESSION_TICKET
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
+# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, SSL3
depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_PK_RSA:"":0:0
+handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0
+# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, tls1
-depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_PK_RSA:"":0:0
+depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0
Handshake, tls1_1
-depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":0:0
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0
Handshake, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
Handshake, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
-handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
+handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":0:0
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_1
-depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":1:0
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
+handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1
DTLS Handshake, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
+handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
-handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
+handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":1:0
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
-handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:1
+depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+handshake_serialization
Sending app data via TLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via TLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
Sending app data via TLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via TLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
Sending app data via TLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via TLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
Sending app data via TLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via TLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
Sending app data via TLS without MFL and without fragmentation
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
Sending app data via TLS without MFL and with fragmentation
-send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
+app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
Sending app data via DTLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via DTLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0
Sending app data via DTLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via DTLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0
Sending app data via DTLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via DTLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0
Sending app data via DTLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via DTLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0
Sending app data via DTLS, without MFL and without fragmentation
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
Sending app data via DTLS, without MFL and with fragmentation
-send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0
+app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0
DTLS renegotiation: no legacy renegotiation
-dtls_renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS renegotiation: legacy renegotiation
-dtls_renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS renegotiation: legacy break handshake
-dtls_renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 513043b..7eb3f7a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -6,6 +6,39 @@
#include <mbedtls/certs.h>
#include <mbedtls/timing.h>
+typedef struct handshake_test_options
+{
+ const char *cipher;
+ int version;
+ int pk_alg;
+ data_t *psk_str;
+ int dtls;
+ int serialize;
+ int mfl;
+ int cli_msg_len;
+ int srv_msg_len;
+ int expected_cli_fragments;
+ int expected_srv_fragments;
+ int renegotiate;
+ int legacy_renegotiation;
+} handshake_test_options;
+
+void init_handshake_options( handshake_test_options *opts )
+{
+ opts->cipher = "";
+ opts->version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opts->pk_alg = MBEDTLS_PK_RSA;
+ opts->psk_str = NULL;
+ opts->dtls = 0;
+ opts->serialize = 0;
+ opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
+ opts->cli_msg_len = 100;
+ opts->srv_msg_len = 100;
+ opts->expected_cli_fragments = 1;
+ opts->expected_srv_fragments = 1;
+ opts->renegotiate = 0;
+ opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+}
/*
* Buffer structure for custom I/O callbacks.
*/
@@ -1556,6 +1589,241 @@
ssl_2, 256, 1 );
}
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void perform_handshake( handshake_test_options* options )
+{
+ /* forced_ciphersuite needs to last until the end of the handshake */
+ int forced_ciphersuite[2];
+ enum { BUFFSIZE = 17000 };
+ mbedtls_endpoint client, server;
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ const char *psk_identity = "foo";
+#endif
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer_client, timer_server;
+#endif
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ unsigned char *context_buf = NULL;
+ size_t context_buf_len;
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ int ret = -1;
+#endif
+
+
+ mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_message_socket_context server_context, client_context;
+
+ /* Client side */
+ if( options->dtls != 0 )
+ {
+ TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
+ options->pk_alg, &client_context,
+ &client_queue,
+ &server_queue ) == 0 );
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+#endif
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
+ options->pk_alg, NULL, NULL,
+ NULL ) == 0 );
+ }
+ mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->version );
+ mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->version );
+
+ if( strlen( options->cipher ) > 0 )
+ {
+ set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
+ }
+ /* Server side */
+ if( options->dtls != 0 )
+ {
+ TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
+ options->pk_alg, &server_context,
+ &server_queue,
+ &client_queue) == 0 );
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+#endif
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
+ options->pk_alg, NULL, NULL, NULL ) == 0 );
+ }
+ mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->version );
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
+ (unsigned char) options->mfl ) == 0 );
+ TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
+ (unsigned char) options->mfl ) == 0 );
+#else
+ TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( options->psk_str != NULL && options->psk_str->len > 0 )
+ {
+ TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen( psk_identity ) ) == 0 );
+
+ TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen( psk_identity ) ) == 0 );
+
+ mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
+ }
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( options->renegotiate )
+ {
+ mbedtls_ssl_conf_renegotiation( &(server.conf),
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED );
+ mbedtls_ssl_conf_renegotiation( &(client.conf),
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED );
+
+ mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
+ options->legacy_renegotiation );
+ mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
+ options->legacy_renegotiation );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+ TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
+ &(server.socket),
+ BUFFSIZE ) == 0 );
+
+ TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
+ &(server.ssl),
+ MBEDTLS_SSL_HANDSHAKE_OVER )
+ == 0 );
+ TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
+ TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
+
+ if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
+ {
+ /* Start data exchanging test */
+ TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl), options->srv_msg_len,
+ options->expected_srv_fragments )
+ == 0 );
+ }
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if( options->serialize == 1 )
+ {
+ TEST_ASSERT( options->dtls == 1 );
+
+ TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
+ 0, &context_buf_len )
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ context_buf = mbedtls_calloc( 1, context_buf_len );
+ TEST_ASSERT( context_buf != NULL );
+
+ TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
+ context_buf_len,
+ &context_buf_len ) == 0 );
+
+ mbedtls_ssl_free( &(server.ssl) );
+ mbedtls_ssl_init( &(server.ssl) );
+
+ TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
+
+ mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
+ mbedtls_mock_tcp_send_msg,
+ mbedtls_mock_tcp_recv_msg,
+ NULL );
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+#endif
+ TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
+ context_buf_len ) == 0 );
+
+ /* Retest writing/reading */
+ if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
+ {
+ TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
+ options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl),
+ options->srv_msg_len,
+ options->expected_srv_fragments )
+ == 0 );
+ }
+ }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( options->renegotiate )
+ {
+ /* Start test with renegotiation */
+ TEST_ASSERT( server.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE );
+ TEST_ASSERT( client.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE );
+
+ /* After calling this function for the server, it only sends a handshake
+ * request. All renegotiation should happen during data exchanging */
+ TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
+ TEST_ASSERT( server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_PENDING );
+ TEST_ASSERT( client.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE );
+
+ TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
+ TEST_ASSERT( server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE );
+ TEST_ASSERT( client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE );
+
+ /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
+ * should happen inside this function. However in this test, we cannot
+ * perform simultaneous communication betwen client and server so this
+ * function will return waiting error on the socket. All rest of
+ * renegotiation should happen during data exchanging */
+ ret = mbedtls_ssl_renegotiate( &(client.ssl) );
+ TEST_ASSERT( ret == 0 ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ TEST_ASSERT( server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE );
+ TEST_ASSERT( client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
+
+ TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
+ TEST_ASSERT( server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE );
+ TEST_ASSERT( client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+exit:
+ mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
+ mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if( context_buf != NULL )
+ mbedtls_free( context_buf );
+#endif
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -3300,373 +3568,129 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
-void handshake( const char *cipher, int version, int pk_alg,
- data_t *psk_str, int dtls, int serialize )
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+void handshake_version( int version, int dtls )
{
- /* forced_ciphersuite needs to last until the end of the handshake */
- int forced_ciphersuite[2];
- enum { BUFFSIZE = 16384 };
- mbedtls_endpoint client, server;
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- const char *psk_identity = "foo";
-#else
- (void) psk_str;
-#endif
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context timer_client, timer_server;
-#endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- enum { MSGLEN = 5 };
- unsigned char *context_buf = NULL;
- size_t context_buf_len;
- unsigned char cli_buf[MSGLEN];
- unsigned char srv_buf[MSGLEN];
-#else
- (void) serialize;
-#endif
+ handshake_test_options options;
+ init_handshake_options( &options );
- mbedtls_test_message_queue server_queue, client_queue;
- mbedtls_test_message_socket_context server_context, client_context;
-
- /* Client side */
- if( dtls != 0 )
+ options.version = version;
+ options.dtls = dtls;
+ /* Note - the case below will have to updated, since the test sends no data
+ * due to a 1n-1 split against BEAST, that was not expected when preparing
+ * the fragment counting code. */
+ if( version == MBEDTLS_SSL_MINOR_VERSION_0 ||
+ version == MBEDTLS_SSL_MINOR_VERSION_1 )
{
- TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
- pk_alg, &client_context,
- &client_queue,
- &server_queue ) == 0 );
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
-#endif
+ options.cli_msg_len = 0;
+ options.srv_msg_len = 0;
}
- else
- {
- TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
- pk_alg, NULL, NULL, NULL ) == 0 );
- }
- mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- version );
- mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- version );
+ perform_handshake( &options );
- if( strlen( cipher ) > 0 )
- {
- set_ciphersuite( &client.conf, cipher, forced_ciphersuite );
- }
- /* Server side */
- if( dtls != 0 )
- {
- TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
- pk_alg, &server_context,
- &server_queue,
- &client_queue) == 0 );
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
-#endif
- }
- else
- {
- TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
- pk_alg, NULL, NULL, NULL ) == 0 );
- }
- mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- version );
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- if( psk_str->len > 0 )
- {
- TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x,
- psk_str->len,
- (const unsigned char *) psk_identity,
- strlen( psk_identity ) ) == 0 );
-
- TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x,
- psk_str->len,
- (const unsigned char *) psk_identity,
- strlen( psk_identity ) ) == 0 );
-
- mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
- }
-#endif
- TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
- &(server.socket),
- BUFFSIZE ) == 0 );
-
- TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER )
- == 0 );
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( dtls == 0 || serialize == 0 )
- {
- /* Serialization works with DTLS only.
- * Skip if these options are misused. */
- goto exit;
- }
-
- memset( cli_buf, 'X', MSGLEN );
- memset( srv_buf, 'Y', MSGLEN );
-
- /* Make sure that writing/reading works */
- TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN );
- TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN );
- TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 );
-
- TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
- 0, &context_buf_len )
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
- context_buf = mbedtls_calloc( 1, context_buf_len );
- TEST_ASSERT( context_buf != NULL );
-
- TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
- context_buf_len,
- &context_buf_len ) == 0 );
-
- mbedtls_ssl_free( &(server.ssl) );
- mbedtls_ssl_init( &(server.ssl) );
-
- TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
-
- mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
- mbedtls_mock_tcp_send_msg,
- mbedtls_mock_tcp_recv_msg,
- NULL );
-
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
-#endif
- TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
- context_buf_len ) == 0 );
-
- /* Retest writing/reading */
- memset( cli_buf, 'X', MSGLEN );
- memset( srv_buf, 'Y', MSGLEN );
-
- TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN );
- TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN );
- TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 );
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-exit:
- mbedtls_endpoint_free( &client, dtls != 0 ? &client_context : NULL );
- mbedtls_endpoint_free( &server, dtls != 0 ? &server_context : NULL );
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if( dtls != 0 && serialize != 0 )
- {
- mbedtls_free( context_buf );
- }
-#endif
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
-void send_application_data( int mfl, int cli_msg_len, int srv_msg_len,
- const int expected_cli_fragments,
- const int expected_srv_fragments )
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
+void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
{
- enum { BUFFSIZE = 2048 };
- mbedtls_endpoint server, client;
- int ret = -1;
+ handshake_test_options options;
+ init_handshake_options( &options );
- ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
- NULL, NULL, NULL );
- TEST_ASSERT( ret == 0 );
+ options.cipher = cipher;
+ options.dtls = dtls;
+ options.psk_str = psk_str;
+ options.pk_alg = pk_alg;
- ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
- NULL, NULL, NULL );
- TEST_ASSERT( ret == 0 );
+ perform_handshake( &options );
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
- TEST_ASSERT( ret == 0 );
-
- ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
- TEST_ASSERT( ret == 0 );
-#else
- TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
- ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
- BUFFSIZE );
- TEST_ASSERT( ret == 0 );
-
- ret = mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
-
- /* Start data exchanging test */
- ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments,
- &(server.ssl), srv_msg_len, expected_srv_fragments );
- TEST_ASSERT( ret == 0 );
-
-exit:
- mbedtls_endpoint_free( &client, NULL );
- mbedtls_endpoint_free( &server, NULL );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
-void send_application_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
- const int expected_cli_fragments,
- const int expected_srv_fragments )
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
+void handshake_cipher( char* cipher, int pk_alg, int dtls )
{
- enum { BUFFSIZE = 17000 };
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context timer_client, timer_server;
-#endif
- mbedtls_endpoint server, client;
- mbedtls_test_message_queue server_queue, client_queue;
- mbedtls_test_message_socket_context server_context, client_context;
- int ret = -1;
+ test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
- /* Initializing endpoints and communication */
- ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
- &server_context, &server_queue, &client_queue );
- TEST_ASSERT( ret == 0 );
-
- ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
- &client_context, &client_queue, &server_queue );
- TEST_ASSERT( ret == 0 );
-
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
-
- mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
-#endif /* MBEDTLS_TIMING_C */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
- TEST_ASSERT( ret == 0 );
-
- ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
- TEST_ASSERT( ret == 0 );
-#else
- TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
- ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
- BUFFSIZE );
- TEST_ASSERT( ret == 0 );
-
- ret = mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
-
- /* Start data exchanging test */
- ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments,
- &(server.ssl), srv_msg_len, expected_srv_fragments );
- TEST_ASSERT( ret == 0 );
-
-
-exit:
- mbedtls_endpoint_free( &client, &client_context );
- mbedtls_endpoint_free( &server, &server_context );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_RENEGOTIATION */
-void dtls_renegotiation( int legacy_option )
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+void app_data( int mfl, int cli_msg_len, int srv_msg_len,
+ int expected_cli_fragments,
+ int expected_srv_fragments, int dtls )
{
-enum { BUFFSIZE = 17000 };
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context timer_client, timer_server;
-#endif
- mbedtls_endpoint server, client;
- mbedtls_test_message_queue server_queue, client_queue;
- mbedtls_test_message_socket_context server_context, client_context;
- int ret = -1;
+ handshake_test_options options;
+ init_handshake_options( &options );
- /* Initializing endpoints for DTLS */
- ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
- &server_context, &server_queue, &client_queue );
- TEST_ASSERT( ret == 0 );
+ options.mfl = mfl;
+ options.cli_msg_len = cli_msg_len;
+ options.srv_msg_len = srv_msg_len;
+ options.expected_cli_fragments = expected_cli_fragments;
+ options.expected_srv_fragments = expected_srv_fragments;
+ options.dtls = dtls;
- ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
- &client_context, &client_queue, &server_queue );
- TEST_ASSERT( ret == 0 );
+ perform_handshake( &options );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
+}
+/* END_CASE */
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
+ int expected_cli_fragments,
+ int expected_srv_fragments )
+{
+ test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
+ expected_srv_fragments, 0 );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
+}
+/* END_CASE */
- mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay );
-#endif /* MBEDTLS_TIMING_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
+void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
+ int expected_cli_fragments,
+ int expected_srv_fragments )
+{
+ test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
+ expected_srv_fragments, 1 );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
+}
+/* END_CASE */
- /* Setup renegotiation and perform connection */
- mbedtls_ssl_conf_renegotiation( &(server.conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED );
- mbedtls_ssl_conf_renegotiation( &(client.conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED );
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+void handshake_serialization( )
+{
+ handshake_test_options options;
+ init_handshake_options( &options );
- mbedtls_ssl_conf_legacy_renegotiation( &(server.conf), legacy_option );
- mbedtls_ssl_conf_legacy_renegotiation( &(client.conf), legacy_option );
+ options.serialize = 1;
+ options.dtls = 1;
+ perform_handshake( &options );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
+}
+/* END_CASE */
- ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
- BUFFSIZE );
- TEST_ASSERT( ret == 0 );
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */
+void renegotiation( int legacy_renegotiation )
+{
+ handshake_test_options options;
+ init_handshake_options( &options );
- ret = mbedtls_move_handshake_to_state( &(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
+ options.renegotiate = 1;
+ options.legacy_renegotiation = legacy_renegotiation;
+ options.dtls = 1;
- /* Start test with renegotiation */
- TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE );
- TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE );
-
- ret = mbedtls_ssl_renegotiate( &(server.ssl) );
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING );
- TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE );
-
- /* After calling the above function for the server, it only sends a handshake
- * request. All renegotiation should happen during data exchanging */
- TEST_ASSERT( 0 == exchange_data( &(client.ssl), &(server.ssl) ) );
- TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
- TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
-
- /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
- * should happen inside this function. However in this test, we cannot
- * perform simultaneous communication between client and server so this
- * function will return waiting error on the socket. The rest of
- * renegotiation should happen during data exchanging */
- ret = mbedtls_ssl_renegotiate( &(client.ssl) );
- TEST_ASSERT( ret == 0 ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
- TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
- TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
-
- ret = exchange_data( &(client.ssl), &(server.ssl) );
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
- TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
-
-exit:
- mbedtls_endpoint_free( &client, &client_context );
- mbedtls_endpoint_free( &server, &server_context );
+ perform_handshake( &options );
+ /* The goto below is used to avoid an "unused label" warning.*/
+ goto exit;
}
/* END_CASE */