blob: cc6797c943ef8694fab19eec042ba7986645b460 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +02003#include <mbedtls/ssl_internal.h>
Hanno Beckera18d1322018-01-03 14:27:32 +00004
Janos Follath6264e662019-11-26 11:11:15 +00005
6/*
7 * Buffer structure for custom I/O callbacks.
8 */
9
10typedef struct mbedtls_test_buffer
11{
12 size_t start;
13 size_t content_length;
14 size_t capacity;
15 unsigned char *buffer;
16} mbedtls_test_buffer;
17
18/*
19 * Initialises \p buf. After calling this function it is safe to call
20 * `mbedtls_test_buffer_free()` on \p buf.
21 */
22void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
23{
24 memset( buf, 0, sizeof( *buf ) );
25}
26
27/*
28 * Sets up \p buf. After calling this function it is safe to call
29 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
30 */
31int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
32{
33 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
34 sizeof(unsigned char) );
35 if( NULL == buf->buffer )
36 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
37 buf->capacity = capacity;
38
39 return 0;
40}
41
42void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
43{
44 if( buf->buffer != NULL )
45 mbedtls_free( buf->buffer );
46
47 memset( buf, 0, sizeof( *buf ) );
48}
49
50/*
51 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
52 *
53 * \p buf must have been initialized and set up by calling
54 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
55 *
56 * \retval \p input_len, if the data fits.
57 * \retval 0 <= value < \p input_len, if the data does not fit.
58 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
59 * zero and \p input is NULL.
60 */
61int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
62 const unsigned char* input, size_t input_len )
63{
64 size_t overflow = 0;
65
66 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
67 return -1;
68
69 /* Reduce input_len to a number that fits in the buffer. */
70 if ( ( buf->content_length + input_len ) > buf->capacity )
71 {
72 input_len = buf->capacity - buf->content_length;
73 }
74
75 if( input == NULL )
76 {
77 return ( input_len == 0 ) ? 0 : -1;
78 }
79
80 /* Calculate the number of bytes that need to be placed at lower memory
81 * address */
82 if( buf->start + buf->content_length + input_len
83 > buf->capacity )
84 {
85 overflow = ( buf->start + buf->content_length + input_len )
86 % buf->capacity;
87 }
88
89 memcpy( buf->buffer + buf->start + buf->content_length, input,
90 input_len - overflow );
91 memcpy( buf->buffer, input + input_len - overflow, overflow );
92 buf->content_length += input_len;
93
94 return input_len;
95}
96
97/*
Andrzej Kurekf7774142020-01-22 06:34:59 -050098 * Gets \p output_len bytes from the ring buffer \p buf into the
99 * \p output buffer. The output buffer can be NULL, in this case a part of the
100 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000101 *
102 * \p buf must have been initialized and set up by calling
103 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
104 *
105 * \retval \p output_len, if the data is available.
106 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500107 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000108 */
109int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
110 unsigned char* output, size_t output_len )
111{
112 size_t overflow = 0;
113
114 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
115 return -1;
116
Andrzej Kurekf7774142020-01-22 06:34:59 -0500117 if( output == NULL && output_len == 0 )
118 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000119
120 if( buf->content_length < output_len )
121 output_len = buf->content_length;
122
123 /* Calculate the number of bytes that need to be drawn from lower memory
124 * address */
125 if( buf->start + output_len > buf->capacity )
126 {
127 overflow = ( buf->start + output_len ) % buf->capacity;
128 }
129
Andrzej Kurekf7774142020-01-22 06:34:59 -0500130 if( output != NULL )
131 {
132 memcpy( output, buf->buffer + buf->start, output_len - overflow );
133 memcpy( output + output_len - overflow, buf->buffer, overflow );
134 }
135
Janos Follath6264e662019-11-26 11:11:15 +0000136 buf->content_length -= output_len;
137 buf->start = ( buf->start + output_len ) % buf->capacity;
138
139 return output_len;
140}
141
Hanno Beckera18d1322018-01-03 14:27:32 +0000142/*
Janos Follath031827f2019-11-27 11:12:14 +0000143 * Context for the I/O callbacks simulating network connection.
144 */
145
146#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
147
148typedef struct mbedtls_mock_socket
149{
150 int status;
Janos Follath3766ba52019-11-27 13:31:42 +0000151 uint32_t blocking_pattern;
Janos Follath031827f2019-11-27 11:12:14 +0000152 mbedtls_test_buffer *input;
153 mbedtls_test_buffer *output;
154 struct mbedtls_mock_socket *peer;
155} mbedtls_mock_socket;
156
157/*
158 * Setup and teardown functions for mock sockets.
159 */
160void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
161{
162 memset( socket, 0, sizeof( *socket ) );
163}
164
165/*
166 * Closes the socket \p socket.
167 *
168 * \p socket must have been previously initialized by calling
169 * mbedtls_mock_socket_init().
170 *
171 * This function frees all allocated resources and both sockets are aware of the
172 * new connection state.
173 *
174 * That is, this function does not simulate half-open TCP connections and the
175 * phenomenon that when closing a UDP connection the peer is not aware of the
176 * connection having been closed.
177 */
178void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
179{
180 if( socket == NULL )
181 return;
182
183 if( socket->input != NULL )
184 {
185 mbedtls_test_buffer_free( socket->input );
186 mbedtls_free( socket->input );
187 }
188
189 if( socket->output != NULL )
190 {
191 mbedtls_test_buffer_free( socket->output );
192 mbedtls_free( socket->output );
193 }
194
195 if( socket->peer != NULL )
196 memset( socket->peer, 0, sizeof( *socket->peer ) );
197
198 memset( socket, 0, sizeof( *socket ) );
199}
200
201/*
202 * Establishes a connection between \p peer1 and \p peer2.
203 *
204 * \p peer1 and \p peer2 must have been previously initialized by calling
205 * mbedtls_mock_socket_init().
206 *
207 * The capacites of the internal buffers are set to \p bufsize. Setting this to
208 * the correct value allows for simulation of MTU, sanity testing the mock
209 * implementation and mocking TCP connections with lower memory cost.
210 */
211int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
212 mbedtls_mock_socket* peer2,
213 size_t bufsize )
214{
215 int ret = -1;
216
217 peer1->input = peer2->output =
218 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
219 if( peer1->input == NULL )
220 {
221 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
222 goto exit;
223 }
224 mbedtls_test_buffer_init( peer1->input );
225 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->input, bufsize ) ) )
226 {
227 goto exit;
228 }
229
230 peer1->output = peer2->input =
231 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
232 if( peer1->output == NULL )
233 {
234 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
235 goto exit;
236 }
237 mbedtls_test_buffer_init( peer1->output );
238 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
239 {
240 goto exit;
241 }
242
243 peer1->peer = peer2;
244 peer2->peer = peer1;
245
246 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
247 ret = 0;
248
249exit:
250
251 if( ret != 0 )
252 {
253 mbedtls_mock_socket_close( peer1 );
254 mbedtls_mock_socket_close( peer2 );
255 }
256
257 return ret;
258}
259
260/*
Janos Follath3766ba52019-11-27 13:31:42 +0000261 * Set the blocking pattern for the socket.
262 *
263 * For every bit of \p blocking_pattern set to one the socket will simulate a
264 * "would block" event. The bits are processed starting with the least
265 * significant bit and every call to a non-blocking I/O function consumes one.
266 *
267 * The behaviour of blocking I/O functions remains unchanged.
268 */
269int mbedtls_mock_socket_set_block( mbedtls_mock_socket* socket,
270 uint32_t blocking_pattern )
271{
272 if( socket == NULL )
273 return -1;
274
275 socket->blocking_pattern = blocking_pattern;
276
277 return 0;
278}
279
280/*
Janos Follath031827f2019-11-27 11:12:14 +0000281 * Callbacks for simulating blocking I/O over connection-oriented transport.
282 */
283
284int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
285{
286 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
287
288 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
289 return -1;
290
291 return mbedtls_test_buffer_put( socket->output, buf, len );
292}
293
294int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
295{
296 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
297
298 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
299 return -1;
300
301 return mbedtls_test_buffer_get( socket->input, buf, len );
302}
303
304/*
Janos Follath3766ba52019-11-27 13:31:42 +0000305 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
306 */
307
308int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
309{
310 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
311
312 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
313 return -1;
314
315 if( socket->blocking_pattern & 1 )
316 {
317 socket->blocking_pattern >>= 1;
318 return MBEDTLS_ERR_SSL_WANT_WRITE;
319 }
320
321 socket->blocking_pattern >>= 1;
322
323 return mbedtls_test_buffer_put( socket->output, buf, len );
324}
325
326int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
327{
328 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
329
330 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
331 return -1;
332
333 if( socket->blocking_pattern & 1 )
334 {
335 socket->blocking_pattern >>= 1;
336 return MBEDTLS_ERR_SSL_WANT_READ;
337 }
338
339 socket->blocking_pattern >>= 1;
340
341 return mbedtls_test_buffer_get( socket->input, buf, len );
342}
343
344/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000345 * Helper function setting up inverse record transformations
346 * using given cipher, hash, EtM mode, authentication tag length,
347 * and version.
348 */
349
350#define CHK( x ) \
351 do \
352 { \
353 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000354 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100355 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000356 goto cleanup; \
357 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000358 } while( 0 )
359
Hanno Beckerd856c822019-04-29 17:30:59 +0100360#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
361#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
362#else
363#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
364#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000365
366static int build_transforms( mbedtls_ssl_transform *t_in,
367 mbedtls_ssl_transform *t_out,
368 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100369 int etm, int tag_mode, int ver,
370 size_t cid0_len,
371 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000372{
373 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100374 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000375
376 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000377 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000378 unsigned char iv_enc[16], iv_dec[16];
379
Hanno Beckera0e20d02019-05-15 14:03:01 +0100380#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100381 unsigned char cid0[ SSL_CID_LEN_MIN ];
382 unsigned char cid1[ SSL_CID_LEN_MIN ];
383
384 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
385 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100386#else
387 ((void) cid0_len);
388 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100389#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100390
Hanno Beckera18d1322018-01-03 14:27:32 +0000391 maclen = 0;
392
393 /* Pick cipher */
394 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
395 CHK( cipher_info != NULL );
396 CHK( cipher_info->iv_size <= 16 );
397 CHK( cipher_info->key_bitlen % 8 == 0 );
398
399 /* Pick keys */
400 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100401 /* Allocate `keylen + 1` bytes to ensure that we get
402 * a non-NULL pointers from `mbedtls_calloc` even if
403 * `keylen == 0` in the case of the NULL cipher. */
404 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
405 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000406 memset( key0, 0x1, keylen );
407 memset( key1, 0x2, keylen );
408
409 /* Setup cipher contexts */
410 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
411 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
412 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
413 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
414
415#if defined(MBEDTLS_CIPHER_MODE_CBC)
416 if( cipher_info->mode == MBEDTLS_MODE_CBC )
417 {
418 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
419 MBEDTLS_PADDING_NONE ) == 0 );
420 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
421 MBEDTLS_PADDING_NONE ) == 0 );
422 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
423 MBEDTLS_PADDING_NONE ) == 0 );
424 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
425 MBEDTLS_PADDING_NONE ) == 0 );
426 }
427#endif /* MBEDTLS_CIPHER_MODE_CBC */
428
429 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
430 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
431 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
432 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
433 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
434 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
435 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
436 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000437
438 /* Setup MAC contexts */
439#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
440 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
441 cipher_info->mode == MBEDTLS_MODE_STREAM )
442 {
443 mbedtls_md_info_t const *md_info;
444 unsigned char *md0, *md1;
445
446 /* Pick hash */
447 md_info = mbedtls_md_info_from_type( hash_id );
448 CHK( md_info != NULL );
449
450 /* Pick hash keys */
451 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100452 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
453 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000454 memset( md0, 0x5, maclen );
455 memset( md1, 0x6, maclen );
456
457 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
458 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
459 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
460 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
461
462 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
463 {
464 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
465 md0, maclen ) == 0 );
466 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
467 md1, maclen ) == 0 );
468 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
469 md1, maclen ) == 0 );
470 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
471 md0, maclen ) == 0 );
472 }
473#if defined(MBEDTLS_SSL_PROTO_SSL3)
474 else
475 {
476 memcpy( &t_in->mac_enc, md0, maclen );
477 memcpy( &t_in->mac_dec, md1, maclen );
478 memcpy( &t_out->mac_enc, md1, maclen );
479 memcpy( &t_out->mac_dec, md0, maclen );
480 }
481#endif
482
Hanno Becker3ee54212019-04-04 16:31:26 +0100483 mbedtls_free( md0 );
484 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000485 }
486#else
487 ((void) hash_id);
488#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
489
490
491 /* Pick IV's (regardless of whether they
492 * are being used by the transform). */
493 ivlen = cipher_info->iv_size;
494 memset( iv_enc, 0x3, sizeof( iv_enc ) );
495 memset( iv_dec, 0x4, sizeof( iv_dec ) );
496
497 /*
498 * Setup transforms
499 */
500
Jaeden Amero2de07f12019-06-05 13:32:08 +0100501#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
502 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000503 t_out->encrypt_then_mac = etm;
504 t_in->encrypt_then_mac = etm;
505#else
506 ((void) etm);
507#endif
508
509 t_out->minor_ver = ver;
510 t_in->minor_ver = ver;
511 t_out->ivlen = ivlen;
512 t_in->ivlen = ivlen;
513
514 switch( cipher_info->mode )
515 {
516 case MBEDTLS_MODE_GCM:
517 case MBEDTLS_MODE_CCM:
518 t_out->fixed_ivlen = 4;
519 t_in->fixed_ivlen = 4;
520 t_out->maclen = 0;
521 t_in->maclen = 0;
522 switch( tag_mode )
523 {
524 case 0: /* Full tag */
525 t_out->taglen = 16;
526 t_in->taglen = 16;
527 break;
528 case 1: /* Partial tag */
529 t_out->taglen = 8;
530 t_in->taglen = 8;
531 break;
532 default:
533 return( 1 );
534 }
535 break;
536
537 case MBEDTLS_MODE_CHACHAPOLY:
538 t_out->fixed_ivlen = 12;
539 t_in->fixed_ivlen = 12;
540 t_out->maclen = 0;
541 t_in->maclen = 0;
542 switch( tag_mode )
543 {
544 case 0: /* Full tag */
545 t_out->taglen = 16;
546 t_in->taglen = 16;
547 break;
548 case 1: /* Partial tag */
549 t_out->taglen = 8;
550 t_in->taglen = 8;
551 break;
552 default:
553 return( 1 );
554 }
555 break;
556
557 case MBEDTLS_MODE_STREAM:
558 case MBEDTLS_MODE_CBC:
559 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
560 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
561 t_out->taglen = 0;
562 t_in->taglen = 0;
563 switch( tag_mode )
564 {
565 case 0: /* Full tag */
566 t_out->maclen = maclen;
567 t_in->maclen = maclen;
568 break;
569 case 1: /* Partial tag */
570 t_out->maclen = 10;
571 t_in->maclen = 10;
572 break;
573 default:
574 return( 1 );
575 }
576 break;
577 default:
578 return( 1 );
579 break;
580 }
581
582 /* Setup IV's */
583
584 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
585 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
586 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
587 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
588
Hanno Beckera0e20d02019-05-15 14:03:01 +0100589#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100590 /* Add CID */
591 memcpy( &t_in->in_cid, cid0, cid0_len );
592 memcpy( &t_in->out_cid, cid1, cid1_len );
593 t_in->in_cid_len = cid0_len;
594 t_in->out_cid_len = cid1_len;
595 memcpy( &t_out->in_cid, cid1, cid1_len );
596 memcpy( &t_out->out_cid, cid0, cid0_len );
597 t_out->in_cid_len = cid1_len;
598 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100599#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100600
Hanno Becker81e16a32019-03-01 11:21:44 +0000601cleanup:
602
Hanno Becker3ee54212019-04-04 16:31:26 +0100603 mbedtls_free( key0 );
604 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000605
Hanno Beckera5780f12019-04-05 09:55:37 +0100606 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000607}
608
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200609/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200610 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200611 * Choose dummy values, mostly non-0 to distinguish from the init default.
612 */
613static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200614 int ticket_len,
615 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200616{
617#if defined(MBEDTLS_HAVE_TIME)
618 session->start = mbedtls_time( NULL ) - 42;
619#endif
620 session->ciphersuite = 0xabcd;
621 session->compression = 1;
622 session->id_len = sizeof( session->id );
623 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200624 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200625
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200626#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200627 if( strlen( crt_file ) != 0 )
628 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200629 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200630 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200631
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200632 mbedtls_x509_crt_init( &tmp_crt );
633 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
634 if( ret != 0 )
635 return( ret );
636
637#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
638 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200639 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
640 if( session->peer_cert == NULL )
641 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200642 *session->peer_cert = tmp_crt;
643 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
644#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
645 /* Calculate digest of temporary CRT. */
646 session->peer_cert_digest =
647 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
648 if( session->peer_cert_digest == NULL )
649 return( -1 );
650 ret = mbedtls_md( mbedtls_md_info_from_type(
651 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
652 tmp_crt.raw.p, tmp_crt.raw.len,
653 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200654 if( ret != 0 )
655 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200656 session->peer_cert_digest_type =
657 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
658 session->peer_cert_digest_len =
659 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
660#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
661
662 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200663 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200664#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200665 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200666#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200667 session->verify_result = 0xdeadbeef;
668
669#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
670 if( ticket_len != 0 )
671 {
672 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200673 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200674 return( -1 );
675 memset( session->ticket, 33, ticket_len );
676 }
677 session->ticket_len = ticket_len;
678 session->ticket_lifetime = 86401;
679#else
680 (void) ticket_len;
681#endif
682
683#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
684 session->mfl_code = 1;
685#endif
686#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
687 session->trunc_hmac = 1;
688#endif
689#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
690 session->encrypt_then_mac = 1;
691#endif
692
693 return( 0 );
694}
695
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200696/* END_HEADER */
697
698/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200699 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200700 * END_DEPENDENCIES
701 */
702
Janos Follath6264e662019-11-26 11:11:15 +0000703/* BEGIN_CASE */
704void test_callback_buffer_sanity()
705{
706 enum { MSGLEN = 10 };
707 mbedtls_test_buffer buf;
708 unsigned char input[MSGLEN];
709 unsigned char output[MSGLEN];
710
711 memset( input, 0, sizeof(input) );
712
713 /* Make sure calling put and get on NULL buffer results in error. */
714 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
715 == -1 );
716 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
717 == -1 );
718 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500719
Janos Follath6264e662019-11-26 11:11:15 +0000720 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
721 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
722
723 /* Make sure calling put and get on a buffer that hasn't been set up results
724 * in eror. */
725 mbedtls_test_buffer_init( &buf );
726
727 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
728 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
729 == -1 );
730 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500731
Janos Follath6264e662019-11-26 11:11:15 +0000732 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
733 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
734
Andrzej Kurekf7774142020-01-22 06:34:59 -0500735 /* Make sure calling put and get on NULL input only results in
736 * error if the length is not zero, and that a NULL output is valid for data
737 * dropping.
738 */
Janos Follath6264e662019-11-26 11:11:15 +0000739
740 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
741
742 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
743 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500744 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000745 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
746 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
747
748exit:
749
750 mbedtls_test_buffer_free( &buf );
751}
752/* END_CASE */
753
754/*
755 * Test if the implementation of `mbedtls_test_buffer` related functions is
756 * correct and works as expected.
757 *
758 * That is
759 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
760 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
761 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
762 * bytes.
763 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
764 * - All of the bytes we got match the bytes we put in in a FIFO manner.
765 */
766
767/* BEGIN_CASE */
768void test_callback_buffer( int size, int put1, int put1_ret,
769 int get1, int get1_ret, int put2, int put2_ret,
770 int get2, int get2_ret )
771{
772 enum { ROUNDS = 2 };
773 size_t put[ROUNDS];
774 int put_ret[ROUNDS];
775 size_t get[ROUNDS];
776 int get_ret[ROUNDS];
777 mbedtls_test_buffer buf;
778 unsigned char* input = NULL;
779 size_t input_len;
780 unsigned char* output = NULL;
781 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000782 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000783
784 mbedtls_test_buffer_init( &buf );
785 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
786
787 /* Check the sanity of input parameters and initialise local variables. That
788 * is, ensure that the amount of data is not negative and that we are not
789 * expecting more to put or get than we actually asked for. */
790 TEST_ASSERT( put1 >= 0 );
791 put[0] = put1;
792 put_ret[0] = put1_ret;
793 TEST_ASSERT( put1_ret <= put1 );
794 TEST_ASSERT( put2 >= 0 );
795 put[1] = put2;
796 put_ret[1] = put2_ret;
797 TEST_ASSERT( put2_ret <= put2 );
798
799 TEST_ASSERT( get1 >= 0 );
800 get[0] = get1;
801 get_ret[0] = get1_ret;
802 TEST_ASSERT( get1_ret <= get1 );
803 TEST_ASSERT( get2 >= 0 );
804 get[1] = get2;
805 get_ret[1] = get2_ret;
806 TEST_ASSERT( get2_ret <= get2 );
807
808 input_len = 0;
809 /* Calculate actual input and output lengths */
810 for( j = 0; j < ROUNDS; j++ )
811 {
812 if( put_ret[j] > 0 )
813 {
814 input_len += put_ret[j];
815 }
816 }
817 /* In order to always have a valid pointer we always allocate at least 1
818 * byte. */
819 if( input_len == 0 )
820 input_len = 1;
821 ASSERT_ALLOC( input, input_len );
822
823 output_len = 0;
824 for( j = 0; j < ROUNDS; j++ )
825 {
826 if( get_ret[j] > 0 )
827 {
828 output_len += get_ret[j];
829 }
830 }
831 TEST_ASSERT( output_len <= input_len );
832 /* In order to always have a valid pointer we always allocate at least 1
833 * byte. */
834 if( output_len == 0 )
835 output_len = 1;
836 ASSERT_ALLOC( output, output_len );
837
838 /* Fill up the buffer with structured data so that unwanted changes
839 * can be detected */
840 for( i = 0; i < input_len; i++ )
841 {
842 input[i] = i & 0xFF;
843 }
844
845 written = read = 0;
846 for( j = 0; j < ROUNDS; j++ )
847 {
848 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
849 input + written, put[j] ) );
850 written += put_ret[j];
851 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
852 output + read, get[j] ) );
853 read += get_ret[j];
854 TEST_ASSERT( read <= written );
855 if( get_ret[j] > 0 )
856 {
857 TEST_ASSERT( memcmp( output + read - get_ret[j],
858 input + read - get_ret[j], get_ret[j] )
859 == 0 );
860 }
861 }
862
863exit:
864
865 mbedtls_free( input );
866 mbedtls_free( output );
867 mbedtls_test_buffer_free( &buf );
868}
869/* END_CASE */
870
Janos Follath031827f2019-11-27 11:12:14 +0000871/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000872 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
873 * correct and works as expected on unconnected sockets.
874 */
875
876/* BEGIN_CASE */
877void ssl_mock_sanity( )
878{
879 enum { MSGLEN = 105 };
880 unsigned char message[MSGLEN];
881 unsigned char received[MSGLEN];
882 mbedtls_mock_socket socket;
883
884 mbedtls_mock_socket_init( &socket );
885 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
886 mbedtls_mock_socket_close( &socket );
887 mbedtls_mock_socket_init( &socket );
888 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
889 mbedtls_mock_socket_close( &socket );
890
891 mbedtls_mock_socket_init( &socket );
892 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
893 mbedtls_mock_socket_close( &socket );
894 mbedtls_mock_socket_init( &socket );
895 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
896 mbedtls_mock_socket_close( &socket );
897
898exit:
899
900 mbedtls_mock_socket_close( &socket );
901}
902/* END_CASE */
903
904/*
905 * Test if the implementation of `mbedtls_mock_socket` related functions can
906 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000907 */
908
909/* BEGIN_CASE */
Janos Follath3766ba52019-11-27 13:31:42 +0000910void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern )
Janos Follath031827f2019-11-27 11:12:14 +0000911{
Janos Follathc673c2c2019-12-02 15:47:26 +0000912 enum { MSGLEN = 105 };
913 unsigned char message[MSGLEN];
914 unsigned char received[MSGLEN];
915 mbedtls_mock_socket client;
916 mbedtls_mock_socket server;
917 size_t written, read;
918 int send_ret, recv_ret;
919 mbedtls_ssl_send_t *send;
920 mbedtls_ssl_recv_t *recv;
921 uint32_t client_block = client_pattern;
922 uint32_t server_block = server_pattern;
923 unsigned i;
924
925 if( blocking == 0 )
926 {
927 send = mbedtls_mock_tcp_send_nb;
928 recv = mbedtls_mock_tcp_recv_nb;
929 }
930 else
931 {
932 send = mbedtls_mock_tcp_send_b;
933 recv = mbedtls_mock_tcp_recv_b;
934 }
935
936 mbedtls_mock_socket_init( &client );
937 mbedtls_mock_socket_init( &server );
938
939 /* Fill up the buffer with structured data so that unwanted changes
940 * can be detected */
941 for( i = 0; i < MSGLEN; i++ )
942 {
943 message[i] = i & 0xFF;
944 }
945
946 /* Make sure that sending a message takes a few iterations. */
947 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
948 MSGLEN / 5 ) );
949 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) );
950 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) );
951
952 /* Send the message to the server */
953 send_ret = recv_ret = 1;
954 written = read = 0;
955 while( send_ret != 0 || recv_ret != 0 )
956 {
957 send_ret = send( &client, message + written, MSGLEN - written );
958
959 if( ( blocking == 0 ) && ( client_block & 1 ) )
960 {
961 TEST_ASSERT( send_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
962 }
963 else
964 {
965 TEST_ASSERT( send_ret >= 0 );
966 written += send_ret;
967 }
968 client_block >>= 1;
969
970 recv_ret = recv( &server, received + read, MSGLEN - read );
971 if( ( blocking == 0 ) && ( server_block & 1 ) )
972 {
973 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
974 }
975 else
976 {
977 TEST_ASSERT( recv_ret >= 0 );
978 read += recv_ret;
979 }
980 server_block >>= 1;
981 }
982 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
983
984exit:
985
986 mbedtls_mock_socket_close( &client );
987 mbedtls_mock_socket_close( &server );
988}
989/* END_CASE */
990
991/*
992 * Test if the implementation of `mbedtls_mock_socket` related functions can
993 * send messages in both direction at the same time (with the I/O calls
994 * interleaving).
995 */
996
997/* BEGIN_CASE */
998void ssl_mock_tcp_interleaving( int blocking,
999 int client_pattern, int server_pattern )
1000{
Janos Follath031827f2019-11-27 11:12:14 +00001001 enum { ROUNDS = 2 };
1002 enum { MSGLEN = 105 };
1003 unsigned char message[ROUNDS][MSGLEN];
1004 unsigned char received[ROUNDS][MSGLEN];
1005 mbedtls_mock_socket client;
1006 mbedtls_mock_socket server;
1007 size_t written[ROUNDS];
1008 size_t read[ROUNDS];
1009 int send_ret[ROUNDS];
1010 int recv_ret[ROUNDS];
1011 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +00001012 mbedtls_ssl_send_t *send;
1013 mbedtls_ssl_recv_t *recv;
1014 uint32_t client_block = client_pattern;
1015 uint32_t server_block = server_pattern;
1016
1017 if( blocking == 0 )
1018 {
1019 send = mbedtls_mock_tcp_send_nb;
1020 recv = mbedtls_mock_tcp_recv_nb;
1021 }
1022 else
1023 {
1024 send = mbedtls_mock_tcp_send_b;
1025 recv = mbedtls_mock_tcp_recv_b;
1026 }
Janos Follath031827f2019-11-27 11:12:14 +00001027
1028 mbedtls_mock_socket_init( &client );
1029 mbedtls_mock_socket_init( &server );
1030
1031 /* Fill up the buffers with structured data so that unwanted changes
1032 * can be detected */
1033 for( i = 0; i < ROUNDS; i++ )
1034 {
1035 for( j = 0; j < MSGLEN; j++ )
1036 {
1037 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1038 }
1039 }
1040
Janos Follath031827f2019-11-27 11:12:14 +00001041 /* Make sure that sending a message takes a few iterations. */
1042 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1043 MSGLEN / 5 ) );
Janos Follath3766ba52019-11-27 13:31:42 +00001044 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) );
1045 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) );
Janos Follath031827f2019-11-27 11:12:14 +00001046
Janos Follath031827f2019-11-27 11:12:14 +00001047 /* Send the message from both sides, interleaving. */
1048 progress = 1;
1049 for( i = 0; i < ROUNDS; i++ )
1050 {
1051 written[i] = 0;
1052 read[i] = 0;
1053 }
1054 /* This loop does not stop as long as there was a successful write or read
1055 * of at least one byte on either side. */
1056 while( progress != 0 )
1057 {
Janos Follath3766ba52019-11-27 13:31:42 +00001058 send_ret[0] = send( &client, message[0] + written[0],
Janos Follath031827f2019-11-27 11:12:14 +00001059 MSGLEN - written[0] );
Janos Follath3766ba52019-11-27 13:31:42 +00001060 if( ( blocking == 0 ) && ( client_block & 1 ) )
1061 {
1062 TEST_ASSERT( send_ret[0] == MBEDTLS_ERR_SSL_WANT_WRITE );
1063 }
1064 else
1065 {
1066 TEST_ASSERT( send_ret[0] >= 0 );
1067 written[0] += send_ret[0];
1068 }
1069 client_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +00001070
Janos Follath3766ba52019-11-27 13:31:42 +00001071 send_ret[1] = send( &server, message[1] + written[1],
Janos Follath031827f2019-11-27 11:12:14 +00001072 MSGLEN - written[1] );
Janos Follath3766ba52019-11-27 13:31:42 +00001073 if( ( blocking == 0 ) && ( server_block & 1 ) )
1074 {
1075 TEST_ASSERT( send_ret[1] == MBEDTLS_ERR_SSL_WANT_WRITE );
1076 }
1077 else
1078 {
1079 TEST_ASSERT( send_ret[1] >= 0 );
1080 written[1] += send_ret[1];
1081 }
1082 server_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +00001083
Janos Follath3766ba52019-11-27 13:31:42 +00001084 recv_ret[0] = recv( &server, received[0] + read[0],
Janos Follath031827f2019-11-27 11:12:14 +00001085 MSGLEN - read[0] );
Janos Follath3766ba52019-11-27 13:31:42 +00001086 if( ( blocking == 0 ) && ( server_block & 1 ) )
1087 {
1088 TEST_ASSERT( recv_ret[0] == MBEDTLS_ERR_SSL_WANT_READ );
1089 }
1090 else
1091 {
1092 TEST_ASSERT( recv_ret[0] >= 0 );
1093 read[0] += recv_ret[0];
1094 }
1095 server_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +00001096
Janos Follath3766ba52019-11-27 13:31:42 +00001097 recv_ret[1] = recv( &client, received[1] + read[1],
Janos Follath031827f2019-11-27 11:12:14 +00001098 MSGLEN - read[1] );
Janos Follath3766ba52019-11-27 13:31:42 +00001099 if( ( blocking == 0 ) && ( client_block & 1 ) )
1100 {
1101 TEST_ASSERT( recv_ret[1] == MBEDTLS_ERR_SSL_WANT_READ );
1102 }
1103 else
1104 {
1105 TEST_ASSERT( recv_ret[1] >= 0 );
1106 read[1] += recv_ret[1];
1107 }
1108 client_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +00001109
1110 progress = 0;
1111 for( i = 0; i < ROUNDS; i++ )
1112 {
Janos Follath3766ba52019-11-27 13:31:42 +00001113 if( ( send_ret[i] > 0 ) ||
1114 ( send_ret[i] == MBEDTLS_ERR_SSL_WANT_WRITE ) )
1115 {
Janos Follath031827f2019-11-27 11:12:14 +00001116 progress++;
Janos Follath3766ba52019-11-27 13:31:42 +00001117 }
Janos Follath031827f2019-11-27 11:12:14 +00001118
Janos Follath3766ba52019-11-27 13:31:42 +00001119 if( ( recv_ret[i] > 0 ) ||
1120 ( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ ) )
1121 {
Janos Follath031827f2019-11-27 11:12:14 +00001122 progress++;
Janos Follath3766ba52019-11-27 13:31:42 +00001123 }
Janos Follath031827f2019-11-27 11:12:14 +00001124 }
1125 }
1126
1127 for( i = 0; i < ROUNDS; i++ )
1128 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1129
1130exit:
1131
1132 mbedtls_mock_socket_close( &client );
1133 mbedtls_mock_socket_close( &server );
1134}
1135/* END_CASE */
1136
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001137/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +01001138void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001139{
Azim Khand30ca132017-06-09 04:32:58 +01001140 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001141 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02001142 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001143
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +02001144 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02001145 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +02001146
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +02001147 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
1148 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +02001149 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
1150 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02001151 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001152
1153 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +01001154 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001155 {
Azim Khand30ca132017-06-09 04:32:58 +01001156 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001157 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001158 }
1159
1160 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +01001161 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001162 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001163
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001164 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02001165 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001166}
1167/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +01001168
1169/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
1170void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
1171{
1172 mbedtls_ssl_context ssl;
1173 mbedtls_ssl_init( &ssl );
1174
1175 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
1176 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
1177
1178 mbedtls_ssl_free( &ssl );
1179}
Darryl Green11999bb2018-03-13 15:22:58 +00001180/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +00001181
1182/* BEGIN_CASE */
1183void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01001184 int etm, int tag_mode, int ver,
1185 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +00001186{
1187 /*
1188 * Test several record encryptions and decryptions
1189 * with plenty of space before and after the data
1190 * within the record buffer.
1191 */
1192
1193 int ret;
1194 int num_records = 16;
1195 mbedtls_ssl_context ssl; /* ONLY for debugging */
1196
1197 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +00001198 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +00001199 size_t const buflen = 512;
1200 mbedtls_record rec, rec_backup;
1201
1202 mbedtls_ssl_init( &ssl );
1203 mbedtls_ssl_transform_init( &t0 );
1204 mbedtls_ssl_transform_init( &t1 );
1205 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01001206 etm, tag_mode, ver,
1207 (size_t) cid0_len,
1208 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +00001209
Hanno Becker3ee54212019-04-04 16:31:26 +01001210 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +00001211
1212 while( num_records-- > 0 )
1213 {
1214 mbedtls_ssl_transform *t_dec, *t_enc;
1215 /* Take turns in who's sending and who's receiving. */
1216 if( num_records % 3 == 0 )
1217 {
1218 t_dec = &t0;
1219 t_enc = &t1;
1220 }
1221 else
1222 {
1223 t_dec = &t1;
1224 t_enc = &t0;
1225 }
1226
1227 /*
1228 * The record header affects the transformation in two ways:
1229 * 1) It determines the AEAD additional data
1230 * 2) The record counter sometimes determines the IV.
1231 *
1232 * Apart from that, the fields don't have influence.
1233 * In particular, it is currently not the responsibility
1234 * of ssl_encrypt/decrypt_buf to check if the transform
1235 * version matches the record version, or that the
1236 * type is sensible.
1237 */
1238
1239 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
1240 rec.type = 42;
1241 rec.ver[0] = num_records;
1242 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +01001243#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +01001244 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +01001245#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +00001246
1247 rec.buf = buf;
1248 rec.buf_len = buflen;
1249 rec.data_offset = 16;
1250 /* Make sure to vary the length to exercise different
1251 * paddings. */
1252 rec.data_len = 1 + num_records;
1253
1254 memset( rec.buf + rec.data_offset, 42, rec.data_len );
1255
1256 /* Make a copy for later comparison */
1257 rec_backup = rec;
1258
1259 /* Encrypt record */
1260 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
1261 rnd_std_rand, NULL );
1262 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1263 if( ret != 0 )
1264 {
1265 continue;
1266 }
1267
1268 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +01001269 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
1270 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +00001271
1272 /* Compare results */
1273 TEST_ASSERT( rec.type == rec_backup.type );
1274 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
1275 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
1276 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
1277 TEST_ASSERT( rec.data_len == rec_backup.data_len );
1278 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
1279 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
1280 rec_backup.buf + rec_backup.data_offset,
1281 rec.data_len ) == 0 );
1282 }
1283
Hanno Becker81e16a32019-03-01 11:21:44 +00001284exit:
1285
Hanno Beckera18d1322018-01-03 14:27:32 +00001286 /* Cleanup */
1287 mbedtls_ssl_free( &ssl );
1288 mbedtls_ssl_transform_free( &t0 );
1289 mbedtls_ssl_transform_free( &t1 );
1290
Hanno Becker3ee54212019-04-04 16:31:26 +01001291 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +00001292}
1293/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +00001294
1295/* BEGIN_CASE */
1296void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01001297 int etm, int tag_mode, int ver,
1298 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +00001299{
1300 /*
1301 * Test pairs of encryption and decryption with an increasing
1302 * amount of space in the record buffer - in more detail:
1303 * 1) Try to encrypt with 0, 1, 2, ... bytes available
1304 * in front of the plaintext, and expect the encryption
1305 * to succeed starting from some offset. Always keep
1306 * enough space in the end of the buffer.
1307 * 2) Try to encrypt with 0, 1, 2, ... bytes available
1308 * at the end of the plaintext, and expect the encryption
1309 * to succeed starting from some offset. Always keep
1310 * enough space at the beginning of the buffer.
1311 * 3) Try to encrypt with 0, 1, 2, ... bytes available
1312 * both at the front and end of the plaintext,
1313 * and expect the encryption to succeed starting from
1314 * some offset.
1315 *
1316 * If encryption succeeds, check that decryption succeeds
1317 * and yields the original record.
1318 */
1319
1320 mbedtls_ssl_context ssl; /* ONLY for debugging */
1321
1322 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +00001323 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +01001324 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +00001325 mbedtls_record rec, rec_backup;
1326
1327 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +01001328 int mode; /* Mode 1, 2 or 3 as explained above */
1329 size_t offset; /* Available space at beginning/end/both */
1330 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +00001331
Hanno Beckerd856c822019-04-29 17:30:59 +01001332 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
1333 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +00001334
1335 int seen_success; /* Indicates if in the current mode we've
1336 * already seen a successful test. */
1337
1338 mbedtls_ssl_init( &ssl );
1339 mbedtls_ssl_transform_init( &t0 );
1340 mbedtls_ssl_transform_init( &t1 );
1341 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01001342 etm, tag_mode, ver,
1343 (size_t) cid0_len,
1344 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +00001345
Hanno Becker3ee54212019-04-04 16:31:26 +01001346 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +00001347
1348 for( mode=1; mode <= 3; mode++ )
1349 {
1350 seen_success = 0;
1351 for( offset=0; offset <= threshold; offset++ )
1352 {
1353 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +01001354 t_dec = &t0;
1355 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +00001356
1357 memset( rec.ctr, offset, sizeof( rec.ctr ) );
1358 rec.type = 42;
1359 rec.ver[0] = offset;
1360 rec.ver[1] = offset;
1361 rec.buf = buf;
1362 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +01001363#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +01001364 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +01001365#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +00001366
1367 switch( mode )
1368 {
1369 case 1: /* Space in the beginning */
1370 rec.data_offset = offset;
1371 rec.data_len = buflen - offset - default_post_padding;
1372 break;
1373
1374 case 2: /* Space in the end */
1375 rec.data_offset = default_pre_padding;
1376 rec.data_len = buflen - default_pre_padding - offset;
1377 break;
1378
1379 case 3: /* Space in the beginning and end */
1380 rec.data_offset = offset;
1381 rec.data_len = buflen - 2 * offset;
1382 break;
1383
1384 default:
1385 TEST_ASSERT( 0 );
1386 break;
1387 }
1388
1389 memset( rec.buf + rec.data_offset, 42, rec.data_len );
1390
1391 /* Make a copy for later comparison */
1392 rec_backup = rec;
1393
1394 /* Encrypt record */
1395 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
1396
1397 if( ( mode == 1 || mode == 2 ) && seen_success )
1398 {
1399 TEST_ASSERT( ret == 0 );
1400 }
1401 else
1402 {
1403 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1404 if( ret == 0 )
1405 seen_success = 1;
1406 }
1407
1408 if( ret != 0 )
1409 continue;
1410
1411 /* Decrypt record with t_dec */
1412 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
1413
1414 /* Compare results */
1415 TEST_ASSERT( rec.type == rec_backup.type );
1416 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
1417 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
1418 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
1419 TEST_ASSERT( rec.data_len == rec_backup.data_len );
1420 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
1421 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
1422 rec_backup.buf + rec_backup.data_offset,
1423 rec.data_len ) == 0 );
1424 }
1425
1426 TEST_ASSERT( seen_success == 1 );
1427 }
1428
Hanno Becker81e16a32019-03-01 11:21:44 +00001429exit:
1430
Hanno Beckerb3268da2018-01-05 15:20:24 +00001431 /* Cleanup */
1432 mbedtls_ssl_free( &ssl );
1433 mbedtls_ssl_transform_free( &t0 );
1434 mbedtls_ssl_transform_free( &t1 );
1435
Hanno Becker3ee54212019-04-04 16:31:26 +01001436 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +00001437}
1438/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +03001439
1440/* BEGIN_CASE */
1441void ssl_tls_prf( int type, data_t * secret, data_t * random,
1442 char *label, data_t *result_hex_str, int exp_ret )
1443{
1444 unsigned char *output;
1445
1446 output = mbedtls_calloc( 1, result_hex_str->len );
1447 if( output == NULL )
1448 goto exit;
1449
Ron Eldor6b9b1b82019-05-15 17:04:33 +03001450#if defined(MBEDTLS_USE_PSA_CRYPTO)
1451 TEST_ASSERT( psa_crypto_init() == 0 );
1452#endif
1453
Ron Eldor824ad7b2019-05-13 14:09:00 +03001454 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
1455 label, random->x, random->len,
1456 output, result_hex_str->len ) == exp_ret );
1457
1458 if( exp_ret == 0 )
1459 {
1460 TEST_ASSERT( hexcmp( output, result_hex_str->x,
1461 result_hex_str->len, result_hex_str->len ) == 0 );
1462 }
1463exit:
1464
1465 mbedtls_free( output );
1466}
1467/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001468
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02001469/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001470void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02001471{
1472 mbedtls_ssl_session original, restored;
1473 unsigned char *buf = NULL;
1474 size_t len;
1475
1476 /*
1477 * Test that a save-load pair is the identity
1478 */
1479
1480 mbedtls_ssl_session_init( &original );
1481 mbedtls_ssl_session_init( &restored );
1482
1483 /* Prepare a dummy session to work on */
1484 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
1485
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001486 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02001487 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
1488 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1489 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
1490 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
1491 == 0 );
1492
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001493 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02001494 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
1495
1496 /*
1497 * Make sure both session structures are identical
1498 */
1499#if defined(MBEDTLS_HAVE_TIME)
1500 TEST_ASSERT( original.start == restored.start );
1501#endif
1502 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
1503 TEST_ASSERT( original.compression == restored.compression );
1504 TEST_ASSERT( original.id_len == restored.id_len );
1505 TEST_ASSERT( memcmp( original.id,
1506 restored.id, sizeof( original.id ) ) == 0 );
1507 TEST_ASSERT( memcmp( original.master,
1508 restored.master, sizeof( original.master ) ) == 0 );
1509
1510#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001511#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02001512 TEST_ASSERT( ( original.peer_cert == NULL ) ==
1513 ( restored.peer_cert == NULL ) );
1514 if( original.peer_cert != NULL )
1515 {
1516 TEST_ASSERT( original.peer_cert->raw.len ==
1517 restored.peer_cert->raw.len );
1518 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
1519 restored.peer_cert->raw.p,
1520 original.peer_cert->raw.len ) == 0 );
1521 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001522#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1523 TEST_ASSERT( original.peer_cert_digest_type ==
1524 restored.peer_cert_digest_type );
1525 TEST_ASSERT( original.peer_cert_digest_len ==
1526 restored.peer_cert_digest_len );
1527 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
1528 ( restored.peer_cert_digest == NULL ) );
1529 if( original.peer_cert_digest != NULL )
1530 {
1531 TEST_ASSERT( memcmp( original.peer_cert_digest,
1532 restored.peer_cert_digest,
1533 original.peer_cert_digest_len ) == 0 );
1534 }
1535#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1536#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02001537 TEST_ASSERT( original.verify_result == restored.verify_result );
1538
1539#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1540 TEST_ASSERT( original.ticket_len == restored.ticket_len );
1541 if( original.ticket_len != 0 )
1542 {
1543 TEST_ASSERT( original.ticket != NULL );
1544 TEST_ASSERT( restored.ticket != NULL );
1545 TEST_ASSERT( memcmp( original.ticket,
1546 restored.ticket, original.ticket_len ) == 0 );
1547 }
1548 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
1549#endif
1550
1551#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1552 TEST_ASSERT( original.mfl_code == restored.mfl_code );
1553#endif
1554
1555#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1556 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
1557#endif
1558
1559#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1560 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
1561#endif
1562
1563exit:
1564 mbedtls_ssl_session_free( &original );
1565 mbedtls_ssl_session_free( &restored );
1566 mbedtls_free( buf );
1567}
1568/* END_CASE */
1569
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +02001570/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001571void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001572{
1573 mbedtls_ssl_session session;
1574 unsigned char *buf1 = NULL, *buf2 = NULL;
1575 size_t len0, len1, len2;
1576
1577 /*
1578 * Test that a load-save pair is the identity
1579 */
1580
1581 mbedtls_ssl_session_init( &session );
1582
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001583 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02001584 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001585
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001586 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001587 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
1588 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1589
1590 /* Allocate first buffer */
1591 buf1 = mbedtls_calloc( 1, len0 );
1592 TEST_ASSERT( buf1 != NULL );
1593
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001594 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001595 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
1596 == 0 );
1597 TEST_ASSERT( len0 == len1 );
1598 mbedtls_ssl_session_free( &session );
1599
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001600 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +02001601 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001602
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001603 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001604 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +02001605 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001606 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
1607 == 0 );
1608
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001609 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02001610 TEST_ASSERT( len1 == len2 );
1611 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
1612
1613exit:
1614 mbedtls_ssl_session_free( &session );
1615 mbedtls_free( buf1 );
1616 mbedtls_free( buf2 );
1617}
1618/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +02001619
1620/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001621void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +02001622{
1623 mbedtls_ssl_session session;
1624 unsigned char *buf = NULL;
1625 size_t good_len, bad_len, test_len;
1626
1627 /*
1628 * Test that session_save() fails cleanly on small buffers
1629 */
1630
1631 mbedtls_ssl_session_init( &session );
1632
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001633 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02001634 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +02001635 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1636 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1637
1638 /* Try all possible bad lengths */
1639 for( bad_len = 1; bad_len < good_len; bad_len++ )
1640 {
1641 /* Allocate exact size so that asan/valgrind can detect any overwrite */
1642 mbedtls_free( buf );
1643 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
1644 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
1645 &test_len )
1646 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1647 TEST_ASSERT( test_len == good_len );
1648 }
1649
1650exit:
1651 mbedtls_ssl_session_free( &session );
1652 mbedtls_free( buf );
1653}
1654/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +02001655
1656/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001657void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +02001658{
1659 mbedtls_ssl_session session;
1660 unsigned char *good_buf = NULL, *bad_buf = NULL;
1661 size_t good_len, bad_len;
1662
1663 /*
1664 * Test that session_load() fails cleanly on small buffers
1665 */
1666
1667 mbedtls_ssl_session_init( &session );
1668
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001669 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02001670 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +02001671 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1672 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1673 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
1674 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
1675 &good_len ) == 0 );
1676 mbedtls_ssl_session_free( &session );
1677
1678 /* Try all possible bad lengths */
1679 for( bad_len = 0; bad_len < good_len; bad_len++ )
1680 {
1681 /* Allocate exact size so that asan/valgrind can detect any overread */
1682 mbedtls_free( bad_buf );
1683 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
1684 TEST_ASSERT( bad_buf != NULL );
1685 memcpy( bad_buf, good_buf, bad_len );
1686
1687 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
1688 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1689 }
1690
1691exit:
1692 mbedtls_ssl_session_free( &session );
1693 mbedtls_free( good_buf );
1694 mbedtls_free( bad_buf );
1695}
1696/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +01001697
Hanno Becker363b6462019-05-29 12:44:28 +01001698/* BEGIN_CASE */
1699void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +01001700 int corrupt_minor,
1701 int corrupt_patch,
1702 int corrupt_config )
1703{
Hanno Becker363b6462019-05-29 12:44:28 +01001704 unsigned char serialized_session[ 2048 ];
1705 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001706 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +01001707 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001708 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
1709 corrupt_minor == 1,
1710 corrupt_patch == 1,
1711 corrupt_config == 1,
1712 corrupt_config == 1 };
1713
Hanno Becker861d0bb2019-05-21 16:39:30 +01001714 mbedtls_ssl_session_init( &session );
1715
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001716 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +01001717 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +01001718 serialized_session,
1719 sizeof( serialized_session ),
1720 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +01001721
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001722 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +01001723
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001724 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +01001725 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +01001726 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +01001727 serialized_session,
1728 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +01001729 mbedtls_ssl_session_free( &session );
1730
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001731 /* Go through the bytes in the serialized session header and
1732 * corrupt them bit-by-bit. */
1733 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +01001734 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001735 int cur_bit;
1736 unsigned char * const byte = &serialized_session[ cur_byte ];
1737
1738 if( should_corrupt_byte[ cur_byte ] == 0 )
1739 continue;
1740
1741 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
1742 {
1743 unsigned char const corrupted_bit = 0x1u << cur_bit;
1744 /* Modify a single bit in the serialized session. */
1745 *byte ^= corrupted_bit;
1746
1747 /* Attempt to deserialize */
1748 TEST_ASSERT( mbedtls_ssl_session_load( &session,
1749 serialized_session,
1750 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +01001751 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +01001752
1753 /* Undo the change */
1754 *byte ^= corrupted_bit;
1755 }
Hanno Becker861d0bb2019-05-21 16:39:30 +01001756 }
1757
Hanno Becker861d0bb2019-05-21 16:39:30 +01001758}
1759/* END_CASE */