TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 15daf50b05fddceae6b923a1b763fc6148774f69 / . / tests / suites / test_suite_ssl.function
blob: 6529bbe9ed41ca27fba10c96a7dd4c04ec79853f [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
6#include <mbedtls/certs.h>
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]7
8/*
9 * Buffer structure for custom I/O callbacks.
10 */
11
12typedef struct mbedtls_test_buffer
13{
14 size_t start;
15 size_t content_length;
16 size_t capacity;
17 unsigned char *buffer;
18} mbedtls_test_buffer;
19
20/*
21 * Initialises \p buf. After calling this function it is safe to call
22 * `mbedtls_test_buffer_free()` on \p buf.
23 */
24void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
25{
26 memset( buf, 0, sizeof( *buf ) );
27}
28
29/*
30 * Sets up \p buf. After calling this function it is safe to call
31 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
32 */
33int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
34{
35 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
36 sizeof(unsigned char) );
37 if( NULL == buf->buffer )
38 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
39 buf->capacity = capacity;
40
41 return 0;
42}
43
44void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
45{
46 if( buf->buffer != NULL )
47 mbedtls_free( buf->buffer );
48
49 memset( buf, 0, sizeof( *buf ) );
50}
51
52/*
53 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
54 *
55 * \p buf must have been initialized and set up by calling
56 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
57 *
58 * \retval \p input_len, if the data fits.
59 * \retval 0 <= value < \p input_len, if the data does not fit.
60 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
61 * zero and \p input is NULL.
62 */
63int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]64 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]65{
66 size_t overflow = 0;
67
68 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
69 return -1;
70
71 /* Reduce input_len to a number that fits in the buffer. */
72 if ( ( buf->content_length + input_len ) > buf->capacity )
73 {
74 input_len = buf->capacity - buf->content_length;
75 }
76
77 if( input == NULL )
78 {
79 return ( input_len == 0 ) ? 0 : -1;
80 }
81
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]82 /* Check if the buffer has not come full circle and free space is not in
83 * the middle */
84 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]85 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]86
87 /* Calculate the number of bytes that need to be placed at lower memory
88 * address */
89 if( buf->start + buf->content_length + input_len
90 > buf->capacity )
91 {
92 overflow = ( buf->start + buf->content_length + input_len )
93 % buf->capacity;
94 }
95
96 memcpy( buf->buffer + buf->start + buf->content_length, input,
97 input_len - overflow );
98 memcpy( buf->buffer, input + input_len - overflow, overflow );
99
100 }
101 else
102 {
103 /* The buffer has come full circle and free space is in the middle */
104 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
105 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]106 }
107
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]108 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]109 return input_len;
110}
111
112/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]113 * Gets \p output_len bytes from the ring buffer \p buf into the
114 * \p output buffer. The output buffer can be NULL, in this case a part of the
115 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]116 *
117 * \p buf must have been initialized and set up by calling
118 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
119 *
120 * \retval \p output_len, if the data is available.
121 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]122 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]123 */
124int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
125 unsigned char* output, size_t output_len )
126{
127 size_t overflow = 0;
128
129 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
130 return -1;
131
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]132 if( output == NULL && output_len == 0 )
133 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]134
135 if( buf->content_length < output_len )
136 output_len = buf->content_length;
137
138 /* Calculate the number of bytes that need to be drawn from lower memory
139 * address */
140 if( buf->start + output_len > buf->capacity )
141 {
142 overflow = ( buf->start + output_len ) % buf->capacity;
143 }
144
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]145 if( output != NULL )
146 {
147 memcpy( output, buf->buffer + buf->start, output_len - overflow );
148 memcpy( output + output_len - overflow, buf->buffer, overflow );
149 }
150
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]151 buf->content_length -= output_len;
152 buf->start = ( buf->start + output_len ) % buf->capacity;
153
154 return output_len;
155}
156
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]157/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]158 * Errors used in the message transport mock tests
159 */
160 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]161 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
162
163/*
164 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
165 */
166typedef struct mbedtls_test_message_queue
167{
168 size_t *messages;
169 int pos;
170 int num;
171 int capacity;
172} mbedtls_test_message_queue;
173
174/*
175 * Setup and free functions for the message metadata queue.
176 *
177 * \p capacity describes the number of message metadata chunks that can be held
178 * within the queue.
179 *
180 * \retval 0, if a metadata queue of a given length can be allocated.
181 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
182 */
183int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
184 size_t capacity )
185{
186 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
187 if( NULL == queue->messages )
188 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
189
190 queue->capacity = capacity;
191 queue->pos = 0;
192 queue->num = 0;
193
194 return 0;
195}
196
197void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
198{
199 if( queue == NULL )
200 return;
201
202 if( queue->messages != NULL )
203 mbedtls_free( queue->messages );
204
205 memset( queue, 0, sizeof( *queue ) );
206}
207
208/*
209 * Push message length information onto the message metadata queue.
210 * This will become the last element to leave it (fifo).
211 *
212 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]213 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]214 * \retval \p len, if the push was successful.
215 */
216int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
217 size_t len )
218{
219 int place;
220 if( queue == NULL )
221 return MBEDTLS_TEST_ERROR_ARG_NULL;
222
223 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]224 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]225
226 place = ( queue->pos + queue->num ) % queue->capacity;
227 queue->messages[place] = len;
228 queue->num++;
229 return len;
230}
231
232/*
233 * Pop information about the next message length from the queue. This will be
234 * the oldest inserted message length(fifo). \p msg_len can be null, in which
235 * case the data will be popped from the queue but not copied anywhere.
236 *
237 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]238 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]239 * \retval message length, if the pop was successful, up to the given
240 \p buf_len.
241 */
242int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
243 size_t buf_len )
244{
245 size_t message_length;
246 if( queue == NULL )
247 return MBEDTLS_TEST_ERROR_ARG_NULL;
248 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]249 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]250
251 message_length = queue->messages[queue->pos];
252 queue->messages[queue->pos] = 0;
253 queue->num--;
254 queue->pos++;
255 queue->pos %= queue->capacity;
256 if( queue->pos < 0 )
257 queue->pos += queue->capacity;
258
259 return ( message_length > buf_len ) ? buf_len : message_length;
260}
261
262/*
263 * Take a peek on the info about the next message length from the queue.
264 * This will be the oldest inserted message length(fifo).
265 *
266 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]267 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]268 * \retval 0, if the peek was successful.
269 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
270 * too small to fit the message. In this case the \p msg_len will be
271 * set to the full message length so that the
272 * caller knows what portion of the message can be dropped.
273 */
274int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
275 size_t buf_len, size_t* msg_len )
276{
277 if( queue == NULL || msg_len == NULL )
278 return MBEDTLS_TEST_ERROR_ARG_NULL;
279 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]280 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]281
282 *msg_len = queue->messages[queue->pos];
283 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
284}
285/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]286 * Context for the I/O callbacks simulating network connection.
287 */
288
289#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
290
291typedef struct mbedtls_mock_socket
292{
293 int status;
294 mbedtls_test_buffer *input;
295 mbedtls_test_buffer *output;
296 struct mbedtls_mock_socket *peer;
297} mbedtls_mock_socket;
298
299/*
300 * Setup and teardown functions for mock sockets.
301 */
302void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
303{
304 memset( socket, 0, sizeof( *socket ) );
305}
306
307/*
308 * Closes the socket \p socket.
309 *
310 * \p socket must have been previously initialized by calling
311 * mbedtls_mock_socket_init().
312 *
313 * This function frees all allocated resources and both sockets are aware of the
314 * new connection state.
315 *
316 * That is, this function does not simulate half-open TCP connections and the
317 * phenomenon that when closing a UDP connection the peer is not aware of the
318 * connection having been closed.
319 */
320void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
321{
322 if( socket == NULL )
323 return;
324
325 if( socket->input != NULL )
326 {
327 mbedtls_test_buffer_free( socket->input );
328 mbedtls_free( socket->input );
329 }
330
331 if( socket->output != NULL )
332 {
333 mbedtls_test_buffer_free( socket->output );
334 mbedtls_free( socket->output );
335 }
336
337 if( socket->peer != NULL )
338 memset( socket->peer, 0, sizeof( *socket->peer ) );
339
340 memset( socket, 0, sizeof( *socket ) );
341}
342
343/*
344 * Establishes a connection between \p peer1 and \p peer2.
345 *
346 * \p peer1 and \p peer2 must have been previously initialized by calling
347 * mbedtls_mock_socket_init().
348 *
349 * The capacites of the internal buffers are set to \p bufsize. Setting this to
350 * the correct value allows for simulation of MTU, sanity testing the mock
351 * implementation and mocking TCP connections with lower memory cost.
352 */
353int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
354 mbedtls_mock_socket* peer2,
355 size_t bufsize )
356{
357 int ret = -1;
358
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]359 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]360 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
361 if( peer1->output == NULL )
362 {
363 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
364 goto exit;
365 }
366 mbedtls_test_buffer_init( peer1->output );
367 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
368 {
369 goto exit;
370 }
371
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]372 peer2->output =
373 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
374 if( peer2->output == NULL )
375 {
376 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
377 goto exit;
378 }
379 mbedtls_test_buffer_init( peer2->output );
380 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
381 {
382 goto exit;
383 }
384
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]385 peer1->peer = peer2;
386 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]387 peer1->input = peer2->output;
388 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]389
390 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
391 ret = 0;
392
393exit:
394
395 if( ret != 0 )
396 {
397 mbedtls_mock_socket_close( peer1 );
398 mbedtls_mock_socket_close( peer2 );
399 }
400
401 return ret;
402}
403
404/*
405 * Callbacks for simulating blocking I/O over connection-oriented transport.
406 */
407
408int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
409{
410 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
411
412 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
413 return -1;
414
415 return mbedtls_test_buffer_put( socket->output, buf, len );
416}
417
418int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
419{
420 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
421
422 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
423 return -1;
424
425 return mbedtls_test_buffer_get( socket->input, buf, len );
426}
427
428/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]429 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
430 */
431
432int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
433{
434 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
435
436 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
437 return -1;
438
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]439 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]440 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]441 return MBEDTLS_ERR_SSL_WANT_WRITE;
442 }
443
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]444 return mbedtls_test_buffer_put( socket->output, buf, len );
445}
446
447int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
448{
449 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
450
451 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
452 return -1;
453
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]454 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]455 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]456 return MBEDTLS_ERR_SSL_WANT_READ;
457 }
458
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]459 return mbedtls_test_buffer_get( socket->input, buf, len );
460}
461
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]462/* Errors used in the message socket mocks */
463
464#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
465#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
466#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
467
468/*
469 * Structure used as an addon, or a wrapper, around the mocked sockets.
470 * Contains an input queue, to which the other socket pushes metadata,
471 * and an output queue, to which this one pushes metadata. This context is
472 * considered as an owner of the input queue only, which is initialized and
473 * freed in the respective setup and free calls.
474 */
475typedef struct mbedtls_test_message_socket_context
476{
477 mbedtls_test_message_queue* queue_input;
478 mbedtls_test_message_queue* queue_output;
479 mbedtls_mock_socket* socket;
480} mbedtls_test_message_socket_context;
481
482/*
483 * Setup a given mesasge socket context including initialization of
484 * input/output queues to a chosen capacity of messages. Also set the
485 * corresponding mock socket.
486 *
487 * \retval 0, if everything succeeds.
488 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
489 * queue failed.
490 */
491int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
492 mbedtls_test_message_queue* queue_output,
493 size_t queue_capacity,
494 mbedtls_mock_socket* socket,
495 mbedtls_test_message_socket_context* ctx )
496{
497 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
498 if( ret != 0 )
499 return ret;
500 ctx->queue_input = queue_input;
501 ctx->queue_output = queue_output;
502 ctx->socket = socket;
503 mbedtls_mock_socket_init( socket );
504
505 return 0;
506}
507
508/*
509 * Close a given message socket context, along with the socket itself. Free the
510 * memory allocated by the input queue.
511 */
512void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
513{
514 if( ctx == NULL )
515 return;
516
517 mbedtls_test_message_queue_free( ctx->queue_input );
518 mbedtls_mock_socket_close( ctx->socket );
519 memset( ctx, 0, sizeof( *ctx ) );
520}
521
522/*
523 * Send one message through a given message socket context.
524 *
525 * \retval \p len, if everything succeeds.
526 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
527 * elements or the context itself is null.
528 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]529 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]530 *
531 * This function will also return any error from
532 * mbedtls_test_message_queue_push_info.
533 */
534int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
535{
536 mbedtls_test_message_queue* queue;
537 mbedtls_mock_socket* socket;
538 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
539
540 if( context == NULL || context->socket == NULL
541 || context->queue_output == NULL )
542 {
543 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
544 }
545
546 queue = context->queue_output;
547 socket = context->socket;
548
549 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]550 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]551
552 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
553 return MBEDTLS_TEST_ERROR_SEND_FAILED;
554
555 return mbedtls_test_message_queue_push_info( queue, len );
556}
557
558/*
559 * Receive one message from a given message socket context and return message
560 * length or an error.
561 *
562 * \retval message length, if everything succeeds.
563 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
564 * elements or the context itself is null.
565 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
566 *
567 * This function will also return any error other than
568 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
569 */
570int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
571{
572 mbedtls_test_message_queue* queue;
573 mbedtls_mock_socket* socket;
574 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
575 size_t drop_len;
576 size_t msg_len;
577 int ret;
578
579 if( context == NULL || context->socket == NULL
580 || context->queue_input == NULL )
581 {
582 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
583 }
584
585 queue = context->queue_input;
586 socket = context->socket;
587
588 /* Peek first, so that in case of a socket error the data remains in
589 * the queue. */
590 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
591 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
592 {
593 /* Calculate how much to drop */
594 drop_len = msg_len - buf_len;
595
596 /* Set the requested message len to be buffer length */
597 msg_len = buf_len;
598 } else if( ret != 0 )
599 {
600 return ret;
601 }
602
603 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
604 return MBEDTLS_TEST_ERROR_RECV_FAILED;
605
606 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
607 {
608 /* Drop the remaining part of the message */
609 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
610 {
611 /* Inconsistent state - part of the message was read,
612 * and a part couldn't. Not much we can do here, but it should not
613 * happen in test environment, unless forced manually. */
614 }
615 }
616 mbedtls_test_message_queue_pop_info( queue, buf_len );
617
618 return msg_len;
619}
620
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]621#if defined(MBEDTLS_X509_CRT_PARSE_C)
622
623/*
624 * Structure with endpoint's certificates for SSL communication tests.
625 */
626typedef struct mbedtls_endpoint_certificate
627{
628 mbedtls_x509_crt ca_cert;
629 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]630 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]631} mbedtls_endpoint_certificate;
632
633/*
634 * Endpoint structure for SSL communication tests.
635 */
636typedef struct mbedtls_endpoint
637{
638 const char *name;
639 mbedtls_ssl_context ssl;
640 mbedtls_ssl_config conf;
641 mbedtls_ctr_drbg_context ctr_drbg;
642 mbedtls_entropy_context entropy;
643 mbedtls_mock_socket socket;
644 mbedtls_endpoint_certificate cert;
645} mbedtls_endpoint;
646
647/*
648 * Initializes \p ep_cert structure and assigns it to endpoint
649 * represented by \p ep.
650 *
651 * \retval 0 on success, otherwise error code.
652 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]653int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]654{
655 int i = 0;
656 int ret = -1;
657 mbedtls_endpoint_certificate *cert;
658
659 if( ep == NULL )
660 {
661 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
662 }
663
664 cert = &( ep->cert );
665 mbedtls_x509_crt_init( &( cert->ca_cert ) );
666 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]667 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]668
669 /* Load the trusted CA */
670
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]671 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
672 {
673 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
674 (const unsigned char *) mbedtls_test_cas_der[i],
675 mbedtls_test_cas_der_len[i] );
676 TEST_ASSERT( ret == 0 );
677 }
678
679 /* Load own certificate and private key */
680
681 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
682 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]683 if( pk_alg == MBEDTLS_PK_RSA )
684 {
685 ret = mbedtls_x509_crt_parse( &( cert->cert ),
686 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
687 mbedtls_test_srv_crt_rsa_sha256_der_len );
688 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]689
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]690 ret = mbedtls_pk_parse_key( &( cert->pkey ),
691 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
692 mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
693 TEST_ASSERT( ret == 0 );
694 }
695 else
696 {
697 ret = mbedtls_x509_crt_parse( &( cert->cert ),
698 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
699 mbedtls_test_srv_crt_ec_der_len );
700 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]701
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]702 ret = mbedtls_pk_parse_key( &( cert->pkey ),
703 (const unsigned char*) mbedtls_test_srv_key_ec_der,
704 mbedtls_test_srv_key_ec_der_len, NULL, 0 );
705 TEST_ASSERT( ret == 0 );
706 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]707 }
708 else
709 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]710 if( pk_alg == MBEDTLS_PK_RSA )
711 {
712 ret = mbedtls_x509_crt_parse( &( cert->cert ),
713 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
714 mbedtls_test_cli_crt_rsa_der_len );
715 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]716
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]717 ret = mbedtls_pk_parse_key( &( cert->pkey ),
718 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
719 mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
720 TEST_ASSERT( ret == 0 );
721 }
722 else
723 {
724 ret = mbedtls_x509_crt_parse( &( cert->cert ),
725 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
726 mbedtls_test_cli_crt_ec_len );
727 TEST_ASSERT( ret == 0 );
728
729 ret = mbedtls_pk_parse_key( &( cert->pkey ),
730 (const unsigned char *) mbedtls_test_cli_key_ec_der,
731 mbedtls_test_cli_key_ec_der_len, NULL, 0 );
732 TEST_ASSERT( ret == 0 );
733 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]734 }
735
736 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
737
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]738 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
739 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]740 TEST_ASSERT( ret == 0 );
741
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]742exit:
743 if( ret != 0 )
744 {
745 mbedtls_x509_crt_free( &( cert->ca_cert ) );
746 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]747 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]748 }
749
750 return ret;
751}
752
753/*
754 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
755 * after calling this function even if it fails.
756 *
757 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
758 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]759 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
760 * MBEDTLS_PK_ECDSA are supported.
761 * \p dtls_context - in case of DTLS - this is the context handling metadata.
762 * \p input_queue - used only in case of DTLS.
763 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]764 *
765 * \retval 0 on success, otherwise error code.
766 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]767int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
768 mbedtls_test_message_socket_context *dtls_context,
769 mbedtls_test_message_queue *input_queue,
770 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]771{
772 int ret = -1;
773
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]774 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]775 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]776
777 if( ep == NULL )
778 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]779
780 memset( ep, 0, sizeof( *ep ) );
781
782 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
783
784 mbedtls_ssl_init( &( ep->ssl ) );
785 mbedtls_ssl_config_init( &( ep->conf ) );
786 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
787 mbedtls_ssl_conf_rng( &( ep->conf ),
788 mbedtls_ctr_drbg_random,
789 &( ep->ctr_drbg ) );
790 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]791 if( dtls_context != NULL )
792 {
793 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
794 100, &( ep->socket ),
795 dtls_context ) == 0 );
796 }
797 else
798 {
799 mbedtls_mock_socket_init( &( ep->socket ) );
800 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]801
802 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
803 &( ep->entropy ), (const unsigned char *) ( ep->name ),
804 strlen( ep->name ) );
805 TEST_ASSERT( ret == 0 );
806
807 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]808 if( dtls_context != NULL )
809 {
810 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
811 mbedtls_mock_tcp_send_msg,
812 mbedtls_mock_tcp_recv_msg,
813 NULL );
814 }
815 else
816 {
817 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
818 mbedtls_mock_tcp_send_nb,
819 mbedtls_mock_tcp_recv_nb,
820 NULL );
821 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]822
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]823 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]824 ( dtls_context != NULL ) ?
825 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
826 MBEDTLS_SSL_TRANSPORT_STREAM,
827 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]828 TEST_ASSERT( ret == 0 );
829
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]830 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
831 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]832
833#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
834 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
835 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
836#endif
837
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]838 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]839 TEST_ASSERT( ret == 0 );
840
841exit:
842 return ret;
843}
844
845/*
846 * Deinitializes certificates from endpoint represented by \p ep.
847 */
848void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
849{
850 mbedtls_endpoint_certificate *cert = &( ep->cert );
851 mbedtls_x509_crt_free( &( cert->ca_cert ) );
852 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]853 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]854}
855
856/*
857 * Deinitializes endpoint represented by \p ep.
858 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]859void mbedtls_endpoint_free( mbedtls_endpoint *ep,
860 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]861{
862 mbedtls_endpoint_certificate_free( ep );
863
864 mbedtls_ssl_free( &( ep->ssl ) );
865 mbedtls_ssl_config_free( &( ep->conf ) );
866 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
867 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]868
869 if( context != NULL )
870 {
871 mbedtls_message_socket_close( context );
872 }
873 else
874 {
875 mbedtls_mock_socket_close( &( ep->socket ) );
876 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]877}
878
879/*
880 * This function moves ssl handshake from \p ssl to prescribed \p state.
881 * /p second_ssl is used as second endpoint and their sockets have to be
882 * connected before calling this function.
883 *
884 * \retval 0 on success, otherwise error code.
885 */
886int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
887 mbedtls_ssl_context *second_ssl,
888 int state )
889{
890 enum { BUFFSIZE = 1024 };
891 int max_steps = 1000;
892 int ret = 0;
893
894 if( ssl == NULL || second_ssl == NULL )
895 {
896 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
897 }
898
899 /* Perform communication via connected sockets */
900 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
901 {
902 /* If /p second_ssl ends the handshake procedure before /p ssl then
903 * there is no need to call the next step */
904 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
905 {
906 ret = mbedtls_ssl_handshake_step( second_ssl );
907 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
908 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
909 {
910 return ret;
911 }
912 }
913
914 /* We only care about the \p ssl state and returns, so we call it last,
915 * to leave the iteration as soon as the state is as expected. */
916 ret = mbedtls_ssl_handshake_step( ssl );
917 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
918 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
919 {
920 return ret;
921 }
922 }
923
924 return ( max_steps >= 0 ) ? ret : -1;
925}
926
927#endif /* MBEDTLS_X509_CRT_PARSE_C */
928
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]929/*
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]930 * Write application data. Then increase write and fragments counter
931 */
932int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
933 int ln, int *writen, int *fragments )
934{
935 int ret = mbedtls_ssl_write( ssl, buf + *writen, ln - *writen );
936 if( ret >= 0 )
937 {
938 (*fragments)++;
939 *writen += ret;
940 }
941 return ret;
942}
943
944/*
945 * Read application data and increase read counter
946 */
947int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf, int ln, int *read )
948{
949 int ret = mbedtls_ssl_read( ssl, buf + *read, ln - *read );
950 if( ret >= 0 )
951 {
952 *read += ret;
953 }
954 return ret;
955}
956
957/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]958 * Helper function setting up inverse record transformations
959 * using given cipher, hash, EtM mode, authentication tag length,
960 * and version.
961 */
962
963#define CHK( x ) \
964 do \
965 { \
966 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]967 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]968 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]969 goto cleanup; \
970 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]971 } while( 0 )
972
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]973void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
974 int* forced_ciphersuite )
975{
976 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
977 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
978 forced_ciphersuite[1] = 0;
979
980 ciphersuite_info =
981 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
982
983 TEST_ASSERT( ciphersuite_info != NULL );
984 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
985 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
986
987 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
988 {
989 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
990 }
991 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
992 {
993 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
994 }
995
996 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
997
998exit:
999 return;
1000}
1001
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1002int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1003 const unsigned char *name, size_t name_len )
1004{
1005 (void) p_info;
1006 (void) ssl;
1007 (void) name;
1008 (void) name_len;
1009
1010 return ( 0 );
1011}
1012
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1013#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1014#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1015#else
1016#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1017#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1018
1019static int build_transforms( mbedtls_ssl_transform *t_in,
1020 mbedtls_ssl_transform *t_out,
1021 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1022 int etm, int tag_mode, int ver,
1023 size_t cid0_len,
1024 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1025{
1026 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1027 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1028
1029 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1030 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1031 unsigned char iv_enc[16], iv_dec[16];
1032
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1033#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1034 unsigned char cid0[ SSL_CID_LEN_MIN ];
1035 unsigned char cid1[ SSL_CID_LEN_MIN ];
1036
1037 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1038 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1039#else
1040 ((void) cid0_len);
1041 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1042#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1043
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1044 maclen = 0;
1045
1046 /* Pick cipher */
1047 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1048 CHK( cipher_info != NULL );
1049 CHK( cipher_info->iv_size <= 16 );
1050 CHK( cipher_info->key_bitlen % 8 == 0 );
1051
1052 /* Pick keys */
1053 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1054 /* Allocate `keylen + 1` bytes to ensure that we get
1055 * a non-NULL pointers from `mbedtls_calloc` even if
1056 * `keylen == 0` in the case of the NULL cipher. */
1057 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1058 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1059 memset( key0, 0x1, keylen );
1060 memset( key1, 0x2, keylen );
1061
1062 /* Setup cipher contexts */
1063 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1064 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1065 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1066 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1067
1068#if defined(MBEDTLS_CIPHER_MODE_CBC)
1069 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1070 {
1071 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1072 MBEDTLS_PADDING_NONE ) == 0 );
1073 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1074 MBEDTLS_PADDING_NONE ) == 0 );
1075 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1076 MBEDTLS_PADDING_NONE ) == 0 );
1077 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1078 MBEDTLS_PADDING_NONE ) == 0 );
1079 }
1080#endif /* MBEDTLS_CIPHER_MODE_CBC */
1081
1082 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1083 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1084 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1085 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1086 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1087 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1088 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1089 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1090
1091 /* Setup MAC contexts */
1092#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
1093 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1094 cipher_info->mode == MBEDTLS_MODE_STREAM )
1095 {
1096 mbedtls_md_info_t const *md_info;
1097 unsigned char *md0, *md1;
1098
1099 /* Pick hash */
1100 md_info = mbedtls_md_info_from_type( hash_id );
1101 CHK( md_info != NULL );
1102
1103 /* Pick hash keys */
1104 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1105 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1106 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1107 memset( md0, 0x5, maclen );
1108 memset( md1, 0x6, maclen );
1109
1110 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1111 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1112 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1113 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1114
1115 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
1116 {
1117 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1118 md0, maclen ) == 0 );
1119 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1120 md1, maclen ) == 0 );
1121 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1122 md1, maclen ) == 0 );
1123 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1124 md0, maclen ) == 0 );
1125 }
1126#if defined(MBEDTLS_SSL_PROTO_SSL3)
1127 else
1128 {
1129 memcpy( &t_in->mac_enc, md0, maclen );
1130 memcpy( &t_in->mac_dec, md1, maclen );
1131 memcpy( &t_out->mac_enc, md1, maclen );
1132 memcpy( &t_out->mac_dec, md0, maclen );
1133 }
1134#endif
1135
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1136 mbedtls_free( md0 );
1137 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1138 }
1139#else
1140 ((void) hash_id);
1141#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
1142
1143
1144 /* Pick IV's (regardless of whether they
1145 * are being used by the transform). */
1146 ivlen = cipher_info->iv_size;
1147 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1148 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1149
1150 /*
1151 * Setup transforms
1152 */
1153
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1154#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1155 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1156 t_out->encrypt_then_mac = etm;
1157 t_in->encrypt_then_mac = etm;
1158#else
1159 ((void) etm);
1160#endif
1161
1162 t_out->minor_ver = ver;
1163 t_in->minor_ver = ver;
1164 t_out->ivlen = ivlen;
1165 t_in->ivlen = ivlen;
1166
1167 switch( cipher_info->mode )
1168 {
1169 case MBEDTLS_MODE_GCM:
1170 case MBEDTLS_MODE_CCM:
1171 t_out->fixed_ivlen = 4;
1172 t_in->fixed_ivlen = 4;
1173 t_out->maclen = 0;
1174 t_in->maclen = 0;
1175 switch( tag_mode )
1176 {
1177 case 0: /* Full tag */
1178 t_out->taglen = 16;
1179 t_in->taglen = 16;
1180 break;
1181 case 1: /* Partial tag */
1182 t_out->taglen = 8;
1183 t_in->taglen = 8;
1184 break;
1185 default:
1186 return( 1 );
1187 }
1188 break;
1189
1190 case MBEDTLS_MODE_CHACHAPOLY:
1191 t_out->fixed_ivlen = 12;
1192 t_in->fixed_ivlen = 12;
1193 t_out->maclen = 0;
1194 t_in->maclen = 0;
1195 switch( tag_mode )
1196 {
1197 case 0: /* Full tag */
1198 t_out->taglen = 16;
1199 t_in->taglen = 16;
1200 break;
1201 case 1: /* Partial tag */
1202 t_out->taglen = 8;
1203 t_in->taglen = 8;
1204 break;
1205 default:
1206 return( 1 );
1207 }
1208 break;
1209
1210 case MBEDTLS_MODE_STREAM:
1211 case MBEDTLS_MODE_CBC:
1212 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1213 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1214 t_out->taglen = 0;
1215 t_in->taglen = 0;
1216 switch( tag_mode )
1217 {
1218 case 0: /* Full tag */
1219 t_out->maclen = maclen;
1220 t_in->maclen = maclen;
1221 break;
1222 case 1: /* Partial tag */
1223 t_out->maclen = 10;
1224 t_in->maclen = 10;
1225 break;
1226 default:
1227 return( 1 );
1228 }
1229 break;
1230 default:
1231 return( 1 );
1232 break;
1233 }
1234
1235 /* Setup IV's */
1236
1237 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1238 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1239 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1240 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1241
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1242#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1243 /* Add CID */
1244 memcpy( &t_in->in_cid, cid0, cid0_len );
1245 memcpy( &t_in->out_cid, cid1, cid1_len );
1246 t_in->in_cid_len = cid0_len;
1247 t_in->out_cid_len = cid1_len;
1248 memcpy( &t_out->in_cid, cid1, cid1_len );
1249 memcpy( &t_out->out_cid, cid0, cid0_len );
1250 t_out->in_cid_len = cid1_len;
1251 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1252#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1253
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1254cleanup:
1255
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1256 mbedtls_free( key0 );
1257 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1258
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1259 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1260}
1261
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1262/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1263 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1264 * Choose dummy values, mostly non-0 to distinguish from the init default.
1265 */
1266static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1267 int ticket_len,
1268 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1269{
1270#if defined(MBEDTLS_HAVE_TIME)
1271 session->start = mbedtls_time( NULL ) - 42;
1272#endif
1273 session->ciphersuite = 0xabcd;
1274 session->compression = 1;
1275 session->id_len = sizeof( session->id );
1276 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1277 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1278
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1279#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1280 if( strlen( crt_file ) != 0 )
1281 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1282 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1283 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1284
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1285 mbedtls_x509_crt_init( &tmp_crt );
1286 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1287 if( ret != 0 )
1288 return( ret );
1289
1290#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1291 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1292 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1293 if( session->peer_cert == NULL )
1294 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1295 *session->peer_cert = tmp_crt;
1296 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1297#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1298 /* Calculate digest of temporary CRT. */
1299 session->peer_cert_digest =
1300 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1301 if( session->peer_cert_digest == NULL )
1302 return( -1 );
1303 ret = mbedtls_md( mbedtls_md_info_from_type(
1304 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1305 tmp_crt.raw.p, tmp_crt.raw.len,
1306 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1307 if( ret != 0 )
1308 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1309 session->peer_cert_digest_type =
1310 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1311 session->peer_cert_digest_len =
1312 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1313#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1314
1315 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1316 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1317#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1318 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1319#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1320 session->verify_result = 0xdeadbeef;
1321
1322#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1323 if( ticket_len != 0 )
1324 {
1325 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1326 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1327 return( -1 );
1328 memset( session->ticket, 33, ticket_len );
1329 }
1330 session->ticket_len = ticket_len;
1331 session->ticket_lifetime = 86401;
1332#else
1333 (void) ticket_len;
1334#endif
1335
1336#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1337 session->mfl_code = 1;
1338#endif
1339#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1340 session->trunc_hmac = 1;
1341#endif
1342#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1343 session->encrypt_then_mac = 1;
1344#endif
1345
1346 return( 0 );
1347}
1348
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1349/* END_HEADER */
1350
1351/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1352 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1353 * END_DEPENDENCIES
1354 */
1355
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1356/* BEGIN_CASE */
1357void test_callback_buffer_sanity()
1358{
1359 enum { MSGLEN = 10 };
1360 mbedtls_test_buffer buf;
1361 unsigned char input[MSGLEN];
1362 unsigned char output[MSGLEN];
1363
1364 memset( input, 0, sizeof(input) );
1365
1366 /* Make sure calling put and get on NULL buffer results in error. */
1367 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
1368 == -1 );
1369 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
1370 == -1 );
1371 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1372
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1373 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
1374 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
1375
1376 /* Make sure calling put and get on a buffer that hasn't been set up results
1377 * in eror. */
1378 mbedtls_test_buffer_init( &buf );
1379
1380 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
1381 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
1382 == -1 );
1383 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1384
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1385 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
1386 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
1387
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1388 /* Make sure calling put and get on NULL input only results in
1389 * error if the length is not zero, and that a NULL output is valid for data
1390 * dropping.
1391 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1392
1393 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
1394
1395 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
1396 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1397 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1398 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
1399 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
1400
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]1401 /* Make sure calling put several times in the row is safe */
1402
1403 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
1404 == sizeof( input ) );
1405 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
1406 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
1407 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
1408 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
1409
1410
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1411exit:
1412
1413 mbedtls_test_buffer_free( &buf );
1414}
1415/* END_CASE */
1416
1417/*
1418 * Test if the implementation of `mbedtls_test_buffer` related functions is
1419 * correct and works as expected.
1420 *
1421 * That is
1422 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
1423 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1424 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
1425 * bytes.
1426 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1427 * - All of the bytes we got match the bytes we put in in a FIFO manner.
1428 */
1429
1430/* BEGIN_CASE */
1431void test_callback_buffer( int size, int put1, int put1_ret,
1432 int get1, int get1_ret, int put2, int put2_ret,
1433 int get2, int get2_ret )
1434{
1435 enum { ROUNDS = 2 };
1436 size_t put[ROUNDS];
1437 int put_ret[ROUNDS];
1438 size_t get[ROUNDS];
1439 int get_ret[ROUNDS];
1440 mbedtls_test_buffer buf;
1441 unsigned char* input = NULL;
1442 size_t input_len;
1443 unsigned char* output = NULL;
1444 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1445 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1446
1447 mbedtls_test_buffer_init( &buf );
1448 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
1449
1450 /* Check the sanity of input parameters and initialise local variables. That
1451 * is, ensure that the amount of data is not negative and that we are not
1452 * expecting more to put or get than we actually asked for. */
1453 TEST_ASSERT( put1 >= 0 );
1454 put[0] = put1;
1455 put_ret[0] = put1_ret;
1456 TEST_ASSERT( put1_ret <= put1 );
1457 TEST_ASSERT( put2 >= 0 );
1458 put[1] = put2;
1459 put_ret[1] = put2_ret;
1460 TEST_ASSERT( put2_ret <= put2 );
1461
1462 TEST_ASSERT( get1 >= 0 );
1463 get[0] = get1;
1464 get_ret[0] = get1_ret;
1465 TEST_ASSERT( get1_ret <= get1 );
1466 TEST_ASSERT( get2 >= 0 );
1467 get[1] = get2;
1468 get_ret[1] = get2_ret;
1469 TEST_ASSERT( get2_ret <= get2 );
1470
1471 input_len = 0;
1472 /* Calculate actual input and output lengths */
1473 for( j = 0; j < ROUNDS; j++ )
1474 {
1475 if( put_ret[j] > 0 )
1476 {
1477 input_len += put_ret[j];
1478 }
1479 }
1480 /* In order to always have a valid pointer we always allocate at least 1
1481 * byte. */
1482 if( input_len == 0 )
1483 input_len = 1;
1484 ASSERT_ALLOC( input, input_len );
1485
1486 output_len = 0;
1487 for( j = 0; j < ROUNDS; j++ )
1488 {
1489 if( get_ret[j] > 0 )
1490 {
1491 output_len += get_ret[j];
1492 }
1493 }
1494 TEST_ASSERT( output_len <= input_len );
1495 /* In order to always have a valid pointer we always allocate at least 1
1496 * byte. */
1497 if( output_len == 0 )
1498 output_len = 1;
1499 ASSERT_ALLOC( output, output_len );
1500
1501 /* Fill up the buffer with structured data so that unwanted changes
1502 * can be detected */
1503 for( i = 0; i < input_len; i++ )
1504 {
1505 input[i] = i & 0xFF;
1506 }
1507
1508 written = read = 0;
1509 for( j = 0; j < ROUNDS; j++ )
1510 {
1511 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
1512 input + written, put[j] ) );
1513 written += put_ret[j];
1514 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
1515 output + read, get[j] ) );
1516 read += get_ret[j];
1517 TEST_ASSERT( read <= written );
1518 if( get_ret[j] > 0 )
1519 {
1520 TEST_ASSERT( memcmp( output + read - get_ret[j],
1521 input + read - get_ret[j], get_ret[j] )
1522 == 0 );
1523 }
1524 }
1525
1526exit:
1527
1528 mbedtls_free( input );
1529 mbedtls_free( output );
1530 mbedtls_test_buffer_free( &buf );
1531}
1532/* END_CASE */
1533
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1534/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1535 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
1536 * correct and works as expected on unconnected sockets.
1537 */
1538
1539/* BEGIN_CASE */
1540void ssl_mock_sanity( )
1541{
1542 enum { MSGLEN = 105 };
1543 unsigned char message[MSGLEN];
1544 unsigned char received[MSGLEN];
1545 mbedtls_mock_socket socket;
1546
1547 mbedtls_mock_socket_init( &socket );
1548 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
1549 mbedtls_mock_socket_close( &socket );
1550 mbedtls_mock_socket_init( &socket );
1551 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
1552 mbedtls_mock_socket_close( &socket );
1553
1554 mbedtls_mock_socket_init( &socket );
1555 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
1556 mbedtls_mock_socket_close( &socket );
1557 mbedtls_mock_socket_init( &socket );
1558 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
1559 mbedtls_mock_socket_close( &socket );
1560
1561exit:
1562
1563 mbedtls_mock_socket_close( &socket );
1564}
1565/* END_CASE */
1566
1567/*
1568 * Test if the implementation of `mbedtls_mock_socket` related functions can
1569 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1570 */
1571
1572/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1573void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1574{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1575 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1576 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1577 unsigned char message[MSGLEN];
1578 unsigned char received[MSGLEN];
1579 mbedtls_mock_socket client;
1580 mbedtls_mock_socket server;
1581 size_t written, read;
1582 int send_ret, recv_ret;
1583 mbedtls_ssl_send_t *send;
1584 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1585 unsigned i;
1586
1587 if( blocking == 0 )
1588 {
1589 send = mbedtls_mock_tcp_send_nb;
1590 recv = mbedtls_mock_tcp_recv_nb;
1591 }
1592 else
1593 {
1594 send = mbedtls_mock_tcp_send_b;
1595 recv = mbedtls_mock_tcp_recv_b;
1596 }
1597
1598 mbedtls_mock_socket_init( &client );
1599 mbedtls_mock_socket_init( &server );
1600
1601 /* Fill up the buffer with structured data so that unwanted changes
1602 * can be detected */
1603 for( i = 0; i < MSGLEN; i++ )
1604 {
1605 message[i] = i & 0xFF;
1606 }
1607
1608 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1609 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1610
1611 /* Send the message to the server */
1612 send_ret = recv_ret = 1;
1613 written = read = 0;
1614 while( send_ret != 0 || recv_ret != 0 )
1615 {
1616 send_ret = send( &client, message + written, MSGLEN - written );
1617
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1618 TEST_ASSERT( send_ret >= 0 );
1619 TEST_ASSERT( send_ret <= BUFLEN );
1620 written += send_ret;
1621
1622 /* If the buffer is full we can test blocking and non-blocking send */
1623 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1624 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1625 int blocking_ret = send( &client, message , 1 );
1626 if ( blocking )
1627 {
1628 TEST_ASSERT( blocking_ret == 0 );
1629 }
1630 else
1631 {
1632 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1633 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1634 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1635
1636 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1637
1638 /* The result depends on whether any data was sent */
1639 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1640 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1641 TEST_ASSERT( recv_ret > 0 );
1642 TEST_ASSERT( recv_ret <= BUFLEN );
1643 read += recv_ret;
1644 }
1645 else if( blocking )
1646 {
1647 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1648 }
1649 else
1650 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1651 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
1652 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1653 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1654
1655 /* If the buffer is empty we can test blocking and non-blocking read */
1656 if ( recv_ret == BUFLEN )
1657 {
1658 int blocking_ret = recv( &server, received, 1 );
1659 if ( blocking )
1660 {
1661 TEST_ASSERT( blocking_ret == 0 );
1662 }
1663 else
1664 {
1665 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1666 }
1667 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1668 }
1669 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1670
1671exit:
1672
1673 mbedtls_mock_socket_close( &client );
1674 mbedtls_mock_socket_close( &server );
1675}
1676/* END_CASE */
1677
1678/*
1679 * Test if the implementation of `mbedtls_mock_socket` related functions can
1680 * send messages in both direction at the same time (with the I/O calls
1681 * interleaving).
1682 */
1683
1684/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1685void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1686{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1687 enum { ROUNDS = 2 };
1688 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1689 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1690 unsigned char message[ROUNDS][MSGLEN];
1691 unsigned char received[ROUNDS][MSGLEN];
1692 mbedtls_mock_socket client;
1693 mbedtls_mock_socket server;
1694 size_t written[ROUNDS];
1695 size_t read[ROUNDS];
1696 int send_ret[ROUNDS];
1697 int recv_ret[ROUNDS];
1698 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1699 mbedtls_ssl_send_t *send;
1700 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1701
1702 if( blocking == 0 )
1703 {
1704 send = mbedtls_mock_tcp_send_nb;
1705 recv = mbedtls_mock_tcp_recv_nb;
1706 }
1707 else
1708 {
1709 send = mbedtls_mock_tcp_send_b;
1710 recv = mbedtls_mock_tcp_recv_b;
1711 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1712
1713 mbedtls_mock_socket_init( &client );
1714 mbedtls_mock_socket_init( &server );
1715
1716 /* Fill up the buffers with structured data so that unwanted changes
1717 * can be detected */
1718 for( i = 0; i < ROUNDS; i++ )
1719 {
1720 for( j = 0; j < MSGLEN; j++ )
1721 {
1722 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1723 }
1724 }
1725
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1726 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1727 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1728
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1729 /* Send the message from both sides, interleaving. */
1730 progress = 1;
1731 for( i = 0; i < ROUNDS; i++ )
1732 {
1733 written[i] = 0;
1734 read[i] = 0;
1735 }
1736 /* This loop does not stop as long as there was a successful write or read
1737 * of at least one byte on either side. */
1738 while( progress != 0 )
1739 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1740 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1741
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1742 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1743 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1744 /* First sending is from the client */
1745 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1746
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1747 send_ret[i] = send( socket, message[i] + written[i],
1748 MSGLEN - written[i] );
1749 TEST_ASSERT( send_ret[i] >= 0 );
1750 TEST_ASSERT( send_ret[i] <= BUFLEN );
1751 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1752
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1753 /* If the buffer is full we can test blocking and non-blocking
1754 * send */
1755 if ( send_ret[i] == BUFLEN )
1756 {
1757 int blocking_ret = send( socket, message[i] , 1 );
1758 if ( blocking )
1759 {
1760 TEST_ASSERT( blocking_ret == 0 );
1761 }
1762 else
1763 {
1764 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1765 }
1766 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1767 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1768
1769 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1770 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1771 /* First receiving is from the server */
1772 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
1773
1774 recv_ret[i] = recv( socket, received[i] + read[i],
1775 MSGLEN - read[i] );
1776
1777 /* The result depends on whether any data was sent */
1778 if ( send_ret[i] > 0 )
1779 {
1780 TEST_ASSERT( recv_ret[i] > 0 );
1781 TEST_ASSERT( recv_ret[i] <= BUFLEN );
1782 read[i] += recv_ret[i];
1783 }
1784 else if( blocking )
1785 {
1786 TEST_ASSERT( recv_ret[i] == 0 );
1787 }
1788 else
1789 {
1790 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
1791 recv_ret[i] = 0;
1792 }
1793
1794 /* If the buffer is empty we can test blocking and non-blocking
1795 * read */
1796 if ( recv_ret[i] == BUFLEN )
1797 {
1798 int blocking_ret = recv( socket, received[i], 1 );
1799 if ( blocking )
1800 {
1801 TEST_ASSERT( blocking_ret == 0 );
1802 }
1803 else
1804 {
1805 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1806 }
1807 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1808 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1809
1810 progress = 0;
1811 for( i = 0; i < ROUNDS; i++ )
1812 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1813 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1814 }
1815 }
1816
1817 for( i = 0; i < ROUNDS; i++ )
1818 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1819
1820exit:
1821
1822 mbedtls_mock_socket_close( &client );
1823 mbedtls_mock_socket_close( &server );
1824}
1825/* END_CASE */
1826
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1827/* BEGIN_CASE */
1828void ssl_message_queue_sanity( )
1829{
1830 mbedtls_test_message_queue queue;
1831
1832 /* Trying to push/pull to an empty queue */
1833 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
1834 == MBEDTLS_TEST_ERROR_ARG_NULL );
1835 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
1836 == MBEDTLS_TEST_ERROR_ARG_NULL );
1837
1838 mbedtls_test_message_queue_setup( &queue, 3 );
1839 TEST_ASSERT( queue.capacity == 3 );
1840 TEST_ASSERT( queue.num == 0 );
1841
1842exit:
1843 mbedtls_test_message_queue_free( &queue );
1844}
1845/* END_CASE */
1846
1847/* BEGIN_CASE */
1848void ssl_message_queue_basic( )
1849{
1850 mbedtls_test_message_queue queue;
1851
1852 mbedtls_test_message_queue_setup( &queue, 3 );
1853
1854 /* Sanity test - 3 pushes and 3 pops with sufficient space */
1855 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1856 TEST_ASSERT( queue.capacity == 3 );
1857 TEST_ASSERT( queue.num == 1 );
1858 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1859 TEST_ASSERT( queue.capacity == 3 );
1860 TEST_ASSERT( queue.num == 2 );
1861 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1862 TEST_ASSERT( queue.capacity == 3 );
1863 TEST_ASSERT( queue.num == 3 );
1864
1865 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1866 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1867 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1868
1869exit:
1870 mbedtls_test_message_queue_free( &queue );
1871}
1872/* END_CASE */
1873
1874/* BEGIN_CASE */
1875void ssl_message_queue_overflow_underflow( )
1876{
1877 mbedtls_test_message_queue queue;
1878
1879 mbedtls_test_message_queue_setup( &queue, 3 );
1880
1881 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
1882 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1883 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1884 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1885 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]1886 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1887
1888 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1889 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1890 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1891
1892 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]1893 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1894
1895exit:
1896 mbedtls_test_message_queue_free( &queue );
1897}
1898/* END_CASE */
1899
1900/* BEGIN_CASE */
1901void ssl_message_queue_interleaved( )
1902{
1903 mbedtls_test_message_queue queue;
1904
1905 mbedtls_test_message_queue_setup( &queue, 3 );
1906
1907 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
1908 * (to wrap around the buffer) */
1909 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1910 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1911
1912 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1913
1914 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1915 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
1916
1917 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1918 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1919
1920 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
1921 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
1922
1923 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
1924
1925 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
1926
1927 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
1928
1929exit:
1930 mbedtls_test_message_queue_free( &queue );
1931}
1932/* END_CASE */
1933
1934/* BEGIN_CASE */
1935void ssl_message_queue_insufficient_buffer( )
1936{
1937 mbedtls_test_message_queue queue;
1938 size_t message_len = 10;
1939 size_t buffer_len = 5;
1940
1941 mbedtls_test_message_queue_setup( &queue, 1 );
1942
1943 /* Popping without a sufficient buffer */
1944 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
1945 == (int) message_len );
1946 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
1947 == (int) buffer_len );
1948exit:
1949 mbedtls_test_message_queue_free( &queue );
1950}
1951/* END_CASE */
1952
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1953/* BEGIN_CASE */
1954void ssl_message_mock_uninitialized( )
1955{
1956 enum { MSGLEN = 10 };
1957 unsigned char message[MSGLEN], received[MSGLEN];
1958 mbedtls_mock_socket client, server;
1959 mbedtls_test_message_queue server_queue, client_queue;
1960 mbedtls_test_message_socket_context server_context, client_context;
1961
1962 /* Send with a NULL context */
1963 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
1964 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1965
1966 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
1967 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1968
1969 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1970 &server,
1971 &server_context ) == 0 );
1972
1973 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1974 &client,
1975 &client_context ) == 0 );
1976
1977 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
1978 == MBEDTLS_TEST_ERROR_SEND_FAILED );
1979
1980 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]1981 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1982
1983 /* Push directly to a queue to later simulate a disconnected behavior */
1984 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
1985 == MSGLEN );
1986
1987 /* Test if there's an error when trying to read from a disconnected
1988 * socket */
1989 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1990 == MBEDTLS_TEST_ERROR_RECV_FAILED );
1991 exit:
1992 mbedtls_message_socket_close( &server_context );
1993 mbedtls_message_socket_close( &client_context );
1994}
1995/* END_CASE */
1996
1997/* BEGIN_CASE */
1998void ssl_message_mock_basic( )
1999{
2000 enum { MSGLEN = 10 };
2001 unsigned char message[MSGLEN], received[MSGLEN];
2002 mbedtls_mock_socket client, server;
2003 unsigned i;
2004 mbedtls_test_message_queue server_queue, client_queue;
2005 mbedtls_test_message_socket_context server_context, client_context;
2006
2007 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2008 &server,
2009 &server_context ) == 0 );
2010
2011 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2012 &client,
2013 &client_context ) == 0 );
2014
2015 /* Fill up the buffer with structured data so that unwanted changes
2016 * can be detected */
2017 for( i = 0; i < MSGLEN; i++ )
2018 {
2019 message[i] = i & 0xFF;
2020 }
2021 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2022 MSGLEN ) );
2023
2024 /* Send the message to the server */
2025 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2026 MSGLEN ) == MSGLEN );
2027
2028 /* Read from the server */
2029 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2030 == MSGLEN );
2031
2032 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2033 memset( received, 0, MSGLEN );
2034
2035 /* Send the message to the client */
2036 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2037 MSGLEN ) == MSGLEN );
2038
2039 /* Read from the client */
2040 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2041 == MSGLEN );
2042 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2043
2044 exit:
2045 mbedtls_message_socket_close( &server_context );
2046 mbedtls_message_socket_close( &client_context );
2047}
2048/* END_CASE */
2049
2050/* BEGIN_CASE */
2051void ssl_message_mock_queue_overflow_underflow( )
2052{
2053 enum { MSGLEN = 10 };
2054 unsigned char message[MSGLEN], received[MSGLEN];
2055 mbedtls_mock_socket client, server;
2056 unsigned i;
2057 mbedtls_test_message_queue server_queue, client_queue;
2058 mbedtls_test_message_socket_context server_context, client_context;
2059
2060 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2061 &server,
2062 &server_context ) == 0 );
2063
2064 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2065 &client,
2066 &client_context ) == 0 );
2067
2068 /* Fill up the buffer with structured data so that unwanted changes
2069 * can be detected */
2070 for( i = 0; i < MSGLEN; i++ )
2071 {
2072 message[i] = i & 0xFF;
2073 }
2074 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2075 MSGLEN*2 ) );
2076
2077 /* Send three message to the server, last one with an error */
2078 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2079 MSGLEN - 1 ) == MSGLEN - 1 );
2080
2081 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2082 MSGLEN ) == MSGLEN );
2083
2084 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2085 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2086 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2087
2088 /* Read three messages from the server, last one with an error */
2089 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2090 MSGLEN - 1 ) == MSGLEN - 1 );
2091
2092 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2093 == MSGLEN );
2094
2095 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2096
2097 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2098 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2099
2100 exit:
2101 mbedtls_message_socket_close( &server_context );
2102 mbedtls_message_socket_close( &client_context );
2103}
2104/* END_CASE */
2105
2106/* BEGIN_CASE */
2107void ssl_message_mock_socket_overflow( )
2108{
2109 enum { MSGLEN = 10 };
2110 unsigned char message[MSGLEN], received[MSGLEN];
2111 mbedtls_mock_socket client, server;
2112 unsigned i;
2113 mbedtls_test_message_queue server_queue, client_queue;
2114 mbedtls_test_message_socket_context server_context, client_context;
2115
2116 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2117 &server,
2118 &server_context ) == 0 );
2119
2120 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2121 &client,
2122 &client_context ) == 0 );
2123
2124 /* Fill up the buffer with structured data so that unwanted changes
2125 * can be detected */
2126 for( i = 0; i < MSGLEN; i++ )
2127 {
2128 message[i] = i & 0xFF;
2129 }
2130 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2131 MSGLEN ) );
2132
2133 /* Send two message to the server, second one with an error */
2134 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2135 MSGLEN ) == MSGLEN );
2136
2137 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2138 MSGLEN )
2139 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2140
2141 /* Read the only message from the server */
2142 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2143 == MSGLEN );
2144
2145 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2146
2147 exit:
2148 mbedtls_message_socket_close( &server_context );
2149 mbedtls_message_socket_close( &client_context );
2150}
2151/* END_CASE */
2152
2153/* BEGIN_CASE */
2154void ssl_message_mock_truncated( )
2155{
2156 enum { MSGLEN = 10 };
2157 unsigned char message[MSGLEN], received[MSGLEN];
2158 mbedtls_mock_socket client, server;
2159 unsigned i;
2160 mbedtls_test_message_queue server_queue, client_queue;
2161 mbedtls_test_message_socket_context server_context, client_context;
2162
2163 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2164 &server,
2165 &server_context ) == 0 );
2166
2167 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2168 &client,
2169 &client_context ) == 0 );
2170
2171 memset( received, 0, MSGLEN );
2172 /* Fill up the buffer with structured data so that unwanted changes
2173 * can be detected */
2174 for( i = 0; i < MSGLEN; i++ )
2175 {
2176 message[i] = i & 0xFF;
2177 }
2178 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2179 2 * MSGLEN ) );
2180
2181 /* Send two messages to the server, the second one small enough to fit in the
2182 * receiver's buffer. */
2183 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2184 MSGLEN ) == MSGLEN );
2185 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2186 MSGLEN / 2 ) == MSGLEN / 2 );
2187 /* Read a truncated message from the server */
2188 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2189 == MSGLEN/2 );
2190
2191 /* Test that the first half of the message is valid, and second one isn't */
2192 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2193 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2194 != 0 );
2195 memset( received, 0, MSGLEN );
2196
2197 /* Read a full message from the server */
2198 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2199 == MSGLEN / 2 );
2200
2201 /* Test that the first half of the message is valid */
2202 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2203
2204 exit:
2205 mbedtls_message_socket_close( &server_context );
2206 mbedtls_message_socket_close( &client_context );
2207}
2208/* END_CASE */
2209
2210/* BEGIN_CASE */
2211void ssl_message_mock_socket_read_error( )
2212{
2213 enum { MSGLEN = 10 };
2214 unsigned char message[MSGLEN], received[MSGLEN];
2215 mbedtls_mock_socket client, server;
2216 unsigned i;
2217 mbedtls_test_message_queue server_queue, client_queue;
2218 mbedtls_test_message_socket_context server_context, client_context;
2219
2220 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2221 &server,
2222 &server_context ) == 0 );
2223
2224 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2225 &client,
2226 &client_context ) == 0 );
2227
2228 /* Fill up the buffer with structured data so that unwanted changes
2229 * can be detected */
2230 for( i = 0; i < MSGLEN; i++ )
2231 {
2232 message[i] = i & 0xFF;
2233 }
2234 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2235 MSGLEN ) );
2236
2237 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2238 MSGLEN ) == MSGLEN );
2239
2240 /* Force a read error by disconnecting the socket by hand */
2241 server.status = 0;
2242 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2243 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2244 /* Return to a valid state */
2245 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2246
2247 memset( received, 0, sizeof( received ) );
2248
2249 /* Test that even though the server tried to read once disconnected, the
2250 * continuity is preserved */
2251 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2252 == MSGLEN );
2253
2254 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2255
2256 exit:
2257 mbedtls_message_socket_close( &server_context );
2258 mbedtls_message_socket_close( &client_context );
2259}
2260/* END_CASE */
2261
2262/* BEGIN_CASE */
2263void ssl_message_mock_interleaved_one_way( )
2264{
2265 enum { MSGLEN = 10 };
2266 unsigned char message[MSGLEN], received[MSGLEN];
2267 mbedtls_mock_socket client, server;
2268 unsigned i;
2269 mbedtls_test_message_queue server_queue, client_queue;
2270 mbedtls_test_message_socket_context server_context, client_context;
2271
2272 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2273 &server,
2274 &server_context ) == 0 );
2275
2276 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2277 &client,
2278 &client_context ) == 0 );
2279
2280 /* Fill up the buffer with structured data so that unwanted changes
2281 * can be detected */
2282 for( i = 0; i < MSGLEN; i++ )
2283 {
2284 message[i] = i & 0xFF;
2285 }
2286 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2287 MSGLEN*3 ) );
2288
2289 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
2290 * (to wrap around the buffer) */
2291 for( i = 0; i < 2; i++ )
2292 {
2293 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2294 MSGLEN ) == MSGLEN );
2295
2296 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2297 MSGLEN ) == MSGLEN );
2298
2299 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2300 MSGLEN ) == MSGLEN );
2301 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2302 memset( received, 0, sizeof( received ) );
2303 }
2304
2305 for( i = 0; i < 2; i++ )
2306 {
2307 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2308 MSGLEN ) == MSGLEN );
2309
2310 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2311 }
2312 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2313 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2314 exit:
2315 mbedtls_message_socket_close( &server_context );
2316 mbedtls_message_socket_close( &client_context );
2317}
2318/* END_CASE */
2319
2320/* BEGIN_CASE */
2321void ssl_message_mock_interleaved_two_ways( )
2322{
2323 enum { MSGLEN = 10 };
2324 unsigned char message[MSGLEN], received[MSGLEN];
2325 mbedtls_mock_socket client, server;
2326 unsigned i;
2327 mbedtls_test_message_queue server_queue, client_queue;
2328 mbedtls_test_message_socket_context server_context, client_context;
2329
2330 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2331 &server,
2332 &server_context ) == 0 );
2333
2334 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2335 &client,
2336 &client_context ) == 0 );
2337
2338 /* Fill up the buffer with structured data so that unwanted changes
2339 * can be detected */
2340 for( i = 0; i < MSGLEN; i++ )
2341 {
2342 message[i] = i & 0xFF;
2343 }
2344 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2345 MSGLEN*3 ) );
2346
2347 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
2348 * (to wrap around the buffer) both ways. */
2349 for( i = 0; i < 2; i++ )
2350 {
2351 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2352 MSGLEN ) == MSGLEN );
2353
2354 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2355 MSGLEN ) == MSGLEN );
2356
2357 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2358 MSGLEN ) == MSGLEN );
2359
2360 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2361 MSGLEN ) == MSGLEN );
2362
2363 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2364 MSGLEN ) == MSGLEN );
2365
2366 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2367
2368 memset( received, 0, sizeof( received ) );
2369
2370 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2371 MSGLEN ) == MSGLEN );
2372
2373 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2374
2375 memset( received, 0, sizeof( received ) );
2376 }
2377
2378 for( i = 0; i < 2; i++ )
2379 {
2380 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2381 MSGLEN ) == MSGLEN );
2382
2383 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2384 memset( received, 0, sizeof( received ) );
2385
2386 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2387 MSGLEN ) == MSGLEN );
2388
2389 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2390 memset( received, 0, sizeof( received ) );
2391 }
2392
2393 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2394 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2395
2396 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2397 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2398 exit:
2399 mbedtls_message_socket_close( &server_context );
2400 mbedtls_message_socket_close( &client_context );
2401}
2402/* END_CASE */
2403
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2404/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]2405void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2406{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2407 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2408 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2409 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2410
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2411 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2412 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2413
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]2414 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
2415 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]2416 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2417 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2418 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2419
2420 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2421 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2422 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2423 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2424 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2425 }
2426
2427 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2428 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2429 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2430
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2431 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2432 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2433}
2434/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]2435
2436/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
2437void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
2438{
2439 mbedtls_ssl_context ssl;
2440 mbedtls_ssl_init( &ssl );
2441
2442 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
2443 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
2444
2445 mbedtls_ssl_free( &ssl );
2446}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]2447/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2448
2449/* BEGIN_CASE */
2450void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2451 int etm, int tag_mode, int ver,
2452 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2453{
2454 /*
2455 * Test several record encryptions and decryptions
2456 * with plenty of space before and after the data
2457 * within the record buffer.
2458 */
2459
2460 int ret;
2461 int num_records = 16;
2462 mbedtls_ssl_context ssl; /* ONLY for debugging */
2463
2464 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2465 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2466 size_t const buflen = 512;
2467 mbedtls_record rec, rec_backup;
2468
2469 mbedtls_ssl_init( &ssl );
2470 mbedtls_ssl_transform_init( &t0 );
2471 mbedtls_ssl_transform_init( &t1 );
2472 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2473 etm, tag_mode, ver,
2474 (size_t) cid0_len,
2475 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2476
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2477 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2478
2479 while( num_records-- > 0 )
2480 {
2481 mbedtls_ssl_transform *t_dec, *t_enc;
2482 /* Take turns in who's sending and who's receiving. */
2483 if( num_records % 3 == 0 )
2484 {
2485 t_dec = &t0;
2486 t_enc = &t1;
2487 }
2488 else
2489 {
2490 t_dec = &t1;
2491 t_enc = &t0;
2492 }
2493
2494 /*
2495 * The record header affects the transformation in two ways:
2496 * 1) It determines the AEAD additional data
2497 * 2) The record counter sometimes determines the IV.
2498 *
2499 * Apart from that, the fields don't have influence.
2500 * In particular, it is currently not the responsibility
2501 * of ssl_encrypt/decrypt_buf to check if the transform
2502 * version matches the record version, or that the
2503 * type is sensible.
2504 */
2505
2506 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
2507 rec.type = 42;
2508 rec.ver[0] = num_records;
2509 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2510#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2511 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2512#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2513
2514 rec.buf = buf;
2515 rec.buf_len = buflen;
2516 rec.data_offset = 16;
2517 /* Make sure to vary the length to exercise different
2518 * paddings. */
2519 rec.data_len = 1 + num_records;
2520
2521 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2522
2523 /* Make a copy for later comparison */
2524 rec_backup = rec;
2525
2526 /* Encrypt record */
2527 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
2528 rnd_std_rand, NULL );
2529 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2530 if( ret != 0 )
2531 {
2532 continue;
2533 }
2534
2535 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2536 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
2537 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2538
2539 /* Compare results */
2540 TEST_ASSERT( rec.type == rec_backup.type );
2541 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2542 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2543 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2544 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2545 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2546 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2547 rec_backup.buf + rec_backup.data_offset,
2548 rec.data_len ) == 0 );
2549 }
2550
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2551exit:
2552
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2553 /* Cleanup */
2554 mbedtls_ssl_free( &ssl );
2555 mbedtls_ssl_transform_free( &t0 );
2556 mbedtls_ssl_transform_free( &t1 );
2557
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2558 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2559}
2560/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2561
2562/* BEGIN_CASE */
2563void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2564 int etm, int tag_mode, int ver,
2565 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2566{
2567 /*
2568 * Test pairs of encryption and decryption with an increasing
2569 * amount of space in the record buffer - in more detail:
2570 * 1) Try to encrypt with 0, 1, 2, ... bytes available
2571 * in front of the plaintext, and expect the encryption
2572 * to succeed starting from some offset. Always keep
2573 * enough space in the end of the buffer.
2574 * 2) Try to encrypt with 0, 1, 2, ... bytes available
2575 * at the end of the plaintext, and expect the encryption
2576 * to succeed starting from some offset. Always keep
2577 * enough space at the beginning of the buffer.
2578 * 3) Try to encrypt with 0, 1, 2, ... bytes available
2579 * both at the front and end of the plaintext,
2580 * and expect the encryption to succeed starting from
2581 * some offset.
2582 *
2583 * If encryption succeeds, check that decryption succeeds
2584 * and yields the original record.
2585 */
2586
2587 mbedtls_ssl_context ssl; /* ONLY for debugging */
2588
2589 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2590 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2591 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2592 mbedtls_record rec, rec_backup;
2593
2594 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2595 int mode; /* Mode 1, 2 or 3 as explained above */
2596 size_t offset; /* Available space at beginning/end/both */
2597 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2598
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2599 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
2600 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2601
2602 int seen_success; /* Indicates if in the current mode we've
2603 * already seen a successful test. */
2604
2605 mbedtls_ssl_init( &ssl );
2606 mbedtls_ssl_transform_init( &t0 );
2607 mbedtls_ssl_transform_init( &t1 );
2608 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2609 etm, tag_mode, ver,
2610 (size_t) cid0_len,
2611 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2612
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2613 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2614
2615 for( mode=1; mode <= 3; mode++ )
2616 {
2617 seen_success = 0;
2618 for( offset=0; offset <= threshold; offset++ )
2619 {
2620 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]2621 t_dec = &t0;
2622 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2623
2624 memset( rec.ctr, offset, sizeof( rec.ctr ) );
2625 rec.type = 42;
2626 rec.ver[0] = offset;
2627 rec.ver[1] = offset;
2628 rec.buf = buf;
2629 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2630#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2631 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2632#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2633
2634 switch( mode )
2635 {
2636 case 1: /* Space in the beginning */
2637 rec.data_offset = offset;
2638 rec.data_len = buflen - offset - default_post_padding;
2639 break;
2640
2641 case 2: /* Space in the end */
2642 rec.data_offset = default_pre_padding;
2643 rec.data_len = buflen - default_pre_padding - offset;
2644 break;
2645
2646 case 3: /* Space in the beginning and end */
2647 rec.data_offset = offset;
2648 rec.data_len = buflen - 2 * offset;
2649 break;
2650
2651 default:
2652 TEST_ASSERT( 0 );
2653 break;
2654 }
2655
2656 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2657
2658 /* Make a copy for later comparison */
2659 rec_backup = rec;
2660
2661 /* Encrypt record */
2662 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
2663
2664 if( ( mode == 1 || mode == 2 ) && seen_success )
2665 {
2666 TEST_ASSERT( ret == 0 );
2667 }
2668 else
2669 {
2670 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2671 if( ret == 0 )
2672 seen_success = 1;
2673 }
2674
2675 if( ret != 0 )
2676 continue;
2677
2678 /* Decrypt record with t_dec */
2679 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
2680
2681 /* Compare results */
2682 TEST_ASSERT( rec.type == rec_backup.type );
2683 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2684 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2685 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2686 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2687 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2688 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2689 rec_backup.buf + rec_backup.data_offset,
2690 rec.data_len ) == 0 );
2691 }
2692
2693 TEST_ASSERT( seen_success == 1 );
2694 }
2695
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2696exit:
2697
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2698 /* Cleanup */
2699 mbedtls_ssl_free( &ssl );
2700 mbedtls_ssl_transform_free( &t0 );
2701 mbedtls_ssl_transform_free( &t1 );
2702
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2703 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2704}
2705/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2706
2707/* BEGIN_CASE */
2708void ssl_tls_prf( int type, data_t * secret, data_t * random,
2709 char *label, data_t *result_hex_str, int exp_ret )
2710{
2711 unsigned char *output;
2712
2713 output = mbedtls_calloc( 1, result_hex_str->len );
2714 if( output == NULL )
2715 goto exit;
2716
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]2717#if defined(MBEDTLS_USE_PSA_CRYPTO)
2718 TEST_ASSERT( psa_crypto_init() == 0 );
2719#endif
2720
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2721 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
2722 label, random->x, random->len,
2723 output, result_hex_str->len ) == exp_ret );
2724
2725 if( exp_ret == 0 )
2726 {
2727 TEST_ASSERT( hexcmp( output, result_hex_str->x,
2728 result_hex_str->len, result_hex_str->len ) == 0 );
2729 }
2730exit:
2731
2732 mbedtls_free( output );
2733}
2734/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2735
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2736/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2737void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2738{
2739 mbedtls_ssl_session original, restored;
2740 unsigned char *buf = NULL;
2741 size_t len;
2742
2743 /*
2744 * Test that a save-load pair is the identity
2745 */
2746
2747 mbedtls_ssl_session_init( &original );
2748 mbedtls_ssl_session_init( &restored );
2749
2750 /* Prepare a dummy session to work on */
2751 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
2752
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2753 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2754 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
2755 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2756 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
2757 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
2758 == 0 );
2759
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2760 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2761 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
2762
2763 /*
2764 * Make sure both session structures are identical
2765 */
2766#if defined(MBEDTLS_HAVE_TIME)
2767 TEST_ASSERT( original.start == restored.start );
2768#endif
2769 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
2770 TEST_ASSERT( original.compression == restored.compression );
2771 TEST_ASSERT( original.id_len == restored.id_len );
2772 TEST_ASSERT( memcmp( original.id,
2773 restored.id, sizeof( original.id ) ) == 0 );
2774 TEST_ASSERT( memcmp( original.master,
2775 restored.master, sizeof( original.master ) ) == 0 );
2776
2777#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2778#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2779 TEST_ASSERT( ( original.peer_cert == NULL ) ==
2780 ( restored.peer_cert == NULL ) );
2781 if( original.peer_cert != NULL )
2782 {
2783 TEST_ASSERT( original.peer_cert->raw.len ==
2784 restored.peer_cert->raw.len );
2785 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
2786 restored.peer_cert->raw.p,
2787 original.peer_cert->raw.len ) == 0 );
2788 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2789#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2790 TEST_ASSERT( original.peer_cert_digest_type ==
2791 restored.peer_cert_digest_type );
2792 TEST_ASSERT( original.peer_cert_digest_len ==
2793 restored.peer_cert_digest_len );
2794 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
2795 ( restored.peer_cert_digest == NULL ) );
2796 if( original.peer_cert_digest != NULL )
2797 {
2798 TEST_ASSERT( memcmp( original.peer_cert_digest,
2799 restored.peer_cert_digest,
2800 original.peer_cert_digest_len ) == 0 );
2801 }
2802#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2803#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2804 TEST_ASSERT( original.verify_result == restored.verify_result );
2805
2806#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2807 TEST_ASSERT( original.ticket_len == restored.ticket_len );
2808 if( original.ticket_len != 0 )
2809 {
2810 TEST_ASSERT( original.ticket != NULL );
2811 TEST_ASSERT( restored.ticket != NULL );
2812 TEST_ASSERT( memcmp( original.ticket,
2813 restored.ticket, original.ticket_len ) == 0 );
2814 }
2815 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
2816#endif
2817
2818#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2819 TEST_ASSERT( original.mfl_code == restored.mfl_code );
2820#endif
2821
2822#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2823 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
2824#endif
2825
2826#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2827 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
2828#endif
2829
2830exit:
2831 mbedtls_ssl_session_free( &original );
2832 mbedtls_ssl_session_free( &restored );
2833 mbedtls_free( buf );
2834}
2835/* END_CASE */
2836
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]2837/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2838void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2839{
2840 mbedtls_ssl_session session;
2841 unsigned char *buf1 = NULL, *buf2 = NULL;
2842 size_t len0, len1, len2;
2843
2844 /*
2845 * Test that a load-save pair is the identity
2846 */
2847
2848 mbedtls_ssl_session_init( &session );
2849
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2850 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2851 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2852
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2853 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2854 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
2855 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2856
2857 /* Allocate first buffer */
2858 buf1 = mbedtls_calloc( 1, len0 );
2859 TEST_ASSERT( buf1 != NULL );
2860
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2861 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2862 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
2863 == 0 );
2864 TEST_ASSERT( len0 == len1 );
2865 mbedtls_ssl_session_free( &session );
2866
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2867 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]2868 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2869
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2870 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2871 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]2872 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2873 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
2874 == 0 );
2875
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2876 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2877 TEST_ASSERT( len1 == len2 );
2878 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
2879
2880exit:
2881 mbedtls_ssl_session_free( &session );
2882 mbedtls_free( buf1 );
2883 mbedtls_free( buf2 );
2884}
2885/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2886
2887/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2888void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2889{
2890 mbedtls_ssl_session session;
2891 unsigned char *buf = NULL;
2892 size_t good_len, bad_len, test_len;
2893
2894 /*
2895 * Test that session_save() fails cleanly on small buffers
2896 */
2897
2898 mbedtls_ssl_session_init( &session );
2899
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2900 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2901 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2902 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2903 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2904
2905 /* Try all possible bad lengths */
2906 for( bad_len = 1; bad_len < good_len; bad_len++ )
2907 {
2908 /* Allocate exact size so that asan/valgrind can detect any overwrite */
2909 mbedtls_free( buf );
2910 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
2911 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
2912 &test_len )
2913 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2914 TEST_ASSERT( test_len == good_len );
2915 }
2916
2917exit:
2918 mbedtls_ssl_session_free( &session );
2919 mbedtls_free( buf );
2920}
2921/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2922
2923/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2924void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2925{
2926 mbedtls_ssl_session session;
2927 unsigned char *good_buf = NULL, *bad_buf = NULL;
2928 size_t good_len, bad_len;
2929
2930 /*
2931 * Test that session_load() fails cleanly on small buffers
2932 */
2933
2934 mbedtls_ssl_session_init( &session );
2935
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2936 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2937 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2938 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2939 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2940 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
2941 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
2942 &good_len ) == 0 );
2943 mbedtls_ssl_session_free( &session );
2944
2945 /* Try all possible bad lengths */
2946 for( bad_len = 0; bad_len < good_len; bad_len++ )
2947 {
2948 /* Allocate exact size so that asan/valgrind can detect any overread */
2949 mbedtls_free( bad_buf );
2950 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
2951 TEST_ASSERT( bad_buf != NULL );
2952 memcpy( bad_buf, good_buf, bad_len );
2953
2954 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
2955 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
2956 }
2957
2958exit:
2959 mbedtls_ssl_session_free( &session );
2960 mbedtls_free( good_buf );
2961 mbedtls_free( bad_buf );
2962}
2963/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2964
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2965/* BEGIN_CASE */
2966void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2967 int corrupt_minor,
2968 int corrupt_patch,
2969 int corrupt_config )
2970{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2971 unsigned char serialized_session[ 2048 ];
2972 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2973 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2974 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2975 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
2976 corrupt_minor == 1,
2977 corrupt_patch == 1,
2978 corrupt_config == 1,
2979 corrupt_config == 1 };
2980
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2981 mbedtls_ssl_session_init( &session );
2982
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2983 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2984 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2985 serialized_session,
2986 sizeof( serialized_session ),
2987 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2988
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2989 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2990
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2991 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2992 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2993 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2994 serialized_session,
2995 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2996 mbedtls_ssl_session_free( &session );
2997
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2998 /* Go through the bytes in the serialized session header and
2999 * corrupt them bit-by-bit. */
3000 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3001 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3002 int cur_bit;
3003 unsigned char * const byte = &serialized_session[ cur_byte ];
3004
3005 if( should_corrupt_byte[ cur_byte ] == 0 )
3006 continue;
3007
3008 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
3009 {
3010 unsigned char const corrupted_bit = 0x1u << cur_bit;
3011 /* Modify a single bit in the serialized session. */
3012 *byte ^= corrupted_bit;
3013
3014 /* Attempt to deserialize */
3015 TEST_ASSERT( mbedtls_ssl_session_load( &session,
3016 serialized_session,
3017 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]3018 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3019
3020 /* Undo the change */
3021 *byte ^= corrupted_bit;
3022 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3023 }
3024
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3025}
3026/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3027
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3028/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3029void mbedtls_endpoint_sanity( int endpoint_type )
3030{
3031 enum { BUFFSIZE = 1024 };
3032 mbedtls_endpoint ep;
3033 int ret = -1;
3034
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3035 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
3036 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3037 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3038
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3039 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3040 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3041
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3042 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
3043 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3044 TEST_ASSERT( ret == 0 );
3045
3046exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3047 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3048}
3049/* END_CASE */
3050
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3051/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3052void move_handshake_to_state(int endpoint_type, int state, int need_pass)
3053{
3054 enum { BUFFSIZE = 1024 };
3055 mbedtls_endpoint base_ep, second_ep;
3056 int ret = -1;
3057
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3058 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
3059 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3060 TEST_ASSERT( ret == 0 );
3061
3062 ret = mbedtls_endpoint_init( &second_ep,
3063 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3064 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3065 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3066 TEST_ASSERT( ret == 0 );
3067
3068 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
3069 &(second_ep.socket),
3070 BUFFSIZE );
3071 TEST_ASSERT( ret == 0 );
3072
3073 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
3074 &(second_ep.ssl),
3075 state );
3076 if( need_pass )
3077 {
3078 TEST_ASSERT( ret == 0 );
3079 TEST_ASSERT( base_ep.ssl.state == state );
3080 }
3081 else
3082 {
3083 TEST_ASSERT( ret != 0 );
3084 TEST_ASSERT( base_ep.ssl.state != state );
3085 }
3086
3087exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3088 mbedtls_endpoint_free( &base_ep, NULL );
3089 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3090}
3091/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3092
3093/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3094void handshake( const char *cipher, int version, int pk_alg,
3095 data_t *psk_str )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3096{
3097 /* forced_ciphersuite needs to last until the end of the handshake */
3098 int forced_ciphersuite[2];
3099 enum { BUFFSIZE = 1024 };
3100 mbedtls_endpoint client, server;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3101#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3102 const char *psk_identity = "foo";
3103#else
3104 (void) psk_str;
3105#endif
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3106
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3107 /* Client side */
3108 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3109 pk_alg, NULL, NULL, NULL ) == 0 );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3110
3111 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3112 version );
3113 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3114 version );
3115
3116 if( strlen( cipher ) > 0 )
3117 {
3118 set_ciphersuite( &client.conf, cipher, forced_ciphersuite );
3119 }
3120 /* Server side */
3121 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3122 pk_alg, NULL, NULL, NULL ) == 0 );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3123
3124 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3125 version );
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3126#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3127 if( psk_str->len > 0 )
3128 {
3129 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x,
3130 psk_str->len,
3131 (const unsigned char *) psk_identity,
3132 strlen( psk_identity ) ) == 0 );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3133
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3134 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x,
3135 psk_str->len,
3136 (const unsigned char *) psk_identity,
3137 strlen( psk_identity ) ) == 0 );
3138
3139 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
3140 }
3141#endif
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3142 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
3143 &(server.socket),
3144 BUFFSIZE ) == 0 );
3145
3146 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
3147 &(server.ssl),
3148 MBEDTLS_SSL_HANDSHAKE_OVER )
3149 == 0 );
3150 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3151 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3152
3153exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3154 mbedtls_endpoint_free( &client, NULL );
3155 mbedtls_endpoint_free( &server, NULL );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3156}
3157/* END_CASE */
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3158
3159/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
3160void send_application_data( int mfl, int cli_msg_len, int srv_msg_len,
3161 const int expected_cli_frames,
3162 const int expected_srv_frames )
3163{
3164 enum { BUFFSIZE = 2048 };
3165 mbedtls_endpoint server, client;
3166 unsigned char *cli_msg_buf = malloc( cli_msg_len );
3167 unsigned char *cli_in_buf = malloc( srv_msg_len );
3168 unsigned char *srv_msg_buf = malloc( srv_msg_len );
3169 unsigned char *srv_in_buf = malloc( cli_msg_len );
3170 int ret = -1;
3171
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3172 ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
3173 NULL, NULL, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3174 TEST_ASSERT( ret == 0 );
3175
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3176 ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
3177 NULL, NULL, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3178 TEST_ASSERT( ret == 0 );
3179
3180#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3181 ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
3182 TEST_ASSERT( ret == 0 );
3183
3184 ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
3185 TEST_ASSERT( ret == 0 );
3186#else
3187 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
3188#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
3189
3190 ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
3191 BUFFSIZE );
3192 TEST_ASSERT( ret == 0 );
3193
3194 ret = mbedtls_move_handshake_to_state( &(client.ssl),
3195 &(server.ssl),
3196 MBEDTLS_SSL_HANDSHAKE_OVER );
3197 TEST_ASSERT( ret == 0 );
3198 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3199 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3200
3201 /* Perform this test with two message types. At first use a message
3202 * consisting of only 0x00 for the client and only 0xFF for the server.
3203 * At the second time use message with generated data */
3204 for( int msg_type = 0; msg_type < 2; msg_type++ )
3205 {
3206 int cli_writen = 0;
3207 int srv_writen = 0;
3208 int cli_read = 0;
3209 int srv_read = 0;
3210 int cli_fragments = 0;
3211 int srv_fragments = 0;
3212
3213 if( msg_type == 0 )
3214 {
3215 memset( cli_msg_buf, 0x00, cli_msg_len );
3216 memset( srv_msg_buf, 0xff, srv_msg_len );
3217 }
3218 else
3219 {
3220 int j = 0;
3221 for( int i = 0; i < cli_msg_len; i++ )
3222 cli_msg_buf[i] = j++ & 0xFF;
3223 for( int i = 0; i < srv_msg_len; i++ )
3224 srv_msg_buf[i] = ( j -= 5 ) & 0xFF;
3225 }
3226
3227 while( cli_read < srv_msg_len || srv_read < cli_msg_len )
3228 {
3229 /* Client sending */
3230 if( cli_msg_len > cli_writen )
3231 {
3232 ret = mbedtls_ssl_write_fragment( &(client.ssl), cli_msg_buf,
3233 cli_msg_len, &cli_writen, &cli_fragments );
3234 TEST_ASSERT( ( ret >= 0 && ret <= cli_msg_len ) ||
3235 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3236 }
3237
3238 /* Server sending */
3239 if( srv_msg_len > srv_writen )
3240 {
3241 ret = mbedtls_ssl_write_fragment( &(server.ssl), srv_msg_buf,
3242 srv_msg_len, &srv_writen, &srv_fragments );
3243 TEST_ASSERT( ( ret >= 0 && ret <= srv_msg_len ) ||
3244 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3245 }
3246
3247 /* Client reading */
3248 if( cli_read < srv_msg_len )
3249 {
3250 ret = mbedtls_ssl_read_fragment( &(client.ssl), cli_in_buf,
3251 srv_msg_len, &cli_read );
3252 TEST_ASSERT( ( ret >= 0 && ret <= srv_msg_len ) ||
3253 ret == MBEDTLS_ERR_SSL_WANT_READ );
3254 }
3255
3256 /* Server reading */
3257 if( srv_read < cli_msg_len )
3258 {
3259 ret = mbedtls_ssl_read_fragment( &(server.ssl), srv_in_buf,
3260 cli_msg_len, &srv_read );
3261 TEST_ASSERT( ( ret >= 0 && ret <= cli_msg_len ) ||
3262 ret == MBEDTLS_ERR_SSL_WANT_READ );
3263 }
3264 }
3265
3266 TEST_ASSERT( 0 == memcmp( cli_msg_buf, srv_in_buf, cli_msg_len ) );
3267 TEST_ASSERT( 0 == memcmp( srv_msg_buf, cli_in_buf, srv_msg_len ) );
3268 TEST_ASSERT( cli_fragments == expected_cli_frames );
3269 TEST_ASSERT( srv_fragments == expected_srv_frames );
3270 }
3271
3272exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame^]3273 mbedtls_endpoint_free( &client, NULL );
3274 mbedtls_endpoint_free( &server, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3275 free( cli_msg_buf );
3276 free( cli_in_buf );
3277 free( srv_msg_buf );
3278 free( srv_in_buf );
3279}
3280/* END_CASE */