TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 298a2d6109acbaec2b97ad6ff2ec2fe8f553b1f5 / . / tests / suites / test_suite_ssl.function
blob: 7149840a0071a51a52e188889faee4c25f5aaf88 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Chris Jones84a773f2021-03-05 18:38:47 +0000[diff] [blame]3#include <ssl_misc.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]6#include <mbedtls/timing.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]7#include <mbedtls/debug.h>
Hanno Becker73c825a2020-09-08 10:52:58 +0100[diff] [blame]8#include <ssl_tls13_keys.h>
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]9#include <ssl_tls13_invasive.h>
Mateusz Starzyk1aec6462021-02-08 15:34:42 +0100[diff] [blame]10#include "test/certs.h"
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]11
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]12#include <psa/crypto.h>
13
Gabor Mezei22c9a6f2021-10-20 12:09:35 +0200[diff] [blame]14#include <constant_time_internal.h>
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]15
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]16#include <test/constant_flow.h>
17
Hanno Becker1413bd82020-09-09 12:46:09 +0100[diff] [blame]18enum
19{
20#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
Xiaofei Baid25fab62021-12-02 06:36:27 +0000[diff] [blame]21 tls13_label_ ## name,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]22MBEDTLS_SSL_TLS1_3_LABEL_LIST
23#undef MBEDTLS_SSL_TLS1_3_LABEL
Hanno Becker1413bd82020-09-09 12:46:09 +0100[diff] [blame]24};
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]25
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]26typedef struct log_pattern
27{
28 const char *pattern;
29 size_t counter;
30} log_pattern;
31
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]32/*
33 * This function can be passed to mbedtls to receive output logs from it. In
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]34 * this case, it will count the instances of a log_pattern in the received
35 * logged messages.
36 */
37void log_analyzer( void *ctx, int level,
38 const char *file, int line,
39 const char *str )
40{
41 log_pattern *p = (log_pattern *) ctx;
42
43 (void) level;
44 (void) line;
45 (void) file;
46
47 if( NULL != p &&
48 NULL != p->pattern &&
49 NULL != strstr( str, p->pattern ) )
50 {
51 p->counter++;
52 }
53}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]54
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]55/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
56#define TEST_SSL_MINOR_VERSION_NONE -1
57
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]58typedef struct handshake_test_options
59{
60 const char *cipher;
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]61 int client_min_version;
62 int client_max_version;
63 int server_min_version;
64 int server_max_version;
65 int expected_negotiated_version;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]66 int pk_alg;
67 data_t *psk_str;
68 int dtls;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]69 int srv_auth_mode;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]70 int serialize;
71 int mfl;
72 int cli_msg_len;
73 int srv_msg_len;
74 int expected_cli_fragments;
75 int expected_srv_fragments;
76 int renegotiate;
77 int legacy_renegotiation;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]78 void *srv_log_obj;
79 void *cli_log_obj;
80 void (*srv_log_fun)(void *, int, const char *, int, const char *);
81 void (*cli_log_fun)(void *, int, const char *, int, const char *);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]82 int resize_buffers;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]83} handshake_test_options;
84
85void init_handshake_options( handshake_test_options *opts )
86{
87 opts->cipher = "";
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]88 opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
89 opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
90 opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
91 opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
92 opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]93 opts->pk_alg = MBEDTLS_PK_RSA;
94 opts->psk_str = NULL;
95 opts->dtls = 0;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]96 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]97 opts->serialize = 0;
98 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
99 opts->cli_msg_len = 100;
100 opts->srv_msg_len = 100;
101 opts->expected_cli_fragments = 1;
102 opts->expected_srv_fragments = 1;
103 opts->renegotiate = 0;
104 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]105 opts->srv_log_obj = NULL;
106 opts->srv_log_obj = NULL;
107 opts->srv_log_fun = NULL;
108 opts->cli_log_fun = NULL;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]109 opts->resize_buffers = 1;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]110}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]111/*
112 * Buffer structure for custom I/O callbacks.
113 */
114
115typedef struct mbedtls_test_buffer
116{
117 size_t start;
118 size_t content_length;
119 size_t capacity;
120 unsigned char *buffer;
121} mbedtls_test_buffer;
122
123/*
124 * Initialises \p buf. After calling this function it is safe to call
125 * `mbedtls_test_buffer_free()` on \p buf.
126 */
127void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
128{
129 memset( buf, 0, sizeof( *buf ) );
130}
131
132/*
133 * Sets up \p buf. After calling this function it is safe to call
134 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
135 */
136int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
137{
138 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
139 sizeof(unsigned char) );
140 if( NULL == buf->buffer )
141 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
142 buf->capacity = capacity;
143
144 return 0;
145}
146
147void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
148{
149 if( buf->buffer != NULL )
150 mbedtls_free( buf->buffer );
151
152 memset( buf, 0, sizeof( *buf ) );
153}
154
155/*
156 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
157 *
158 * \p buf must have been initialized and set up by calling
159 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
160 *
161 * \retval \p input_len, if the data fits.
162 * \retval 0 <= value < \p input_len, if the data does not fit.
163 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
164 * zero and \p input is NULL.
165 */
166int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]167 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]168{
169 size_t overflow = 0;
170
171 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
172 return -1;
173
174 /* Reduce input_len to a number that fits in the buffer. */
175 if ( ( buf->content_length + input_len ) > buf->capacity )
176 {
177 input_len = buf->capacity - buf->content_length;
178 }
179
180 if( input == NULL )
181 {
182 return ( input_len == 0 ) ? 0 : -1;
183 }
184
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]185 /* Check if the buffer has not come full circle and free space is not in
186 * the middle */
187 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]188 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]189
190 /* Calculate the number of bytes that need to be placed at lower memory
191 * address */
192 if( buf->start + buf->content_length + input_len
193 > buf->capacity )
194 {
195 overflow = ( buf->start + buf->content_length + input_len )
196 % buf->capacity;
197 }
198
199 memcpy( buf->buffer + buf->start + buf->content_length, input,
200 input_len - overflow );
201 memcpy( buf->buffer, input + input_len - overflow, overflow );
202
203 }
204 else
205 {
206 /* The buffer has come full circle and free space is in the middle */
207 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
208 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]209 }
210
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]211 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]212 return input_len;
213}
214
215/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]216 * Gets \p output_len bytes from the ring buffer \p buf into the
217 * \p output buffer. The output buffer can be NULL, in this case a part of the
218 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]219 *
220 * \p buf must have been initialized and set up by calling
221 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
222 *
223 * \retval \p output_len, if the data is available.
224 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]225 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]226 */
227int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
228 unsigned char* output, size_t output_len )
229{
230 size_t overflow = 0;
231
232 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
233 return -1;
234
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]235 if( output == NULL && output_len == 0 )
236 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]237
238 if( buf->content_length < output_len )
239 output_len = buf->content_length;
240
241 /* Calculate the number of bytes that need to be drawn from lower memory
242 * address */
243 if( buf->start + output_len > buf->capacity )
244 {
245 overflow = ( buf->start + output_len ) % buf->capacity;
246 }
247
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]248 if( output != NULL )
249 {
250 memcpy( output, buf->buffer + buf->start, output_len - overflow );
251 memcpy( output + output_len - overflow, buf->buffer, overflow );
252 }
253
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]254 buf->content_length -= output_len;
255 buf->start = ( buf->start + output_len ) % buf->capacity;
256
257 return output_len;
258}
259
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]260/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]261 * Errors used in the message transport mock tests
262 */
263 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]264 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
265
266/*
267 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
268 */
269typedef struct mbedtls_test_message_queue
270{
271 size_t *messages;
272 int pos;
273 int num;
274 int capacity;
275} mbedtls_test_message_queue;
276
277/*
278 * Setup and free functions for the message metadata queue.
279 *
280 * \p capacity describes the number of message metadata chunks that can be held
281 * within the queue.
282 *
283 * \retval 0, if a metadata queue of a given length can be allocated.
284 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
285 */
286int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
287 size_t capacity )
288{
289 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
290 if( NULL == queue->messages )
291 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
292
293 queue->capacity = capacity;
294 queue->pos = 0;
295 queue->num = 0;
296
297 return 0;
298}
299
300void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
301{
302 if( queue == NULL )
303 return;
304
305 if( queue->messages != NULL )
306 mbedtls_free( queue->messages );
307
308 memset( queue, 0, sizeof( *queue ) );
309}
310
311/*
312 * Push message length information onto the message metadata queue.
313 * This will become the last element to leave it (fifo).
314 *
315 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]316 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]317 * \retval \p len, if the push was successful.
318 */
319int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
320 size_t len )
321{
322 int place;
323 if( queue == NULL )
324 return MBEDTLS_TEST_ERROR_ARG_NULL;
325
326 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]327 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]328
329 place = ( queue->pos + queue->num ) % queue->capacity;
330 queue->messages[place] = len;
331 queue->num++;
332 return len;
333}
334
335/*
336 * Pop information about the next message length from the queue. This will be
337 * the oldest inserted message length(fifo). \p msg_len can be null, in which
338 * case the data will be popped from the queue but not copied anywhere.
339 *
340 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]341 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]342 * \retval message length, if the pop was successful, up to the given
343 \p buf_len.
344 */
345int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
346 size_t buf_len )
347{
348 size_t message_length;
349 if( queue == NULL )
350 return MBEDTLS_TEST_ERROR_ARG_NULL;
351 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]352 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]353
354 message_length = queue->messages[queue->pos];
355 queue->messages[queue->pos] = 0;
356 queue->num--;
357 queue->pos++;
358 queue->pos %= queue->capacity;
359 if( queue->pos < 0 )
360 queue->pos += queue->capacity;
361
362 return ( message_length > buf_len ) ? buf_len : message_length;
363}
364
365/*
366 * Take a peek on the info about the next message length from the queue.
367 * This will be the oldest inserted message length(fifo).
368 *
369 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]370 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]371 * \retval 0, if the peek was successful.
372 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
373 * too small to fit the message. In this case the \p msg_len will be
374 * set to the full message length so that the
375 * caller knows what portion of the message can be dropped.
376 */
377int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
378 size_t buf_len, size_t* msg_len )
379{
380 if( queue == NULL || msg_len == NULL )
381 return MBEDTLS_TEST_ERROR_ARG_NULL;
382 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]383 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]384
385 *msg_len = queue->messages[queue->pos];
386 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
387}
388/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]389 * Context for the I/O callbacks simulating network connection.
390 */
391
392#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
393
394typedef struct mbedtls_mock_socket
395{
396 int status;
397 mbedtls_test_buffer *input;
398 mbedtls_test_buffer *output;
399 struct mbedtls_mock_socket *peer;
400} mbedtls_mock_socket;
401
402/*
403 * Setup and teardown functions for mock sockets.
404 */
405void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
406{
407 memset( socket, 0, sizeof( *socket ) );
408}
409
410/*
411 * Closes the socket \p socket.
412 *
413 * \p socket must have been previously initialized by calling
414 * mbedtls_mock_socket_init().
415 *
416 * This function frees all allocated resources and both sockets are aware of the
417 * new connection state.
418 *
419 * That is, this function does not simulate half-open TCP connections and the
420 * phenomenon that when closing a UDP connection the peer is not aware of the
421 * connection having been closed.
422 */
423void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
424{
425 if( socket == NULL )
426 return;
427
428 if( socket->input != NULL )
429 {
430 mbedtls_test_buffer_free( socket->input );
431 mbedtls_free( socket->input );
432 }
433
434 if( socket->output != NULL )
435 {
436 mbedtls_test_buffer_free( socket->output );
437 mbedtls_free( socket->output );
438 }
439
440 if( socket->peer != NULL )
441 memset( socket->peer, 0, sizeof( *socket->peer ) );
442
443 memset( socket, 0, sizeof( *socket ) );
444}
445
446/*
447 * Establishes a connection between \p peer1 and \p peer2.
448 *
449 * \p peer1 and \p peer2 must have been previously initialized by calling
450 * mbedtls_mock_socket_init().
451 *
452 * The capacites of the internal buffers are set to \p bufsize. Setting this to
453 * the correct value allows for simulation of MTU, sanity testing the mock
454 * implementation and mocking TCP connections with lower memory cost.
455 */
456int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
457 mbedtls_mock_socket* peer2,
458 size_t bufsize )
459{
460 int ret = -1;
461
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]462 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]463 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
464 if( peer1->output == NULL )
465 {
466 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
467 goto exit;
468 }
469 mbedtls_test_buffer_init( peer1->output );
470 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
471 {
472 goto exit;
473 }
474
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]475 peer2->output =
476 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
477 if( peer2->output == NULL )
478 {
479 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
480 goto exit;
481 }
482 mbedtls_test_buffer_init( peer2->output );
483 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
484 {
485 goto exit;
486 }
487
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]488 peer1->peer = peer2;
489 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]490 peer1->input = peer2->output;
491 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]492
493 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
494 ret = 0;
495
496exit:
497
498 if( ret != 0 )
499 {
500 mbedtls_mock_socket_close( peer1 );
501 mbedtls_mock_socket_close( peer2 );
502 }
503
504 return ret;
505}
506
507/*
508 * Callbacks for simulating blocking I/O over connection-oriented transport.
509 */
510
511int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
512{
513 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
514
515 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
516 return -1;
517
518 return mbedtls_test_buffer_put( socket->output, buf, len );
519}
520
521int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
522{
523 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
524
525 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
526 return -1;
527
528 return mbedtls_test_buffer_get( socket->input, buf, len );
529}
530
531/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]532 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
533 */
534
535int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
536{
537 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
538
539 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
540 return -1;
541
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]542 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]543 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]544 return MBEDTLS_ERR_SSL_WANT_WRITE;
545 }
546
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]547 return mbedtls_test_buffer_put( socket->output, buf, len );
548}
549
550int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
551{
552 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
553
554 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
555 return -1;
556
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]557 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]558 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]559 return MBEDTLS_ERR_SSL_WANT_READ;
560 }
561
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]562 return mbedtls_test_buffer_get( socket->input, buf, len );
563}
564
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]565/* Errors used in the message socket mocks */
566
567#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
568#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
569#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
570
571/*
572 * Structure used as an addon, or a wrapper, around the mocked sockets.
573 * Contains an input queue, to which the other socket pushes metadata,
574 * and an output queue, to which this one pushes metadata. This context is
575 * considered as an owner of the input queue only, which is initialized and
576 * freed in the respective setup and free calls.
577 */
578typedef struct mbedtls_test_message_socket_context
579{
580 mbedtls_test_message_queue* queue_input;
581 mbedtls_test_message_queue* queue_output;
582 mbedtls_mock_socket* socket;
583} mbedtls_test_message_socket_context;
584
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]585void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
586{
587 ctx->queue_input = NULL;
588 ctx->queue_output = NULL;
589 ctx->socket = NULL;
590}
591
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]592/*
593 * Setup a given mesasge socket context including initialization of
594 * input/output queues to a chosen capacity of messages. Also set the
595 * corresponding mock socket.
596 *
597 * \retval 0, if everything succeeds.
598 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
599 * queue failed.
600 */
601int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
602 mbedtls_test_message_queue* queue_output,
603 size_t queue_capacity,
604 mbedtls_mock_socket* socket,
605 mbedtls_test_message_socket_context* ctx )
606{
607 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
608 if( ret != 0 )
609 return ret;
610 ctx->queue_input = queue_input;
611 ctx->queue_output = queue_output;
612 ctx->socket = socket;
613 mbedtls_mock_socket_init( socket );
614
615 return 0;
616}
617
618/*
619 * Close a given message socket context, along with the socket itself. Free the
620 * memory allocated by the input queue.
621 */
622void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
623{
624 if( ctx == NULL )
625 return;
626
627 mbedtls_test_message_queue_free( ctx->queue_input );
628 mbedtls_mock_socket_close( ctx->socket );
629 memset( ctx, 0, sizeof( *ctx ) );
630}
631
632/*
633 * Send one message through a given message socket context.
634 *
635 * \retval \p len, if everything succeeds.
636 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
637 * elements or the context itself is null.
638 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]639 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]640 *
641 * This function will also return any error from
642 * mbedtls_test_message_queue_push_info.
643 */
644int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
645{
646 mbedtls_test_message_queue* queue;
647 mbedtls_mock_socket* socket;
648 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
649
650 if( context == NULL || context->socket == NULL
651 || context->queue_output == NULL )
652 {
653 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
654 }
655
656 queue = context->queue_output;
657 socket = context->socket;
658
659 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]660 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]661
662 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
663 return MBEDTLS_TEST_ERROR_SEND_FAILED;
664
665 return mbedtls_test_message_queue_push_info( queue, len );
666}
667
668/*
669 * Receive one message from a given message socket context and return message
670 * length or an error.
671 *
672 * \retval message length, if everything succeeds.
673 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
674 * elements or the context itself is null.
675 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
676 *
677 * This function will also return any error other than
678 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
679 */
680int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
681{
682 mbedtls_test_message_queue* queue;
683 mbedtls_mock_socket* socket;
684 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
Gilles Peskine19e841e2020-03-09 20:43:51 +0100[diff] [blame]685 size_t drop_len = 0;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]686 size_t msg_len;
687 int ret;
688
689 if( context == NULL || context->socket == NULL
690 || context->queue_input == NULL )
691 {
692 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
693 }
694
695 queue = context->queue_input;
696 socket = context->socket;
697
698 /* Peek first, so that in case of a socket error the data remains in
699 * the queue. */
700 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
701 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
702 {
703 /* Calculate how much to drop */
704 drop_len = msg_len - buf_len;
705
706 /* Set the requested message len to be buffer length */
707 msg_len = buf_len;
708 } else if( ret != 0 )
709 {
710 return ret;
711 }
712
713 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
714 return MBEDTLS_TEST_ERROR_RECV_FAILED;
715
716 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
717 {
718 /* Drop the remaining part of the message */
719 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
720 {
721 /* Inconsistent state - part of the message was read,
722 * and a part couldn't. Not much we can do here, but it should not
723 * happen in test environment, unless forced manually. */
724 }
725 }
726 mbedtls_test_message_queue_pop_info( queue, buf_len );
727
728 return msg_len;
729}
730
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]731#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
732 defined(MBEDTLS_ENTROPY_C) && \
733 defined(MBEDTLS_CTR_DRBG_C)
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]734
735/*
736 * Structure with endpoint's certificates for SSL communication tests.
737 */
738typedef struct mbedtls_endpoint_certificate
739{
740 mbedtls_x509_crt ca_cert;
741 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]742 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]743} mbedtls_endpoint_certificate;
744
745/*
746 * Endpoint structure for SSL communication tests.
747 */
748typedef struct mbedtls_endpoint
749{
750 const char *name;
751 mbedtls_ssl_context ssl;
752 mbedtls_ssl_config conf;
753 mbedtls_ctr_drbg_context ctr_drbg;
754 mbedtls_entropy_context entropy;
755 mbedtls_mock_socket socket;
756 mbedtls_endpoint_certificate cert;
757} mbedtls_endpoint;
758
759/*
760 * Initializes \p ep_cert structure and assigns it to endpoint
761 * represented by \p ep.
762 *
763 * \retval 0 on success, otherwise error code.
764 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]765int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]766{
767 int i = 0;
768 int ret = -1;
769 mbedtls_endpoint_certificate *cert;
770
771 if( ep == NULL )
772 {
773 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
774 }
775
776 cert = &( ep->cert );
777 mbedtls_x509_crt_init( &( cert->ca_cert ) );
778 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]779 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]780
781 /* Load the trusted CA */
782
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]783 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
784 {
785 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
786 (const unsigned char *) mbedtls_test_cas_der[i],
787 mbedtls_test_cas_der_len[i] );
788 TEST_ASSERT( ret == 0 );
789 }
790
791 /* Load own certificate and private key */
792
793 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
794 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]795 if( pk_alg == MBEDTLS_PK_RSA )
796 {
797 ret = mbedtls_x509_crt_parse( &( cert->cert ),
798 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
799 mbedtls_test_srv_crt_rsa_sha256_der_len );
800 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]801
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]802 ret = mbedtls_pk_parse_key( &( cert->pkey ),
803 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]804 mbedtls_test_srv_key_rsa_der_len, NULL, 0,
805 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]806 TEST_ASSERT( ret == 0 );
807 }
808 else
809 {
810 ret = mbedtls_x509_crt_parse( &( cert->cert ),
811 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
812 mbedtls_test_srv_crt_ec_der_len );
813 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]814
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]815 ret = mbedtls_pk_parse_key( &( cert->pkey ),
816 (const unsigned char*) mbedtls_test_srv_key_ec_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]817 mbedtls_test_srv_key_ec_der_len, NULL, 0,
818 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]819 TEST_ASSERT( ret == 0 );
820 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]821 }
822 else
823 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]824 if( pk_alg == MBEDTLS_PK_RSA )
825 {
826 ret = mbedtls_x509_crt_parse( &( cert->cert ),
827 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
828 mbedtls_test_cli_crt_rsa_der_len );
829 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]830
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]831 ret = mbedtls_pk_parse_key( &( cert->pkey ),
832 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]833 mbedtls_test_cli_key_rsa_der_len, NULL, 0,
834 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]835 TEST_ASSERT( ret == 0 );
836 }
837 else
838 {
839 ret = mbedtls_x509_crt_parse( &( cert->cert ),
840 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
841 mbedtls_test_cli_crt_ec_len );
842 TEST_ASSERT( ret == 0 );
843
844 ret = mbedtls_pk_parse_key( &( cert->pkey ),
845 (const unsigned char *) mbedtls_test_cli_key_ec_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]846 mbedtls_test_cli_key_ec_der_len, NULL, 0,
847 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]848 TEST_ASSERT( ret == 0 );
849 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]850 }
851
852 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
853
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]854 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
855 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]856 TEST_ASSERT( ret == 0 );
857
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]858exit:
859 if( ret != 0 )
860 {
861 mbedtls_x509_crt_free( &( cert->ca_cert ) );
862 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]863 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]864 }
865
866 return ret;
867}
868
869/*
870 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
871 * after calling this function even if it fails.
872 *
873 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
874 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]875 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
876 * MBEDTLS_PK_ECDSA are supported.
877 * \p dtls_context - in case of DTLS - this is the context handling metadata.
878 * \p input_queue - used only in case of DTLS.
879 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]880 *
881 * \retval 0 on success, otherwise error code.
882 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]883int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
884 mbedtls_test_message_socket_context *dtls_context,
885 mbedtls_test_message_queue *input_queue,
886 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]887{
888 int ret = -1;
889
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]890 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]891 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]892
893 if( ep == NULL )
894 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]895
896 memset( ep, 0, sizeof( *ep ) );
897
898 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
899
900 mbedtls_ssl_init( &( ep->ssl ) );
901 mbedtls_ssl_config_init( &( ep->conf ) );
902 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
903 mbedtls_ssl_conf_rng( &( ep->conf ),
904 mbedtls_ctr_drbg_random,
905 &( ep->ctr_drbg ) );
906 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]907 if( dtls_context != NULL )
908 {
909 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
910 100, &( ep->socket ),
911 dtls_context ) == 0 );
912 }
913 else
914 {
915 mbedtls_mock_socket_init( &( ep->socket ) );
916 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]917
918 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
919 &( ep->entropy ), (const unsigned char *) ( ep->name ),
920 strlen( ep->name ) );
921 TEST_ASSERT( ret == 0 );
922
923 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]924 if( dtls_context != NULL )
925 {
926 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
927 mbedtls_mock_tcp_send_msg,
928 mbedtls_mock_tcp_recv_msg,
929 NULL );
930 }
931 else
932 {
933 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
934 mbedtls_mock_tcp_send_nb,
935 mbedtls_mock_tcp_recv_nb,
936 NULL );
937 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]938
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]939 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]940 ( dtls_context != NULL ) ?
941 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
942 MBEDTLS_SSL_TRANSPORT_STREAM,
943 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]944 TEST_ASSERT( ret == 0 );
945
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]946 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
947 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]948
949#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
950 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
951 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
952#endif
953
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]954 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]955 TEST_ASSERT( ret == 0 );
956
957exit:
958 return ret;
959}
960
961/*
962 * Deinitializes certificates from endpoint represented by \p ep.
963 */
964void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
965{
966 mbedtls_endpoint_certificate *cert = &( ep->cert );
967 mbedtls_x509_crt_free( &( cert->ca_cert ) );
968 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]969 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]970}
971
972/*
973 * Deinitializes endpoint represented by \p ep.
974 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]975void mbedtls_endpoint_free( mbedtls_endpoint *ep,
976 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]977{
978 mbedtls_endpoint_certificate_free( ep );
979
980 mbedtls_ssl_free( &( ep->ssl ) );
981 mbedtls_ssl_config_free( &( ep->conf ) );
982 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
983 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]984
985 if( context != NULL )
986 {
987 mbedtls_message_socket_close( context );
988 }
989 else
990 {
991 mbedtls_mock_socket_close( &( ep->socket ) );
992 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]993}
994
995/*
996 * This function moves ssl handshake from \p ssl to prescribed \p state.
997 * /p second_ssl is used as second endpoint and their sockets have to be
998 * connected before calling this function.
999 *
1000 * \retval 0 on success, otherwise error code.
1001 */
1002int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
1003 mbedtls_ssl_context *second_ssl,
1004 int state )
1005{
1006 enum { BUFFSIZE = 1024 };
1007 int max_steps = 1000;
1008 int ret = 0;
1009
1010 if( ssl == NULL || second_ssl == NULL )
1011 {
1012 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
1013 }
1014
1015 /* Perform communication via connected sockets */
1016 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
1017 {
1018 /* If /p second_ssl ends the handshake procedure before /p ssl then
1019 * there is no need to call the next step */
1020 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
1021 {
1022 ret = mbedtls_ssl_handshake_step( second_ssl );
1023 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1024 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1025 {
1026 return ret;
1027 }
1028 }
1029
1030 /* We only care about the \p ssl state and returns, so we call it last,
1031 * to leave the iteration as soon as the state is as expected. */
1032 ret = mbedtls_ssl_handshake_step( ssl );
1033 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1034 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1035 {
1036 return ret;
1037 }
1038 }
1039
1040 return ( max_steps >= 0 ) ? ret : -1;
1041}
1042
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1043#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1044
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1045/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1046 * Write application data. Increase write counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1047 */
1048int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1049 int buf_len, int *written,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1050 const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1051{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1052 int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
1053 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1054 {
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1055 *written += ret;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1056 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1057
1058 if( expected_fragments == 0 )
1059 {
1060 /* Used for DTLS and the message size larger than MFL. In that case
1061 * the message can not be fragmented and the library should return
1062 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
1063 * to prevent a dead loop inside mbedtls_exchange_data(). */
1064 return ret;
1065 }
1066 else if( expected_fragments == 1 )
1067 {
1068 /* Used for TLS/DTLS and the message size lower than MFL */
1069 TEST_ASSERT( ret == buf_len ||
1070 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1071 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1072 }
1073 else
1074 {
1075 /* Used for TLS and the message size larger than MFL */
1076 TEST_ASSERT( expected_fragments > 1 );
1077 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1078 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1079 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1080 }
1081
1082 return 0;
1083
1084exit:
1085 /* Some of the tests failed */
1086 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1087}
1088
1089/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1090 * Read application data and increase read counter and fragments counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1091 */
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1092int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
1093 int buf_len, int *read,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1094 int *fragments, const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1095{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1096 int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
1097 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1098 {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1099 ( *fragments )++;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1100 *read += ret;
1101 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1102
1103 if( expected_fragments == 0 )
1104 {
1105 TEST_ASSERT( ret == 0 );
1106 }
1107 else if( expected_fragments == 1 )
1108 {
1109 TEST_ASSERT( ret == buf_len ||
1110 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1111 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1112 }
1113 else
1114 {
1115 TEST_ASSERT( expected_fragments > 1 );
1116 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1117 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1118 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1119 }
1120
1121 return 0;
1122
1123exit:
1124 /* Some of the tests failed */
1125 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1126}
1127
1128/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1129 * Helper function setting up inverse record transformations
1130 * using given cipher, hash, EtM mode, authentication tag length,
1131 * and version.
1132 */
1133
1134#define CHK( x ) \
1135 do \
1136 { \
1137 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1138 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1139 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1140 goto cleanup; \
1141 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1142 } while( 0 )
1143
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1144void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
1145 int* forced_ciphersuite )
1146{
1147 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1148 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
1149 forced_ciphersuite[1] = 0;
1150
1151 ciphersuite_info =
1152 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
1153
1154 TEST_ASSERT( ciphersuite_info != NULL );
1155 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
1156 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
1157
1158 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
1159 {
1160 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
1161 }
1162 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
1163 {
1164 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
1165 }
1166
1167 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
1168
1169exit:
1170 return;
1171}
1172
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1173int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1174 const unsigned char *name, size_t name_len )
1175{
1176 (void) p_info;
1177 (void) ssl;
1178 (void) name;
1179 (void) name_len;
1180
1181 return ( 0 );
1182}
1183
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1184#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1185#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1186#else
1187#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1188#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1189
Jerry Yu53d23e22022-02-09 16:25:09 +0800[diff] [blame]1190#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1191static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
1192 const unsigned char *iv, size_t iv_len,
1193 const unsigned char *input, size_t ilen,
1194 unsigned char *output, size_t *olen )
1195{
Przemyslaw Stekiel5648d572022-02-03 14:09:02 +0100[diff] [blame]1196#if defined(MBEDTLS_USE_PSA_CRYPTO)
Przemyslaw Stekield66387f2022-02-03 08:55:33 +0100[diff] [blame]1197 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1198 psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
1199 size_t part_len;
1200
1201 status = psa_cipher_encrypt_setup( &cipher_op,
1202 transform->psa_key_enc, transform->psa_alg );
1203
1204 if( status != PSA_SUCCESS )
1205 return( psa_ssl_status_to_mbedtls( status ) );
1206
1207 status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
1208
1209 if( status != PSA_SUCCESS )
1210 return( psa_ssl_status_to_mbedtls( status ) );
1211
1212 status = psa_cipher_update( &cipher_op,
1213 input, ilen, output, ilen, olen );
1214
1215 if( status != PSA_SUCCESS )
1216 return( psa_ssl_status_to_mbedtls( status ) );
1217
1218 status = psa_cipher_finish( &cipher_op,
1219 output + *olen, ilen - *olen, &part_len );
1220
1221 if( status != PSA_SUCCESS )
1222 return( psa_ssl_status_to_mbedtls( status ) );
1223
1224 *olen += part_len;
1225 return( 0 );
Przemyslaw Stekiel5648d572022-02-03 14:09:02 +0100[diff] [blame]1226#else
1227 return mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
1228 iv, iv_len, input, ilen, output, olen );
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1229#endif /* MBEDTLS_USE_PSA_CRYPTO */
Przemyslaw Stekiel5648d572022-02-03 14:09:02 +0100[diff] [blame]1230}
Jerry Yu53d23e22022-02-09 16:25:09 +0800[diff] [blame]1231#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1232
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1233static int build_transforms( mbedtls_ssl_transform *t_in,
1234 mbedtls_ssl_transform *t_out,
1235 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1236 int etm, int tag_mode, int ver,
1237 size_t cid0_len,
1238 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1239{
1240 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1241 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1242
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1243#if defined(MBEDTLS_USE_PSA_CRYPTO)
1244 psa_key_type_t key_type;
1245 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1246 psa_algorithm_t alg;
1247 size_t key_bits;
Przemyslaw Stekield66387f2022-02-03 08:55:33 +0100[diff] [blame]1248 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1249#endif
1250
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1251 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1252 unsigned char *key0 = NULL, *key1 = NULL;
Paul Elliott6f1eda72020-06-11 20:22:00 +0100[diff] [blame]1253 unsigned char *md0 = NULL, *md1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1254 unsigned char iv_enc[16], iv_dec[16];
1255
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1256#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1257 unsigned char cid0[ SSL_CID_LEN_MIN ];
1258 unsigned char cid1[ SSL_CID_LEN_MIN ];
1259
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]1260 mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1261 mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1262#else
1263 ((void) cid0_len);
1264 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1265#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1266
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1267 maclen = 0;
1268
1269 /* Pick cipher */
1270 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1271 CHK( cipher_info != NULL );
1272 CHK( cipher_info->iv_size <= 16 );
1273 CHK( cipher_info->key_bitlen % 8 == 0 );
1274
1275 /* Pick keys */
1276 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1277 /* Allocate `keylen + 1` bytes to ensure that we get
1278 * a non-NULL pointers from `mbedtls_calloc` even if
1279 * `keylen == 0` in the case of the NULL cipher. */
1280 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1281 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1282 memset( key0, 0x1, keylen );
1283 memset( key1, 0x2, keylen );
1284
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1285#if !defined(MBEDTLS_USE_PSA_CRYPTO)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1286 /* Setup cipher contexts */
1287 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1288 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1289 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1290 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1291
1292#if defined(MBEDTLS_CIPHER_MODE_CBC)
1293 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1294 {
1295 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1296 MBEDTLS_PADDING_NONE ) == 0 );
1297 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1298 MBEDTLS_PADDING_NONE ) == 0 );
1299 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1300 MBEDTLS_PADDING_NONE ) == 0 );
1301 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1302 MBEDTLS_PADDING_NONE ) == 0 );
1303 }
1304#endif /* MBEDTLS_CIPHER_MODE_CBC */
1305
1306 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1307 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1308 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1309 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1310 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1311 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1312 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1313 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1314#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1315
1316 /* Setup MAC contexts */
Hanno Beckerfd86ca82020-11-30 08:54:23 +0000[diff] [blame]1317#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1318 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1319 cipher_info->mode == MBEDTLS_MODE_STREAM )
1320 {
1321 mbedtls_md_info_t const *md_info;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1322
1323 /* Pick hash */
1324 md_info = mbedtls_md_info_from_type( hash_id );
1325 CHK( md_info != NULL );
1326
1327 /* Pick hash keys */
1328 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1329 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1330 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1331 memset( md0, 0x5, maclen );
1332 memset( md1, 0x6, maclen );
1333
1334 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1335 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1336 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1337 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1338
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +0100[diff] [blame]1339 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1340 md0, maclen ) == 0 );
1341 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1342 md1, maclen ) == 0 );
1343 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1344 md1, maclen ) == 0 );
1345 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1346 md0, maclen ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1347 }
1348#else
1349 ((void) hash_id);
Hanno Beckerfd86ca82020-11-30 08:54:23 +0000[diff] [blame]1350#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1351
1352
1353 /* Pick IV's (regardless of whether they
1354 * are being used by the transform). */
1355 ivlen = cipher_info->iv_size;
1356 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1357 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1358
1359 /*
1360 * Setup transforms
1361 */
1362
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1363#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
Hanno Beckerfd86ca82020-11-30 08:54:23 +0000[diff] [blame]1364 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1365 t_out->encrypt_then_mac = etm;
1366 t_in->encrypt_then_mac = etm;
1367#else
1368 ((void) etm);
1369#endif
1370
1371 t_out->minor_ver = ver;
1372 t_in->minor_ver = ver;
1373 t_out->ivlen = ivlen;
1374 t_in->ivlen = ivlen;
1375
1376 switch( cipher_info->mode )
1377 {
1378 case MBEDTLS_MODE_GCM:
1379 case MBEDTLS_MODE_CCM:
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1380#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Beckere6832872020-05-28 08:29:58 +0100[diff] [blame]1381 if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
1382 {
1383 t_out->fixed_ivlen = 12;
1384 t_in->fixed_ivlen = 12;
1385 }
1386 else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1387#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Beckere6832872020-05-28 08:29:58 +0100[diff] [blame]1388 {
1389 t_out->fixed_ivlen = 4;
1390 t_in->fixed_ivlen = 4;
1391 }
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1392 t_out->maclen = 0;
1393 t_in->maclen = 0;
1394 switch( tag_mode )
1395 {
1396 case 0: /* Full tag */
1397 t_out->taglen = 16;
1398 t_in->taglen = 16;
1399 break;
1400 case 1: /* Partial tag */
1401 t_out->taglen = 8;
1402 t_in->taglen = 8;
1403 break;
1404 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1405 ret = 1;
1406 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1407 }
1408 break;
1409
1410 case MBEDTLS_MODE_CHACHAPOLY:
1411 t_out->fixed_ivlen = 12;
1412 t_in->fixed_ivlen = 12;
1413 t_out->maclen = 0;
1414 t_in->maclen = 0;
1415 switch( tag_mode )
1416 {
1417 case 0: /* Full tag */
1418 t_out->taglen = 16;
1419 t_in->taglen = 16;
1420 break;
1421 case 1: /* Partial tag */
1422 t_out->taglen = 8;
1423 t_in->taglen = 8;
1424 break;
1425 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1426 ret = 1;
1427 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1428 }
1429 break;
1430
1431 case MBEDTLS_MODE_STREAM:
1432 case MBEDTLS_MODE_CBC:
1433 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1434 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1435 t_out->taglen = 0;
1436 t_in->taglen = 0;
1437 switch( tag_mode )
1438 {
1439 case 0: /* Full tag */
1440 t_out->maclen = maclen;
1441 t_in->maclen = maclen;
1442 break;
1443 case 1: /* Partial tag */
1444 t_out->maclen = 10;
1445 t_in->maclen = 10;
1446 break;
1447 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1448 ret = 1;
1449 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1450 }
1451 break;
1452 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1453 ret = 1;
1454 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1455 break;
1456 }
1457
1458 /* Setup IV's */
1459
1460 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1461 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1462 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1463 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1464
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1465#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1466 /* Add CID */
1467 memcpy( &t_in->in_cid, cid0, cid0_len );
1468 memcpy( &t_in->out_cid, cid1, cid1_len );
1469 t_in->in_cid_len = cid0_len;
1470 t_in->out_cid_len = cid1_len;
1471 memcpy( &t_out->in_cid, cid1, cid1_len );
1472 memcpy( &t_out->out_cid, cid0, cid0_len );
1473 t_out->in_cid_len = cid1_len;
1474 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1475#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1476
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1477#if defined(MBEDTLS_USE_PSA_CRYPTO)
Przemyslaw Stekielf57b4562022-01-25 00:04:18 +0100[diff] [blame]1478 status = mbedtls_ssl_cipher_to_psa( cipher_type,
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1479 t_in->taglen,
1480 &alg,
1481 &key_type,
1482 &key_bits );
1483
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1484 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1485 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1486 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1487 goto cleanup;
1488 }
1489
1490 t_in->psa_alg = alg;
1491 t_out->psa_alg = alg;
1492
1493 if ( alg != MBEDTLS_SSL_NULL_CIPHER )
1494 {
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1495 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1496 psa_set_key_algorithm( &attributes, alg );
1497 psa_set_key_type( &attributes, key_type );
1498
1499 status = psa_import_key( &attributes,
1500 key0,
1501 PSA_BITS_TO_BYTES( key_bits ),
1502 &t_in->psa_key_enc );
1503
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1504 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1505 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1506 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1507 goto cleanup;
1508 }
1509
1510 status = psa_import_key( &attributes,
1511 key1,
1512 PSA_BITS_TO_BYTES( key_bits ),
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1513 &t_out->psa_key_enc );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1514
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1515 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1516 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1517 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1518 goto cleanup;
1519 }
1520
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1521 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
1522
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1523 status = psa_import_key( &attributes,
1524 key1,
1525 PSA_BITS_TO_BYTES( key_bits ),
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1526 &t_in->psa_key_dec );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1527
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1528 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1529 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1530 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1531 goto cleanup;
1532 }
1533
1534 status = psa_import_key( &attributes,
1535 key0,
1536 PSA_BITS_TO_BYTES( key_bits ),
1537 &t_out->psa_key_dec );
1538
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1539 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1540 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1541 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1542 goto cleanup;
1543 }
1544 }
1545#endif /* MBEDTLS_USE_PSA_CRYPTO */
1546
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1547cleanup:
1548
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1549 mbedtls_free( key0 );
1550 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1551
Paul Elliott6f1eda72020-06-11 20:22:00 +0100[diff] [blame]1552 mbedtls_free( md0 );
1553 mbedtls_free( md1 );
1554
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1555 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1556}
1557
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1558/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1559 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1560 * Choose dummy values, mostly non-0 to distinguish from the init default.
1561 */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]1562static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
1563 int ticket_len,
1564 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1565{
1566#if defined(MBEDTLS_HAVE_TIME)
1567 session->start = mbedtls_time( NULL ) - 42;
1568#endif
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]1569 session->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1570 session->ciphersuite = 0xabcd;
1571 session->compression = 1;
1572 session->id_len = sizeof( session->id );
1573 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1574 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1575
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1576#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]1577 if( crt_file != NULL && strlen( crt_file ) != 0 )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1578 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1579 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1580 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1581
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1582 mbedtls_x509_crt_init( &tmp_crt );
1583 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1584 if( ret != 0 )
1585 return( ret );
1586
1587#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1588 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1589 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1590 if( session->peer_cert == NULL )
1591 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1592 *session->peer_cert = tmp_crt;
1593 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1594#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1595 /* Calculate digest of temporary CRT. */
1596 session->peer_cert_digest =
1597 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1598 if( session->peer_cert_digest == NULL )
1599 return( -1 );
1600 ret = mbedtls_md( mbedtls_md_info_from_type(
1601 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1602 tmp_crt.raw.p, tmp_crt.raw.len,
1603 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1604 if( ret != 0 )
1605 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1606 session->peer_cert_digest_type =
1607 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1608 session->peer_cert_digest_len =
1609 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1610#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1611
1612 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1613 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1614#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1615 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1616#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1617 session->verify_result = 0xdeadbeef;
1618
1619#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1620 if( ticket_len != 0 )
1621 {
1622 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1623 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1624 return( -1 );
1625 memset( session->ticket, 33, ticket_len );
1626 }
1627 session->ticket_len = ticket_len;
1628 session->ticket_lifetime = 86401;
1629#else
1630 (void) ticket_len;
1631#endif
1632
1633#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1634 session->mfl_code = 1;
1635#endif
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1636#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1637 session->encrypt_then_mac = 1;
1638#endif
1639
1640 return( 0 );
1641}
1642
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1643/*
1644 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1645 * message was sent in the correct number of fragments.
1646 *
1647 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1648 * of them must be initialized and connected beforehand.
1649 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1650 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1651 * fragments the message should be sent.
1652 * expected_fragments is 0: can be used for DTLS testing while the message
1653 * size is larger than MFL. In that case the message
1654 * cannot be fragmented and sent to the second endpoint.
1655 * This value can be used for negative tests.
1656 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1657 * message size is below MFL
1658 * expected_fragments > 1: can be used for TLS testing while the message
1659 * size is larger than MFL
1660 *
1661 * \retval 0 on success, otherwise error code.
1662 */
1663int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
1664 int msg_len_1, const int expected_fragments_1,
1665 mbedtls_ssl_context *ssl_2,
1666 int msg_len_2, const int expected_fragments_2 )
1667{
1668 unsigned char *msg_buf_1 = malloc( msg_len_1 );
1669 unsigned char *msg_buf_2 = malloc( msg_len_2 );
1670 unsigned char *in_buf_1 = malloc( msg_len_2 );
1671 unsigned char *in_buf_2 = malloc( msg_len_1 );
1672 int msg_type, ret = -1;
1673
1674 /* Perform this test with two message types. At first use a message
1675 * consisting of only 0x00 for the client and only 0xFF for the server.
1676 * At the second time use message with generated data */
1677 for( msg_type = 0; msg_type < 2; msg_type++ )
1678 {
1679 int written_1 = 0;
1680 int written_2 = 0;
1681 int read_1 = 0;
1682 int read_2 = 0;
1683 int fragments_1 = 0;
1684 int fragments_2 = 0;
1685
1686 if( msg_type == 0 )
1687 {
1688 memset( msg_buf_1, 0x00, msg_len_1 );
1689 memset( msg_buf_2, 0xff, msg_len_2 );
1690 }
1691 else
1692 {
1693 int i, j = 0;
1694 for( i = 0; i < msg_len_1; i++ )
1695 {
1696 msg_buf_1[i] = j++ & 0xFF;
1697 }
1698 for( i = 0; i < msg_len_2; i++ )
1699 {
1700 msg_buf_2[i] = ( j -= 5 ) & 0xFF;
1701 }
1702 }
1703
1704 while( read_1 < msg_len_2 || read_2 < msg_len_1 )
1705 {
1706 /* ssl_1 sending */
1707 if( msg_len_1 > written_1 )
1708 {
1709 ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
1710 msg_len_1, &written_1,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1711 expected_fragments_1 );
1712 if( expected_fragments_1 == 0 )
1713 {
1714 /* This error is expected when the message is too large and
1715 * cannot be fragmented */
1716 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1717 msg_len_1 = 0;
1718 }
1719 else
1720 {
1721 TEST_ASSERT( ret == 0 );
1722 }
1723 }
1724
1725 /* ssl_2 sending */
1726 if( msg_len_2 > written_2 )
1727 {
1728 ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
1729 msg_len_2, &written_2,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1730 expected_fragments_2 );
1731 if( expected_fragments_2 == 0 )
1732 {
1733 /* This error is expected when the message is too large and
1734 * cannot be fragmented */
1735 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1736 msg_len_2 = 0;
1737 }
1738 else
1739 {
1740 TEST_ASSERT( ret == 0 );
1741 }
1742 }
1743
1744 /* ssl_1 reading */
1745 if( read_1 < msg_len_2 )
1746 {
1747 ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
1748 msg_len_2, &read_1,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1749 &fragments_2,
1750 expected_fragments_2 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1751 TEST_ASSERT( ret == 0 );
1752 }
1753
1754 /* ssl_2 reading */
1755 if( read_2 < msg_len_1 )
1756 {
1757 ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
1758 msg_len_1, &read_2,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1759 &fragments_1,
1760 expected_fragments_1 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1761 TEST_ASSERT( ret == 0 );
1762 }
1763 }
1764
1765 ret = -1;
1766 TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
1767 TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
1768 TEST_ASSERT( fragments_1 == expected_fragments_1 );
1769 TEST_ASSERT( fragments_2 == expected_fragments_2 );
1770 }
1771
1772 ret = 0;
1773
1774exit:
1775 free( msg_buf_1 );
1776 free( in_buf_1 );
1777 free( msg_buf_2 );
1778 free( in_buf_2 );
1779
1780 return ret;
1781}
1782
Piotr Nowicki95e9eb82020-02-14 11:33:34 +0100[diff] [blame]1783/*
1784 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1785 * must be initialized and connected beforehand.
1786 *
1787 * \retval 0 on success, otherwise error code.
1788 */
1789int exchange_data( mbedtls_ssl_context *ssl_1,
1790 mbedtls_ssl_context *ssl_2 )
1791{
1792 return mbedtls_exchange_data( ssl_1, 256, 1,
1793 ssl_2, 256, 1 );
1794}
1795
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1796#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
1797 defined(MBEDTLS_ENTROPY_C) && \
1798 defined(MBEDTLS_CTR_DRBG_C)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1799void perform_handshake( handshake_test_options* options )
1800{
1801 /* forced_ciphersuite needs to last until the end of the handshake */
1802 int forced_ciphersuite[2];
1803 enum { BUFFSIZE = 17000 };
1804 mbedtls_endpoint client, server;
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1805#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1806 const char *psk_identity = "foo";
1807#endif
1808#if defined(MBEDTLS_TIMING_C)
1809 mbedtls_timing_delay_context timer_client, timer_server;
1810#endif
1811#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1812 unsigned char *context_buf = NULL;
1813 size_t context_buf_len;
1814#endif
1815#if defined(MBEDTLS_SSL_RENEGOTIATION)
1816 int ret = -1;
1817#endif
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1818 int expected_handshake_result = 0;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1819
1820 mbedtls_test_message_queue server_queue, client_queue;
1821 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]1822 mbedtls_message_socket_init( &server_context );
1823 mbedtls_message_socket_init( &client_context );
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1824
1825 /* Client side */
1826 if( options->dtls != 0 )
1827 {
1828 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1829 options->pk_alg, &client_context,
1830 &client_queue,
1831 &server_queue ) == 0 );
1832#if defined(MBEDTLS_TIMING_C)
1833 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
1834 mbedtls_timing_set_delay,
1835 mbedtls_timing_get_delay );
1836#endif
1837 }
1838 else
1839 {
1840 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1841 options->pk_alg, NULL, NULL,
1842 NULL ) == 0 );
1843 }
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1844
1845 if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
1846 {
1847 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1848 options->client_min_version );
1849 }
1850
1851 if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
1852 {
1853 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1854 options->client_max_version );
1855 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1856
1857 if( strlen( options->cipher ) > 0 )
1858 {
1859 set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
1860 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1861
1862#if defined (MBEDTLS_DEBUG_C)
1863 if( options->cli_log_fun )
1864 {
1865 mbedtls_debug_set_threshold( 4 );
1866 mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
1867 options->cli_log_obj );
1868 }
1869#endif
1870
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1871 /* Server side */
1872 if( options->dtls != 0 )
1873 {
1874 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1875 options->pk_alg, &server_context,
1876 &server_queue,
1877 &client_queue) == 0 );
1878#if defined(MBEDTLS_TIMING_C)
1879 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1880 mbedtls_timing_set_delay,
1881 mbedtls_timing_get_delay );
1882#endif
1883 }
1884 else
1885 {
1886 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1887 options->pk_alg, NULL, NULL, NULL ) == 0 );
1888 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1889
1890 mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
1891
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1892 if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
1893 {
1894 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1895 options->server_min_version );
1896 }
1897
1898 if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
1899 {
1900 mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1901 options->server_max_version );
1902 }
1903
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1904#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1905 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
1906 (unsigned char) options->mfl ) == 0 );
1907 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
1908 (unsigned char) options->mfl ) == 0 );
1909#else
1910 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
1911#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1912
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1913#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1914 if( options->psk_str != NULL && options->psk_str->len > 0 )
1915 {
1916 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
1917 options->psk_str->len,
1918 (const unsigned char *) psk_identity,
1919 strlen( psk_identity ) ) == 0 );
1920
1921 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
1922 options->psk_str->len,
1923 (const unsigned char *) psk_identity,
1924 strlen( psk_identity ) ) == 0 );
1925
1926 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
1927 }
1928#endif
1929#if defined(MBEDTLS_SSL_RENEGOTIATION)
1930 if( options->renegotiate )
1931 {
1932 mbedtls_ssl_conf_renegotiation( &(server.conf),
1933 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1934 mbedtls_ssl_conf_renegotiation( &(client.conf),
1935 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1936
1937 mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
1938 options->legacy_renegotiation );
1939 mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
1940 options->legacy_renegotiation );
1941 }
1942#endif /* MBEDTLS_SSL_RENEGOTIATION */
1943
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1944#if defined (MBEDTLS_DEBUG_C)
1945 if( options->srv_log_fun )
1946 {
1947 mbedtls_debug_set_threshold( 4 );
1948 mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
1949 options->srv_log_obj );
1950 }
1951#endif
1952
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1953 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
1954 &(server.socket),
1955 BUFFSIZE ) == 0 );
1956
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1957#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1958 if( options->resize_buffers != 0 )
1959 {
1960 /* Ensure that the buffer sizes are appropriate before resizes */
1961 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1962 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1963 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1964 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1965 }
1966#endif
1967
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1968 if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
1969 {
Hanno Beckerbc000442021-06-24 09:18:19 +0100[diff] [blame]1970 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1971 }
1972
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1973 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
1974 &(server.ssl),
1975 MBEDTLS_SSL_HANDSHAKE_OVER )
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1976 == expected_handshake_result );
1977
1978 if( expected_handshake_result != 0 )
1979 {
1980 /* Connection will have failed by this point, skip to cleanup */
1981 goto exit;
1982 }
1983
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1984 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1985 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1986
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1987 /* Check that we agree on the version... */
1988 TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
1989
1990 /* And check that the version negotiated is the expected one. */
1991 TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
1992
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1993#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1994 if( options->resize_buffers != 0 )
1995 {
TRodziewicz2abf03c2021-06-25 14:40:09 +0200[diff] [blame]1996 /* A server, when using DTLS, might delay a buffer resize to happen
1997 * after it receives a message, so we force it. */
1998 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1999
TRodziewicz2abf03c2021-06-25 14:40:09 +0200[diff] [blame]2000 TEST_ASSERT( client.ssl.out_buf_len ==
2001 mbedtls_ssl_get_output_buflen( &client.ssl ) );
2002 TEST_ASSERT( client.ssl.in_buf_len ==
2003 mbedtls_ssl_get_input_buflen( &client.ssl ) );
2004 TEST_ASSERT( server.ssl.out_buf_len ==
2005 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2006 TEST_ASSERT( server.ssl.in_buf_len ==
2007 mbedtls_ssl_get_input_buflen( &server.ssl ) );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2008 }
2009#endif
2010
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2011 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
2012 {
2013 /* Start data exchanging test */
2014 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
2015 options->expected_cli_fragments,
2016 &(server.ssl), options->srv_msg_len,
2017 options->expected_srv_fragments )
2018 == 0 );
2019 }
2020#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2021 if( options->serialize == 1 )
2022 {
2023 TEST_ASSERT( options->dtls == 1 );
2024
2025 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
2026 0, &context_buf_len )
2027 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2028
2029 context_buf = mbedtls_calloc( 1, context_buf_len );
2030 TEST_ASSERT( context_buf != NULL );
2031
2032 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
2033 context_buf_len,
2034 &context_buf_len ) == 0 );
2035
2036 mbedtls_ssl_free( &(server.ssl) );
2037 mbedtls_ssl_init( &(server.ssl) );
2038
2039 TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
2040
2041 mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
2042 mbedtls_mock_tcp_send_msg,
2043 mbedtls_mock_tcp_recv_msg,
2044 NULL );
2045
2046#if defined(MBEDTLS_TIMING_C)
2047 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
2048 mbedtls_timing_set_delay,
2049 mbedtls_timing_get_delay );
2050#endif
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2051#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2052 if( options->resize_buffers != 0 )
2053 {
2054 /* Ensure that the buffer sizes are appropriate before resizes */
2055 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
2056 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
2057 }
2058#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2059 TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
2060 context_buf_len ) == 0 );
2061
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2062#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2063 /* Validate buffer sizes after context deserialization */
2064 if( options->resize_buffers != 0 )
2065 {
2066 TEST_ASSERT( server.ssl.out_buf_len ==
2067 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2068 TEST_ASSERT( server.ssl.in_buf_len ==
2069 mbedtls_ssl_get_input_buflen( &server.ssl ) );
2070 }
2071#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2072 /* Retest writing/reading */
2073 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
2074 {
2075 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
2076 options->cli_msg_len,
2077 options->expected_cli_fragments,
2078 &(server.ssl),
2079 options->srv_msg_len,
2080 options->expected_srv_fragments )
2081 == 0 );
2082 }
2083 }
2084#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2085
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2086#if defined(MBEDTLS_SSL_RENEGOTIATION)
2087 if( options->renegotiate )
2088 {
2089 /* Start test with renegotiation */
2090 TEST_ASSERT( server.ssl.renego_status ==
2091 MBEDTLS_SSL_INITIAL_HANDSHAKE );
2092 TEST_ASSERT( client.ssl.renego_status ==
2093 MBEDTLS_SSL_INITIAL_HANDSHAKE );
2094
2095 /* After calling this function for the server, it only sends a handshake
2096 * request. All renegotiation should happen during data exchanging */
2097 TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
2098 TEST_ASSERT( server.ssl.renego_status ==
2099 MBEDTLS_SSL_RENEGOTIATION_PENDING );
2100 TEST_ASSERT( client.ssl.renego_status ==
2101 MBEDTLS_SSL_INITIAL_HANDSHAKE );
2102
2103 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
2104 TEST_ASSERT( server.ssl.renego_status ==
2105 MBEDTLS_SSL_RENEGOTIATION_DONE );
2106 TEST_ASSERT( client.ssl.renego_status ==
2107 MBEDTLS_SSL_RENEGOTIATION_DONE );
2108
2109 /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
2110 * should happen inside this function. However in this test, we cannot
2111 * perform simultaneous communication betwen client and server so this
2112 * function will return waiting error on the socket. All rest of
2113 * renegotiation should happen during data exchanging */
2114 ret = mbedtls_ssl_renegotiate( &(client.ssl) );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2115#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2116 if( options->resize_buffers != 0 )
2117 {
2118 /* Ensure that the buffer sizes are appropriate before resizes */
2119 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
2120 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
2121 }
2122#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2123 TEST_ASSERT( ret == 0 ||
2124 ret == MBEDTLS_ERR_SSL_WANT_READ ||
2125 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2126 TEST_ASSERT( server.ssl.renego_status ==
2127 MBEDTLS_SSL_RENEGOTIATION_DONE );
2128 TEST_ASSERT( client.ssl.renego_status ==
2129 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
2130
2131 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
2132 TEST_ASSERT( server.ssl.renego_status ==
2133 MBEDTLS_SSL_RENEGOTIATION_DONE );
2134 TEST_ASSERT( client.ssl.renego_status ==
2135 MBEDTLS_SSL_RENEGOTIATION_DONE );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2136#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2137 /* Validate buffer sizes after renegotiation */
2138 if( options->resize_buffers != 0 )
2139 {
2140 TEST_ASSERT( client.ssl.out_buf_len ==
2141 mbedtls_ssl_get_output_buflen( &client.ssl ) );
2142 TEST_ASSERT( client.ssl.in_buf_len ==
2143 mbedtls_ssl_get_input_buflen( &client.ssl ) );
2144 TEST_ASSERT( server.ssl.out_buf_len ==
2145 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2146 TEST_ASSERT( server.ssl.in_buf_len ==
2147 mbedtls_ssl_get_input_buflen( &server.ssl ) );
2148 }
2149#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2150 }
2151#endif /* MBEDTLS_SSL_RENEGOTIATION */
2152
2153exit:
2154 mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
2155 mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2156#if defined (MBEDTLS_DEBUG_C)
2157 if( options->cli_log_fun || options->srv_log_fun )
2158 {
2159 mbedtls_debug_set_threshold( 0 );
2160 }
2161#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2162#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2163 if( context_buf != NULL )
2164 mbedtls_free( context_buf );
2165#endif
2166}
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]2167#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2168
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2169/* END_HEADER */
2170
2171/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2172 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2173 * END_DEPENDENCIES
2174 */
2175
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2176/* BEGIN_CASE */
2177void test_callback_buffer_sanity()
2178{
2179 enum { MSGLEN = 10 };
2180 mbedtls_test_buffer buf;
2181 unsigned char input[MSGLEN];
2182 unsigned char output[MSGLEN];
2183
2184 memset( input, 0, sizeof(input) );
2185
2186 /* Make sure calling put and get on NULL buffer results in error. */
2187 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
2188 == -1 );
2189 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
2190 == -1 );
2191 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2192
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2193 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
2194 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
2195
2196 /* Make sure calling put and get on a buffer that hasn't been set up results
2197 * in eror. */
2198 mbedtls_test_buffer_init( &buf );
2199
2200 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
2201 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
2202 == -1 );
2203 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2204
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2205 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
2206 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
2207
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2208 /* Make sure calling put and get on NULL input only results in
2209 * error if the length is not zero, and that a NULL output is valid for data
2210 * dropping.
2211 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2212
2213 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
2214
2215 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
2216 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2217 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2218 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
2219 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
2220
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]2221 /* Make sure calling put several times in the row is safe */
2222
2223 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
2224 == sizeof( input ) );
2225 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
2226 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
2227 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
2228 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
2229
2230
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2231exit:
2232
2233 mbedtls_test_buffer_free( &buf );
2234}
2235/* END_CASE */
2236
2237/*
2238 * Test if the implementation of `mbedtls_test_buffer` related functions is
2239 * correct and works as expected.
2240 *
2241 * That is
2242 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
2243 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2244 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
2245 * bytes.
2246 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2247 * - All of the bytes we got match the bytes we put in in a FIFO manner.
2248 */
2249
2250/* BEGIN_CASE */
2251void test_callback_buffer( int size, int put1, int put1_ret,
2252 int get1, int get1_ret, int put2, int put2_ret,
2253 int get2, int get2_ret )
2254{
2255 enum { ROUNDS = 2 };
2256 size_t put[ROUNDS];
2257 int put_ret[ROUNDS];
2258 size_t get[ROUNDS];
2259 int get_ret[ROUNDS];
2260 mbedtls_test_buffer buf;
2261 unsigned char* input = NULL;
2262 size_t input_len;
2263 unsigned char* output = NULL;
2264 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2265 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2266
2267 mbedtls_test_buffer_init( &buf );
2268 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
2269
2270 /* Check the sanity of input parameters and initialise local variables. That
2271 * is, ensure that the amount of data is not negative and that we are not
2272 * expecting more to put or get than we actually asked for. */
2273 TEST_ASSERT( put1 >= 0 );
2274 put[0] = put1;
2275 put_ret[0] = put1_ret;
2276 TEST_ASSERT( put1_ret <= put1 );
2277 TEST_ASSERT( put2 >= 0 );
2278 put[1] = put2;
2279 put_ret[1] = put2_ret;
2280 TEST_ASSERT( put2_ret <= put2 );
2281
2282 TEST_ASSERT( get1 >= 0 );
2283 get[0] = get1;
2284 get_ret[0] = get1_ret;
2285 TEST_ASSERT( get1_ret <= get1 );
2286 TEST_ASSERT( get2 >= 0 );
2287 get[1] = get2;
2288 get_ret[1] = get2_ret;
2289 TEST_ASSERT( get2_ret <= get2 );
2290
2291 input_len = 0;
2292 /* Calculate actual input and output lengths */
2293 for( j = 0; j < ROUNDS; j++ )
2294 {
2295 if( put_ret[j] > 0 )
2296 {
2297 input_len += put_ret[j];
2298 }
2299 }
2300 /* In order to always have a valid pointer we always allocate at least 1
2301 * byte. */
2302 if( input_len == 0 )
2303 input_len = 1;
2304 ASSERT_ALLOC( input, input_len );
2305
2306 output_len = 0;
2307 for( j = 0; j < ROUNDS; j++ )
2308 {
2309 if( get_ret[j] > 0 )
2310 {
2311 output_len += get_ret[j];
2312 }
2313 }
2314 TEST_ASSERT( output_len <= input_len );
2315 /* In order to always have a valid pointer we always allocate at least 1
2316 * byte. */
2317 if( output_len == 0 )
2318 output_len = 1;
2319 ASSERT_ALLOC( output, output_len );
2320
2321 /* Fill up the buffer with structured data so that unwanted changes
2322 * can be detected */
2323 for( i = 0; i < input_len; i++ )
2324 {
2325 input[i] = i & 0xFF;
2326 }
2327
2328 written = read = 0;
2329 for( j = 0; j < ROUNDS; j++ )
2330 {
2331 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
2332 input + written, put[j] ) );
2333 written += put_ret[j];
2334 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
2335 output + read, get[j] ) );
2336 read += get_ret[j];
2337 TEST_ASSERT( read <= written );
2338 if( get_ret[j] > 0 )
2339 {
2340 TEST_ASSERT( memcmp( output + read - get_ret[j],
2341 input + read - get_ret[j], get_ret[j] )
2342 == 0 );
2343 }
2344 }
2345
2346exit:
2347
2348 mbedtls_free( input );
2349 mbedtls_free( output );
2350 mbedtls_test_buffer_free( &buf );
2351}
2352/* END_CASE */
2353
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2354/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2355 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
2356 * correct and works as expected on unconnected sockets.
2357 */
2358
2359/* BEGIN_CASE */
2360void ssl_mock_sanity( )
2361{
2362 enum { MSGLEN = 105 };
Paul Elliott21c8fe52021-11-24 16:54:26 +0000[diff] [blame]2363 unsigned char message[MSGLEN] = { 0 };
2364 unsigned char received[MSGLEN] = { 0 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2365 mbedtls_mock_socket socket;
2366
2367 mbedtls_mock_socket_init( &socket );
2368 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
2369 mbedtls_mock_socket_close( &socket );
2370 mbedtls_mock_socket_init( &socket );
2371 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
2372 mbedtls_mock_socket_close( &socket );
2373
2374 mbedtls_mock_socket_init( &socket );
2375 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
2376 mbedtls_mock_socket_close( &socket );
2377 mbedtls_mock_socket_init( &socket );
2378 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
2379 mbedtls_mock_socket_close( &socket );
2380
2381exit:
2382
2383 mbedtls_mock_socket_close( &socket );
2384}
2385/* END_CASE */
2386
2387/*
2388 * Test if the implementation of `mbedtls_mock_socket` related functions can
2389 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2390 */
2391
2392/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2393void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2394{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2395 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2396 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2397 unsigned char message[MSGLEN];
2398 unsigned char received[MSGLEN];
2399 mbedtls_mock_socket client;
2400 mbedtls_mock_socket server;
2401 size_t written, read;
2402 int send_ret, recv_ret;
2403 mbedtls_ssl_send_t *send;
2404 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2405 unsigned i;
2406
2407 if( blocking == 0 )
2408 {
2409 send = mbedtls_mock_tcp_send_nb;
2410 recv = mbedtls_mock_tcp_recv_nb;
2411 }
2412 else
2413 {
2414 send = mbedtls_mock_tcp_send_b;
2415 recv = mbedtls_mock_tcp_recv_b;
2416 }
2417
2418 mbedtls_mock_socket_init( &client );
2419 mbedtls_mock_socket_init( &server );
2420
2421 /* Fill up the buffer with structured data so that unwanted changes
2422 * can be detected */
2423 for( i = 0; i < MSGLEN; i++ )
2424 {
2425 message[i] = i & 0xFF;
2426 }
2427
2428 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2429 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2430
2431 /* Send the message to the server */
2432 send_ret = recv_ret = 1;
2433 written = read = 0;
2434 while( send_ret != 0 || recv_ret != 0 )
2435 {
2436 send_ret = send( &client, message + written, MSGLEN - written );
2437
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2438 TEST_ASSERT( send_ret >= 0 );
2439 TEST_ASSERT( send_ret <= BUFLEN );
2440 written += send_ret;
2441
2442 /* If the buffer is full we can test blocking and non-blocking send */
2443 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2444 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2445 int blocking_ret = send( &client, message , 1 );
2446 if ( blocking )
2447 {
2448 TEST_ASSERT( blocking_ret == 0 );
2449 }
2450 else
2451 {
2452 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2453 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2454 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2455
2456 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2457
2458 /* The result depends on whether any data was sent */
2459 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2460 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2461 TEST_ASSERT( recv_ret > 0 );
2462 TEST_ASSERT( recv_ret <= BUFLEN );
2463 read += recv_ret;
2464 }
2465 else if( blocking )
2466 {
2467 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2468 }
2469 else
2470 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2471 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
2472 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2473 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2474
2475 /* If the buffer is empty we can test blocking and non-blocking read */
2476 if ( recv_ret == BUFLEN )
2477 {
2478 int blocking_ret = recv( &server, received, 1 );
2479 if ( blocking )
2480 {
2481 TEST_ASSERT( blocking_ret == 0 );
2482 }
2483 else
2484 {
2485 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2486 }
2487 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2488 }
2489 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2490
2491exit:
2492
2493 mbedtls_mock_socket_close( &client );
2494 mbedtls_mock_socket_close( &server );
2495}
2496/* END_CASE */
2497
2498/*
2499 * Test if the implementation of `mbedtls_mock_socket` related functions can
2500 * send messages in both direction at the same time (with the I/O calls
2501 * interleaving).
2502 */
2503
2504/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2505void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2506{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2507 enum { ROUNDS = 2 };
2508 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2509 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2510 unsigned char message[ROUNDS][MSGLEN];
2511 unsigned char received[ROUNDS][MSGLEN];
2512 mbedtls_mock_socket client;
2513 mbedtls_mock_socket server;
2514 size_t written[ROUNDS];
2515 size_t read[ROUNDS];
2516 int send_ret[ROUNDS];
2517 int recv_ret[ROUNDS];
2518 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2519 mbedtls_ssl_send_t *send;
2520 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2521
2522 if( blocking == 0 )
2523 {
2524 send = mbedtls_mock_tcp_send_nb;
2525 recv = mbedtls_mock_tcp_recv_nb;
2526 }
2527 else
2528 {
2529 send = mbedtls_mock_tcp_send_b;
2530 recv = mbedtls_mock_tcp_recv_b;
2531 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2532
2533 mbedtls_mock_socket_init( &client );
2534 mbedtls_mock_socket_init( &server );
2535
2536 /* Fill up the buffers with structured data so that unwanted changes
2537 * can be detected */
2538 for( i = 0; i < ROUNDS; i++ )
2539 {
2540 for( j = 0; j < MSGLEN; j++ )
2541 {
2542 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
2543 }
2544 }
2545
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2546 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2547 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2548
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2549 /* Send the message from both sides, interleaving. */
2550 progress = 1;
2551 for( i = 0; i < ROUNDS; i++ )
2552 {
2553 written[i] = 0;
2554 read[i] = 0;
2555 }
2556 /* This loop does not stop as long as there was a successful write or read
2557 * of at least one byte on either side. */
2558 while( progress != 0 )
2559 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2560 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2561
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2562 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2563 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2564 /* First sending is from the client */
2565 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2566
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2567 send_ret[i] = send( socket, message[i] + written[i],
2568 MSGLEN - written[i] );
2569 TEST_ASSERT( send_ret[i] >= 0 );
2570 TEST_ASSERT( send_ret[i] <= BUFLEN );
2571 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2572
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2573 /* If the buffer is full we can test blocking and non-blocking
2574 * send */
2575 if ( send_ret[i] == BUFLEN )
2576 {
2577 int blocking_ret = send( socket, message[i] , 1 );
2578 if ( blocking )
2579 {
2580 TEST_ASSERT( blocking_ret == 0 );
2581 }
2582 else
2583 {
2584 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2585 }
2586 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2587 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2588
2589 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2590 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2591 /* First receiving is from the server */
2592 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
2593
2594 recv_ret[i] = recv( socket, received[i] + read[i],
2595 MSGLEN - read[i] );
2596
2597 /* The result depends on whether any data was sent */
2598 if ( send_ret[i] > 0 )
2599 {
2600 TEST_ASSERT( recv_ret[i] > 0 );
2601 TEST_ASSERT( recv_ret[i] <= BUFLEN );
2602 read[i] += recv_ret[i];
2603 }
2604 else if( blocking )
2605 {
2606 TEST_ASSERT( recv_ret[i] == 0 );
2607 }
2608 else
2609 {
2610 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
2611 recv_ret[i] = 0;
2612 }
2613
2614 /* If the buffer is empty we can test blocking and non-blocking
2615 * read */
2616 if ( recv_ret[i] == BUFLEN )
2617 {
2618 int blocking_ret = recv( socket, received[i], 1 );
2619 if ( blocking )
2620 {
2621 TEST_ASSERT( blocking_ret == 0 );
2622 }
2623 else
2624 {
2625 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2626 }
2627 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2628 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2629
2630 progress = 0;
2631 for( i = 0; i < ROUNDS; i++ )
2632 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2633 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2634 }
2635 }
2636
2637 for( i = 0; i < ROUNDS; i++ )
2638 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
2639
2640exit:
2641
2642 mbedtls_mock_socket_close( &client );
2643 mbedtls_mock_socket_close( &server );
2644}
2645/* END_CASE */
2646
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2647/* BEGIN_CASE */
2648void ssl_message_queue_sanity( )
2649{
2650 mbedtls_test_message_queue queue;
2651
2652 /* Trying to push/pull to an empty queue */
2653 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
2654 == MBEDTLS_TEST_ERROR_ARG_NULL );
2655 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
2656 == MBEDTLS_TEST_ERROR_ARG_NULL );
2657
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2658 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2659 TEST_ASSERT( queue.capacity == 3 );
2660 TEST_ASSERT( queue.num == 0 );
2661
2662exit:
2663 mbedtls_test_message_queue_free( &queue );
2664}
2665/* END_CASE */
2666
2667/* BEGIN_CASE */
2668void ssl_message_queue_basic( )
2669{
2670 mbedtls_test_message_queue queue;
2671
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2672 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2673
2674 /* Sanity test - 3 pushes and 3 pops with sufficient space */
2675 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2676 TEST_ASSERT( queue.capacity == 3 );
2677 TEST_ASSERT( queue.num == 1 );
2678 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2679 TEST_ASSERT( queue.capacity == 3 );
2680 TEST_ASSERT( queue.num == 2 );
2681 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2682 TEST_ASSERT( queue.capacity == 3 );
2683 TEST_ASSERT( queue.num == 3 );
2684
2685 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2686 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2687 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2688
2689exit:
2690 mbedtls_test_message_queue_free( &queue );
2691}
2692/* END_CASE */
2693
2694/* BEGIN_CASE */
2695void ssl_message_queue_overflow_underflow( )
2696{
2697 mbedtls_test_message_queue queue;
2698
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2699 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2700
2701 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
2702 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2703 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2704 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2705 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2706 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2707
2708 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2709 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2710 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2711
2712 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2713 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2714
2715exit:
2716 mbedtls_test_message_queue_free( &queue );
2717}
2718/* END_CASE */
2719
2720/* BEGIN_CASE */
2721void ssl_message_queue_interleaved( )
2722{
2723 mbedtls_test_message_queue queue;
2724
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2725 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2726
2727 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
2728 * (to wrap around the buffer) */
2729 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2730 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2731
2732 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2733
2734 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2735 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
2736
2737 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2738 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2739
2740 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
2741 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
2742
2743 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
2744
2745 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
2746
2747 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
2748
2749exit:
2750 mbedtls_test_message_queue_free( &queue );
2751}
2752/* END_CASE */
2753
2754/* BEGIN_CASE */
2755void ssl_message_queue_insufficient_buffer( )
2756{
2757 mbedtls_test_message_queue queue;
2758 size_t message_len = 10;
2759 size_t buffer_len = 5;
2760
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2761 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 1 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2762
2763 /* Popping without a sufficient buffer */
2764 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
2765 == (int) message_len );
2766 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
2767 == (int) buffer_len );
2768exit:
2769 mbedtls_test_message_queue_free( &queue );
2770}
2771/* END_CASE */
2772
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2773/* BEGIN_CASE */
2774void ssl_message_mock_uninitialized( )
2775{
2776 enum { MSGLEN = 10 };
Shawn Carey03092f52021-05-13 10:38:32 -0400[diff] [blame]2777 unsigned char message[MSGLEN] = {0}, received[MSGLEN];
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2778 mbedtls_mock_socket client, server;
2779 mbedtls_test_message_queue server_queue, client_queue;
2780 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2781 mbedtls_message_socket_init( &server_context );
2782 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2783
2784 /* Send with a NULL context */
2785 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
2786 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2787
2788 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
2789 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2790
2791 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2792 &server,
2793 &server_context ) == 0 );
2794
2795 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2796 &client,
2797 &client_context ) == 0 );
2798
2799 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
2800 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2801
2802 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2803 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2804
2805 /* Push directly to a queue to later simulate a disconnected behavior */
2806 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
2807 == MSGLEN );
2808
2809 /* Test if there's an error when trying to read from a disconnected
2810 * socket */
2811 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2812 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2813 exit:
2814 mbedtls_message_socket_close( &server_context );
2815 mbedtls_message_socket_close( &client_context );
2816}
2817/* END_CASE */
2818
2819/* BEGIN_CASE */
2820void ssl_message_mock_basic( )
2821{
2822 enum { MSGLEN = 10 };
2823 unsigned char message[MSGLEN], received[MSGLEN];
2824 mbedtls_mock_socket client, server;
2825 unsigned i;
2826 mbedtls_test_message_queue server_queue, client_queue;
2827 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2828 mbedtls_message_socket_init( &server_context );
2829 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2830
2831 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2832 &server,
2833 &server_context ) == 0 );
2834
2835 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2836 &client,
2837 &client_context ) == 0 );
2838
2839 /* Fill up the buffer with structured data so that unwanted changes
2840 * can be detected */
2841 for( i = 0; i < MSGLEN; i++ )
2842 {
2843 message[i] = i & 0xFF;
2844 }
2845 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2846 MSGLEN ) );
2847
2848 /* Send the message to the server */
2849 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2850 MSGLEN ) == MSGLEN );
2851
2852 /* Read from the server */
2853 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2854 == MSGLEN );
2855
2856 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2857 memset( received, 0, MSGLEN );
2858
2859 /* Send the message to the client */
2860 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2861 MSGLEN ) == MSGLEN );
2862
2863 /* Read from the client */
2864 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2865 == MSGLEN );
2866 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2867
2868 exit:
2869 mbedtls_message_socket_close( &server_context );
2870 mbedtls_message_socket_close( &client_context );
2871}
2872/* END_CASE */
2873
2874/* BEGIN_CASE */
2875void ssl_message_mock_queue_overflow_underflow( )
2876{
2877 enum { MSGLEN = 10 };
2878 unsigned char message[MSGLEN], received[MSGLEN];
2879 mbedtls_mock_socket client, server;
2880 unsigned i;
2881 mbedtls_test_message_queue server_queue, client_queue;
2882 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2883 mbedtls_message_socket_init( &server_context );
2884 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2885
2886 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2887 &server,
2888 &server_context ) == 0 );
2889
2890 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2891 &client,
2892 &client_context ) == 0 );
2893
2894 /* Fill up the buffer with structured data so that unwanted changes
2895 * can be detected */
2896 for( i = 0; i < MSGLEN; i++ )
2897 {
2898 message[i] = i & 0xFF;
2899 }
2900 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2901 MSGLEN*2 ) );
2902
2903 /* Send three message to the server, last one with an error */
2904 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2905 MSGLEN - 1 ) == MSGLEN - 1 );
2906
2907 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2908 MSGLEN ) == MSGLEN );
2909
2910 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2911 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2912 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2913
2914 /* Read three messages from the server, last one with an error */
2915 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2916 MSGLEN - 1 ) == MSGLEN - 1 );
2917
2918 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2919 == MSGLEN );
2920
2921 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2922
2923 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2924 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2925
2926 exit:
2927 mbedtls_message_socket_close( &server_context );
2928 mbedtls_message_socket_close( &client_context );
2929}
2930/* END_CASE */
2931
2932/* BEGIN_CASE */
2933void ssl_message_mock_socket_overflow( )
2934{
2935 enum { MSGLEN = 10 };
2936 unsigned char message[MSGLEN], received[MSGLEN];
2937 mbedtls_mock_socket client, server;
2938 unsigned i;
2939 mbedtls_test_message_queue server_queue, client_queue;
2940 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2941 mbedtls_message_socket_init( &server_context );
2942 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2943
2944 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2945 &server,
2946 &server_context ) == 0 );
2947
2948 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2949 &client,
2950 &client_context ) == 0 );
2951
2952 /* Fill up the buffer with structured data so that unwanted changes
2953 * can be detected */
2954 for( i = 0; i < MSGLEN; i++ )
2955 {
2956 message[i] = i & 0xFF;
2957 }
2958 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2959 MSGLEN ) );
2960
2961 /* Send two message to the server, second one with an error */
2962 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2963 MSGLEN ) == MSGLEN );
2964
2965 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2966 MSGLEN )
2967 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2968
2969 /* Read the only message from the server */
2970 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2971 == MSGLEN );
2972
2973 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2974
2975 exit:
2976 mbedtls_message_socket_close( &server_context );
2977 mbedtls_message_socket_close( &client_context );
2978}
2979/* END_CASE */
2980
2981/* BEGIN_CASE */
2982void ssl_message_mock_truncated( )
2983{
2984 enum { MSGLEN = 10 };
2985 unsigned char message[MSGLEN], received[MSGLEN];
2986 mbedtls_mock_socket client, server;
2987 unsigned i;
2988 mbedtls_test_message_queue server_queue, client_queue;
2989 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2990 mbedtls_message_socket_init( &server_context );
2991 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2992
2993 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2994 &server,
2995 &server_context ) == 0 );
2996
2997 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2998 &client,
2999 &client_context ) == 0 );
3000
3001 memset( received, 0, MSGLEN );
3002 /* Fill up the buffer with structured data so that unwanted changes
3003 * can be detected */
3004 for( i = 0; i < MSGLEN; i++ )
3005 {
3006 message[i] = i & 0xFF;
3007 }
3008 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3009 2 * MSGLEN ) );
3010
3011 /* Send two messages to the server, the second one small enough to fit in the
3012 * receiver's buffer. */
3013 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3014 MSGLEN ) == MSGLEN );
3015 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3016 MSGLEN / 2 ) == MSGLEN / 2 );
3017 /* Read a truncated message from the server */
3018 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
3019 == MSGLEN/2 );
3020
3021 /* Test that the first half of the message is valid, and second one isn't */
3022 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
3023 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
3024 != 0 );
3025 memset( received, 0, MSGLEN );
3026
3027 /* Read a full message from the server */
3028 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
3029 == MSGLEN / 2 );
3030
3031 /* Test that the first half of the message is valid */
3032 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
3033
3034 exit:
3035 mbedtls_message_socket_close( &server_context );
3036 mbedtls_message_socket_close( &client_context );
3037}
3038/* END_CASE */
3039
3040/* BEGIN_CASE */
3041void ssl_message_mock_socket_read_error( )
3042{
3043 enum { MSGLEN = 10 };
3044 unsigned char message[MSGLEN], received[MSGLEN];
3045 mbedtls_mock_socket client, server;
3046 unsigned i;
3047 mbedtls_test_message_queue server_queue, client_queue;
3048 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3049 mbedtls_message_socket_init( &server_context );
3050 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3051
3052 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
3053 &server,
3054 &server_context ) == 0 );
3055
3056 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
3057 &client,
3058 &client_context ) == 0 );
3059
3060 /* Fill up the buffer with structured data so that unwanted changes
3061 * can be detected */
3062 for( i = 0; i < MSGLEN; i++ )
3063 {
3064 message[i] = i & 0xFF;
3065 }
3066 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3067 MSGLEN ) );
3068
3069 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3070 MSGLEN ) == MSGLEN );
3071
3072 /* Force a read error by disconnecting the socket by hand */
3073 server.status = 0;
3074 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
3075 == MBEDTLS_TEST_ERROR_RECV_FAILED );
3076 /* Return to a valid state */
3077 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
3078
3079 memset( received, 0, sizeof( received ) );
3080
3081 /* Test that even though the server tried to read once disconnected, the
3082 * continuity is preserved */
3083 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
3084 == MSGLEN );
3085
3086 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3087
3088 exit:
3089 mbedtls_message_socket_close( &server_context );
3090 mbedtls_message_socket_close( &client_context );
3091}
3092/* END_CASE */
3093
3094/* BEGIN_CASE */
3095void ssl_message_mock_interleaved_one_way( )
3096{
3097 enum { MSGLEN = 10 };
3098 unsigned char message[MSGLEN], received[MSGLEN];
3099 mbedtls_mock_socket client, server;
3100 unsigned i;
3101 mbedtls_test_message_queue server_queue, client_queue;
3102 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3103 mbedtls_message_socket_init( &server_context );
3104 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3105
3106 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
3107 &server,
3108 &server_context ) == 0 );
3109
3110 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
3111 &client,
3112 &client_context ) == 0 );
3113
3114 /* Fill up the buffer with structured data so that unwanted changes
3115 * can be detected */
3116 for( i = 0; i < MSGLEN; i++ )
3117 {
3118 message[i] = i & 0xFF;
3119 }
3120 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3121 MSGLEN*3 ) );
3122
3123 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
3124 * (to wrap around the buffer) */
3125 for( i = 0; i < 2; i++ )
3126 {
3127 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3128 MSGLEN ) == MSGLEN );
3129
3130 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3131 MSGLEN ) == MSGLEN );
3132
3133 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3134 MSGLEN ) == MSGLEN );
3135 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3136 memset( received, 0, sizeof( received ) );
3137 }
3138
3139 for( i = 0; i < 2; i++ )
3140 {
3141 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3142 MSGLEN ) == MSGLEN );
3143
3144 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3145 }
3146 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3147 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3148 exit:
3149 mbedtls_message_socket_close( &server_context );
3150 mbedtls_message_socket_close( &client_context );
3151}
3152/* END_CASE */
3153
3154/* BEGIN_CASE */
3155void ssl_message_mock_interleaved_two_ways( )
3156{
3157 enum { MSGLEN = 10 };
3158 unsigned char message[MSGLEN], received[MSGLEN];
3159 mbedtls_mock_socket client, server;
3160 unsigned i;
3161 mbedtls_test_message_queue server_queue, client_queue;
3162 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3163 mbedtls_message_socket_init( &server_context );
3164 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3165
3166 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
3167 &server,
3168 &server_context ) == 0 );
3169
3170 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
3171 &client,
3172 &client_context ) == 0 );
3173
3174 /* Fill up the buffer with structured data so that unwanted changes
3175 * can be detected */
3176 for( i = 0; i < MSGLEN; i++ )
3177 {
3178 message[i] = i & 0xFF;
3179 }
3180 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3181 MSGLEN*3 ) );
3182
3183 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
3184 * (to wrap around the buffer) both ways. */
3185 for( i = 0; i < 2; i++ )
3186 {
3187 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3188 MSGLEN ) == MSGLEN );
3189
3190 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3191 MSGLEN ) == MSGLEN );
3192
3193 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3194 MSGLEN ) == MSGLEN );
3195
3196 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3197 MSGLEN ) == MSGLEN );
3198
3199 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3200 MSGLEN ) == MSGLEN );
3201
3202 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3203
3204 memset( received, 0, sizeof( received ) );
3205
3206 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3207 MSGLEN ) == MSGLEN );
3208
3209 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3210
3211 memset( received, 0, sizeof( received ) );
3212 }
3213
3214 for( i = 0; i < 2; i++ )
3215 {
3216 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3217 MSGLEN ) == MSGLEN );
3218
3219 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3220 memset( received, 0, sizeof( received ) );
3221
3222 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3223 MSGLEN ) == MSGLEN );
3224
3225 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3226 memset( received, 0, sizeof( received ) );
3227 }
3228
3229 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3230 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3231
3232 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3233 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3234 exit:
3235 mbedtls_message_socket_close( &server_context );
3236 mbedtls_message_socket_close( &client_context );
3237}
3238/* END_CASE */
3239
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3240/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]3241void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3242{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3243 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3244 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3245 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3246
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]3247 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3248 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]3249
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]3250 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
3251 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]3252 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
3253 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3254 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3255
3256 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3257 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3258 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3259 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3260 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3261 }
3262
3263 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3264 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3265 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3266
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3267 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3268 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3269}
3270/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]3271
3272/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
3273void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
3274{
3275 mbedtls_ssl_context ssl;
3276 mbedtls_ssl_init( &ssl );
3277
3278 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
3279 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
3280
3281 mbedtls_ssl_free( &ssl );
3282}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]3283/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3284
3285/* BEGIN_CASE */
3286void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3287 int etm, int tag_mode, int ver,
3288 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3289{
3290 /*
3291 * Test several record encryptions and decryptions
3292 * with plenty of space before and after the data
3293 * within the record buffer.
3294 */
3295
3296 int ret;
3297 int num_records = 16;
3298 mbedtls_ssl_context ssl; /* ONLY for debugging */
3299
3300 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3301 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3302 size_t const buflen = 512;
3303 mbedtls_record rec, rec_backup;
3304
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3305 USE_PSA_INIT( );
3306
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3307 mbedtls_ssl_init( &ssl );
3308 mbedtls_ssl_transform_init( &t0 );
3309 mbedtls_ssl_transform_init( &t1 );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3310 ret = build_transforms( &t0, &t1, cipher_type, hash_id,
3311 etm, tag_mode, ver,
3312 (size_t) cid0_len,
3313 (size_t) cid1_len );
3314
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3315 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3316
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3317 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3318
3319 while( num_records-- > 0 )
3320 {
3321 mbedtls_ssl_transform *t_dec, *t_enc;
3322 /* Take turns in who's sending and who's receiving. */
3323 if( num_records % 3 == 0 )
3324 {
3325 t_dec = &t0;
3326 t_enc = &t1;
3327 }
3328 else
3329 {
3330 t_dec = &t1;
3331 t_enc = &t0;
3332 }
3333
3334 /*
3335 * The record header affects the transformation in two ways:
3336 * 1) It determines the AEAD additional data
3337 * 2) The record counter sometimes determines the IV.
3338 *
3339 * Apart from that, the fields don't have influence.
3340 * In particular, it is currently not the responsibility
3341 * of ssl_encrypt/decrypt_buf to check if the transform
3342 * version matches the record version, or that the
3343 * type is sensible.
3344 */
3345
3346 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
3347 rec.type = 42;
3348 rec.ver[0] = num_records;
3349 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3350#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3351 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3352#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3353
3354 rec.buf = buf;
3355 rec.buf_len = buflen;
3356 rec.data_offset = 16;
3357 /* Make sure to vary the length to exercise different
3358 * paddings. */
3359 rec.data_len = 1 + num_records;
3360
3361 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3362
3363 /* Make a copy for later comparison */
3364 rec_backup = rec;
3365
3366 /* Encrypt record */
3367 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]3368 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3369 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3370 if( ret != 0 )
3371 {
3372 continue;
3373 }
3374
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3375#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3376 if( rec.cid_len != 0 )
3377 {
3378 /* DTLS 1.2 + CID hides the real content type and
3379 * uses a special CID content type in the protected
3380 * record. Double-check this. */
3381 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3382 }
3383#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3384
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3385#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3386 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3387 {
3388 /* TLS 1.3 hides the real content type and
3389 * always uses Application Data as the content type
3390 * for protected records. Double-check this. */
3391 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3392 }
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3393#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3394
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3395 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3396 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
3397 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3398
3399 /* Compare results */
3400 TEST_ASSERT( rec.type == rec_backup.type );
3401 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3402 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3403 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3404 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3405 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3406 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3407 rec_backup.buf + rec_backup.data_offset,
3408 rec.data_len ) == 0 );
3409 }
3410
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3411exit:
3412
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3413 /* Cleanup */
3414 mbedtls_ssl_free( &ssl );
3415 mbedtls_ssl_transform_free( &t0 );
3416 mbedtls_ssl_transform_free( &t1 );
3417
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3418 mbedtls_free( buf );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3419 USE_PSA_DONE( );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3420}
3421/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3422
3423/* BEGIN_CASE */
3424void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3425 int etm, int tag_mode, int ver,
3426 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3427{
3428 /*
3429 * Test pairs of encryption and decryption with an increasing
3430 * amount of space in the record buffer - in more detail:
3431 * 1) Try to encrypt with 0, 1, 2, ... bytes available
3432 * in front of the plaintext, and expect the encryption
3433 * to succeed starting from some offset. Always keep
3434 * enough space in the end of the buffer.
3435 * 2) Try to encrypt with 0, 1, 2, ... bytes available
3436 * at the end of the plaintext, and expect the encryption
3437 * to succeed starting from some offset. Always keep
3438 * enough space at the beginning of the buffer.
3439 * 3) Try to encrypt with 0, 1, 2, ... bytes available
3440 * both at the front and end of the plaintext,
3441 * and expect the encryption to succeed starting from
3442 * some offset.
3443 *
3444 * If encryption succeeds, check that decryption succeeds
3445 * and yields the original record.
3446 */
3447
3448 mbedtls_ssl_context ssl; /* ONLY for debugging */
3449
3450 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3451 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3452 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3453 mbedtls_record rec, rec_backup;
3454
3455 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3456 int mode; /* Mode 1, 2 or 3 as explained above */
3457 size_t offset; /* Available space at beginning/end/both */
3458 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3459
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3460 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
3461 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3462
3463 int seen_success; /* Indicates if in the current mode we've
3464 * already seen a successful test. */
3465
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3466 USE_PSA_INIT( );
3467
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3468 mbedtls_ssl_init( &ssl );
3469 mbedtls_ssl_transform_init( &t0 );
3470 mbedtls_ssl_transform_init( &t1 );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3471 ret = build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3472 etm, tag_mode, ver,
3473 (size_t) cid0_len,
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3474 (size_t) cid1_len );
3475
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3476 TEST_ASSERT( ret == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3477
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3478 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3479
3480 for( mode=1; mode <= 3; mode++ )
3481 {
3482 seen_success = 0;
3483 for( offset=0; offset <= threshold; offset++ )
3484 {
3485 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]3486 t_dec = &t0;
3487 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3488
3489 memset( rec.ctr, offset, sizeof( rec.ctr ) );
3490 rec.type = 42;
3491 rec.ver[0] = offset;
3492 rec.ver[1] = offset;
3493 rec.buf = buf;
3494 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3495#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3496 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3497#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3498
3499 switch( mode )
3500 {
3501 case 1: /* Space in the beginning */
3502 rec.data_offset = offset;
3503 rec.data_len = buflen - offset - default_post_padding;
3504 break;
3505
3506 case 2: /* Space in the end */
3507 rec.data_offset = default_pre_padding;
3508 rec.data_len = buflen - default_pre_padding - offset;
3509 break;
3510
3511 case 3: /* Space in the beginning and end */
3512 rec.data_offset = offset;
3513 rec.data_len = buflen - 2 * offset;
3514 break;
3515
3516 default:
3517 TEST_ASSERT( 0 );
3518 break;
3519 }
3520
3521 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3522
3523 /* Make a copy for later comparison */
3524 rec_backup = rec;
3525
3526 /* Encrypt record */
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]3527 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
3528 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3529
3530 if( ( mode == 1 || mode == 2 ) && seen_success )
3531 {
3532 TEST_ASSERT( ret == 0 );
3533 }
3534 else
3535 {
3536 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3537 if( ret == 0 )
3538 seen_success = 1;
3539 }
3540
3541 if( ret != 0 )
3542 continue;
3543
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3544#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3545 if( rec.cid_len != 0 )
3546 {
3547 /* DTLS 1.2 + CID hides the real content type and
3548 * uses a special CID content type in the protected
3549 * record. Double-check this. */
3550 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3551 }
3552#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3553
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3554#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3555 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3556 {
3557 /* TLS 1.3 hides the real content type and
3558 * always uses Application Data as the content type
3559 * for protected records. Double-check this. */
3560 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3561 }
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3562#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3563
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3564 /* Decrypt record with t_dec */
3565 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
3566
3567 /* Compare results */
3568 TEST_ASSERT( rec.type == rec_backup.type );
3569 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3570 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3571 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3572 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3573 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3574 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3575 rec_backup.buf + rec_backup.data_offset,
3576 rec.data_len ) == 0 );
3577 }
3578
3579 TEST_ASSERT( seen_success == 1 );
3580 }
3581
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3582exit:
3583
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3584 /* Cleanup */
3585 mbedtls_ssl_free( &ssl );
3586 mbedtls_ssl_transform_free( &t0 );
3587 mbedtls_ssl_transform_free( &t1 );
3588
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3589 mbedtls_free( buf );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3590 USE_PSA_DONE( );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3591}
3592/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3593
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3594/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3595void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3596 int length_selector )
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3597{
3598 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3599 * Test record decryption for CBC without EtM, focused on the verification
3600 * of padding and MAC.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3601 *
TRodziewicz299510e2021-07-09 16:55:11 +0200[diff] [blame]3602 * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
3603 * the test framework doesn't support alternation in dependency statements,
3604 * just depend on AES.
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3605 *
3606 * The length_selector argument is interpreted as follows:
3607 * - if it's -1, the plaintext length is 0 and minimal padding is applied
3608 * - if it's -2, the plaintext length is 0 and maximal padding is applied
3609 * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
3610 * it's the length of the rest of the padding, that is, excluding the
3611 * byte that encodes the length. The minimal non-zero plaintext length
3612 * that gives this padding_length is automatically selected.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3613 */
3614 mbedtls_ssl_context ssl; /* ONLY for debugging */
3615 mbedtls_ssl_transform t0, t1;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3616 mbedtls_record rec, rec_save;
3617 unsigned char *buf = NULL, *buf_save = NULL;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3618 size_t buflen, olen = 0;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3619 size_t plaintext_len, block_size, i;
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3620 unsigned char padlen; /* excluding the padding_length byte */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3621 unsigned char add_data[13];
3622 unsigned char mac[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3623 int exp_ret;
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3624 int ret;
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +0200[diff] [blame]3625 const unsigned char pad_max_len = 255; /* Per the standard */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3626
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3627 USE_PSA_INIT( );
3628
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3629 mbedtls_ssl_init( &ssl );
3630 mbedtls_ssl_transform_init( &t0 );
3631 mbedtls_ssl_transform_init( &t1 );
3632
3633 /* Set up transforms with dummy keys */
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3634 ret = build_transforms( &t0, &t1, cipher_type, hash_id,
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3635 0, trunc_hmac,
3636 MBEDTLS_SSL_MINOR_VERSION_3,
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3637 0 , 0 );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3638
Przemyslaw Stekiel4a36dd32022-01-25 00:43:58 +0100[diff] [blame]3639 TEST_ASSERT( ret == 0 );
3640
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3641 /* Determine padding/plaintext length */
3642 TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3643 block_size = t0.ivlen;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3644 if( length_selector < 0 )
3645 {
3646 plaintext_len = 0;
3647
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3648 /* Minimal padding
3649 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3650 padlen = block_size - ( t0.maclen + 1 ) % block_size;
3651
3652 /* Maximal padding? */
3653 if( length_selector == -2 )
3654 padlen += block_size * ( ( pad_max_len - padlen ) / block_size );
3655 }
3656 else
3657 {
3658 padlen = length_selector;
3659
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3660 /* Minimal non-zero plaintext_length giving desired padding.
3661 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3662 plaintext_len = block_size - ( padlen + t0.maclen + 1 ) % block_size;
3663 }
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3664
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3665 /* Prepare a buffer for record data */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3666 buflen = block_size
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3667 + plaintext_len
3668 + t0.maclen
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3669 + padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3670 ASSERT_ALLOC( buf, buflen );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3671 ASSERT_ALLOC( buf_save, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3672
3673 /* Prepare a dummy record header */
3674 memset( rec.ctr, 0, sizeof( rec.ctr ) );
3675 rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
3676 rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
3677 rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
3678#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3679 rec.cid_len = 0;
3680#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3681
3682 /* Prepare dummy record content */
3683 rec.buf = buf;
3684 rec.buf_len = buflen;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3685 rec.data_offset = block_size;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3686 rec.data_len = plaintext_len;
3687 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3688
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3689 /* Serialized version of record header for MAC purposes */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3690 memcpy( add_data, rec.ctr, 8 );
3691 add_data[8] = rec.type;
3692 add_data[9] = rec.ver[0];
3693 add_data[10] = rec.ver[1];
3694 add_data[11] = ( rec.data_len >> 8 ) & 0xff;
3695 add_data[12] = ( rec.data_len >> 0 ) & 0xff;
3696
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3697 /* Set dummy IV */
3698 memset( t0.iv_enc, 0x55, t0.ivlen );
3699 memcpy( rec.buf, t0.iv_enc, t0.ivlen );
3700
3701 /*
3702 * Prepare a pre-encryption record (with MAC and padding), and save it.
3703 */
3704
3705 /* MAC with additional data */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3706 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
3707 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
3708 rec.buf + rec.data_offset,
3709 rec.data_len ) );
3710 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
3711
3712 memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
3713 rec.data_len += t0.maclen;
3714
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3715 /* Pad */
3716 memset( rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1 );
3717 rec.data_len += padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3718
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3719 /* Save correct pre-encryption record */
3720 rec_save = rec;
3721 rec_save.buf = buf_save;
3722 memcpy( buf_save, buf, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3723
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3724 /*
3725 * Encrypt and decrypt the correct record, expecting success
3726 */
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3727 TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3728 rec.buf + rec.data_offset, rec.data_len,
3729 rec.buf + rec.data_offset, &olen ) );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3730 rec.data_offset -= t0.ivlen;
3731 rec.data_len += t0.ivlen;
3732
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3733 TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3734
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3735 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3736 * Modify each byte of the pre-encryption record before encrypting and
3737 * decrypting it, expecting failure every time.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3738 */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3739 for( i = block_size; i < buflen; i++ )
3740 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]3741 mbedtls_test_set_step( i );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3742
3743 /* Restore correct pre-encryption record */
3744 rec = rec_save;
3745 rec.buf = buf;
3746 memcpy( buf, buf_save, buflen );
3747
Manuel Pégourié-Gonnardb51f0442020-07-21 10:40:25 +0200[diff] [blame]3748 /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3749 rec.buf[i] ^= 0x01;
3750
3751 /* Encrypt */
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3752 TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3753 rec.buf + rec.data_offset, rec.data_len,
3754 rec.buf + rec.data_offset, &olen ) );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3755 rec.data_offset -= t0.ivlen;
3756 rec.data_len += t0.ivlen;
3757
3758 /* Decrypt and expect failure */
3759 TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
3760 mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3761 }
3762
3763 /*
3764 * Use larger values of the padding bytes - with small buffers, this tests
3765 * the case where the announced padlen would be larger than the buffer
3766 * (and before that, than the buffer minus the size of the MAC), to make
3767 * sure our padding checking code does not perform any out-of-bounds reads
3768 * in this case. (With larger buffers, ie when the plaintext is long or
3769 * maximal length padding is used, this is less relevant but still doesn't
3770 * hurt to test.)
3771 *
3772 * (Start the loop with correct padding, just to double-check that record
3773 * saving did work, and that we're overwriting the correct bytes.)
3774 */
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +0200[diff] [blame]3775 for( i = padlen; i <= pad_max_len; i++ )
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3776 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]3777 mbedtls_test_set_step( i );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3778
3779 /* Restore correct pre-encryption record */
3780 rec = rec_save;
3781 rec.buf = buf;
3782 memcpy( buf, buf_save, buflen );
3783
3784 /* Set padding bytes to new value */
3785 memset( buf + buflen - padlen - 1, i, padlen + 1 );
3786
3787 /* Encrypt */
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3788 TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3789 rec.buf + rec.data_offset, rec.data_len,
3790 rec.buf + rec.data_offset, &olen ) );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3791 rec.data_offset -= t0.ivlen;
3792 rec.data_len += t0.ivlen;
3793
3794 /* Decrypt and expect failure except the first time */
3795 exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
3796 TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3797 }
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3798
3799exit:
3800 mbedtls_ssl_free( &ssl );
3801 mbedtls_ssl_transform_free( &t0 );
3802 mbedtls_ssl_transform_free( &t1 );
3803 mbedtls_free( buf );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3804 mbedtls_free( buf_save );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3805 USE_PSA_DONE( );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3806}
3807/* END_CASE */
3808
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3809/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3810void psa_hkdf_extract( int alg, char *hex_ikm_string,
3811 char *hex_salt_string, char *hex_prk_string )
3812{
3813 unsigned char *ikm = NULL;
3814 unsigned char *salt = NULL;
3815 unsigned char *prk = NULL;
3816 unsigned char *output_prk = NULL;
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3817 size_t ikm_len, salt_len, prk_len, output_prk_size, output_prk_len;
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3818
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3819 output_prk_size = PSA_HASH_LENGTH( alg );
Gabor Mezei298a2d62022-02-07 18:21:39 +0100[diff] [blame^]3820 ASSERT_ALLOC( output_prk, output_prk_size );
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3821
3822 ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len );
3823 salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len );
3824 prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
3825
3826 PSA_ASSERT( psa_crypto_init() );
3827 PSA_ASSERT( mbedtls_psa_hkdf_extract( alg, salt, salt_len,
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3828 ikm, ikm_len,
3829 output_prk, output_prk_size,
3830 &output_prk_len ) );
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3831
3832 ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len );
3833
3834exit:
3835 mbedtls_free(ikm);
3836 mbedtls_free(salt);
3837 mbedtls_free(prk);
3838 mbedtls_free(output_prk);
3839
3840 PSA_DONE( );
3841}
3842/* END_CASE */
3843
3844/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
3845void psa_hkdf_extract_ret( int hash_len, int ret )
3846{
3847 int output_ret;
3848 unsigned char *salt = NULL;
3849 unsigned char *ikm = NULL;
3850 unsigned char *prk = NULL;
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3851 size_t salt_len, ikm_len, prk_len;
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3852
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3853 salt_len = hash_len;
Gabor Mezei298a2d62022-02-07 18:21:39 +0100[diff] [blame^]3854 ASSERT_ALLOC( prk, PSA_MAC_MAX_SIZE);
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3855 ikm_len = 0;
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3856 prk_len = 0;
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3857
3858 PSA_ASSERT( psa_crypto_init() );
3859 output_ret = mbedtls_psa_hkdf_extract( 0, salt, salt_len,
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3860 ikm, ikm_len,
3861 prk, PSA_MAC_MAX_SIZE, &prk_len );
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3862 TEST_ASSERT( output_ret == ret );
Gabor Mezei62bf0242022-02-07 18:12:07 +0100[diff] [blame]3863 TEST_ASSERT( prk_len == 0 );
Gabor Mezei73cb6f52022-01-31 16:35:50 +0100[diff] [blame]3864
3865exit:
3866 mbedtls_free(prk);
3867
3868 PSA_DONE( );
3869}
3870/* END_CASE */
3871
3872/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3873void psa_hkdf_expand( int alg, char *hex_info_string,
3874 char *hex_prk_string, char *hex_okm_string )
3875{
3876 enum { OKM_LEN = 1024 };
3877 unsigned char *info = NULL;
3878 unsigned char *prk = NULL;
3879 unsigned char *okm = NULL;
3880 unsigned char *output_okm = NULL;
3881 size_t info_len, prk_len, okm_len;
3882
Gabor Mezei73812422022-02-15 16:24:58 +0100[diff] [blame]3883 PSA_INIT( );
3884
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3885 ASSERT_ALLOC( output_okm, OKM_LEN );
3886
3887 prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
3888 info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len );
3889 okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len );
3890 TEST_ASSERT( prk_len == PSA_HASH_LENGTH( alg ) );
3891 TEST_ASSERT( okm_len < OKM_LEN );
3892
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3893 PSA_ASSERT( mbedtls_psa_hkdf_expand( alg, prk, prk_len, info, info_len,
3894 output_okm, OKM_LEN ) );
3895
3896 ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
3897
3898exit:
Gabor Mezeid9170812022-02-15 16:25:27 +0100[diff] [blame]3899 mbedtls_free( info );
3900 mbedtls_free( prk );
3901 mbedtls_free( okm );
3902 mbedtls_free( output_okm );
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3903
3904 PSA_DONE( );
3905}
3906/* END_CASE */
3907
3908/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
3909void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
3910{
3911 int output_ret;
3912 unsigned char *info = NULL;
3913 unsigned char *prk = NULL;
3914 unsigned char *okm = NULL;
3915 size_t info_len;
Gabor Mezeicbe5ba52022-02-17 11:52:12 +0100[diff] [blame]3916 size_t i;
3917 mbedtls_svc_key_id_t *keys = NULL;
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3918
Gabor Mezei73812422022-02-15 16:24:58 +0100[diff] [blame]3919 PSA_INIT( );
3920
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3921 info_len = 0;
3922
Gabor Mezei8e360252022-02-17 11:50:02 +0100[diff] [blame]3923 if( prk_len > 0 )
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3924 ASSERT_ALLOC( prk, prk_len );
3925
Gabor Mezei8e360252022-02-17 11:50:02 +0100[diff] [blame]3926 if( okm_len > 0 )
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3927 ASSERT_ALLOC( okm, okm_len );
3928
Gabor Mezeicbe5ba52022-02-17 11:52:12 +0100[diff] [blame]3929 if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
3930 {
3931 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3932
3933 /* Reserve all key slot to make the key import fail. */
3934 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3935 psa_set_key_algorithm( &attributes, alg );
3936 psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
3937
3938 ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT );
3939
3940 for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
3941 {
3942 /* Do not use the 0 value because it will be passed to
3943 mbedtls_psa_hkdf_expand */
3944 prk[0] = i + 1;
3945 keys[i] = MBEDTLS_SVC_KEY_ID_INIT;
3946 psa_import_key( &attributes, prk, prk_len, &keys[i] );
3947 }
3948
3949 /* reset prk buffer */
3950 prk[0] = 0;
3951 }
3952
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3953 output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len,
3954 info, info_len,
3955 okm, okm_len );
3956 TEST_ASSERT( output_ret == ret );
3957
3958exit:
Gabor Mezeid9170812022-02-15 16:25:27 +0100[diff] [blame]3959 mbedtls_free( prk );
3960 mbedtls_free( okm );
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3961
Gabor Mezeicbe5ba52022-02-17 11:52:12 +0100[diff] [blame]3962 if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
3963 {
3964 for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
3965 psa_destroy_key( keys[i] );
3966
3967 mbedtls_free( keys );
3968 }
3969
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3970 PSA_DONE( );
3971}
3972/* END_CASE */
3973
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3974/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3975void ssl_tls13_hkdf_expand_label( int hash_alg,
3976 data_t *secret,
3977 int label_idx,
3978 data_t *ctx,
3979 int desired_length,
3980 data_t *expected )
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3981{
3982 unsigned char dst[ 100 ];
3983
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3984 unsigned char const *lbl = NULL;
3985 size_t lbl_len;
Xiaofei Baid25fab62021-12-02 06:36:27 +0000[diff] [blame]3986#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
3987 if( label_idx == (int) tls13_label_ ## name ) \
3988 { \
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3989 lbl = mbedtls_ssl_tls13_labels.name; \
3990 lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3991 }
3992MBEDTLS_SSL_TLS1_3_LABEL_LIST
3993#undef MBEDTLS_SSL_TLS1_3_LABEL
3994 TEST_ASSERT( lbl != NULL );
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3995
3996 /* Check sanity of test parameters. */
3997 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3998 TEST_ASSERT( (size_t) desired_length == expected->len );
3999
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4000 TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]4001 (mbedtls_md_type_t) hash_alg,
4002 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]4003 lbl, lbl_len,
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]4004 ctx->x, ctx->len,
4005 dst, desired_length ) == 0 );
4006
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4007 ASSERT_COMPARE( dst, (size_t) desired_length,
4008 expected->x, (size_t) expected->len );
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]4009}
4010/* END_CASE */
4011
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4012/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4013void ssl_tls13_traffic_key_generation( int hash_alg,
4014 data_t *server_secret,
4015 data_t *client_secret,
4016 int desired_iv_len,
4017 int desired_key_len,
4018 data_t *expected_server_write_key,
4019 data_t *expected_server_write_iv,
4020 data_t *expected_client_write_key,
4021 data_t *expected_client_write_iv )
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]4022{
4023 mbedtls_ssl_key_set keys;
4024
4025 /* Check sanity of test parameters. */
4026 TEST_ASSERT( client_secret->len == server_secret->len );
4027 TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len &&
4028 expected_client_write_iv->len == (size_t) desired_iv_len );
4029 TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
4030 expected_client_write_key->len == (size_t) desired_key_len );
4031
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4032 TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]4033 (mbedtls_md_type_t) hash_alg,
4034 client_secret->x,
4035 server_secret->x,
4036 client_secret->len /* == server_secret->len */,
4037 desired_key_len, desired_iv_len,
4038 &keys ) == 0 );
4039
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4040 ASSERT_COMPARE( keys.client_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]4041 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4042 expected_client_write_key->x,
4043 (size_t) desired_key_len );
4044 ASSERT_COMPARE( keys.server_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]4045 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4046 expected_server_write_key->x,
4047 (size_t) desired_key_len );
4048 ASSERT_COMPARE( keys.client_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]4049 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4050 expected_client_write_iv->x,
4051 (size_t) desired_iv_len );
4052 ASSERT_COMPARE( keys.server_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]4053 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4054 expected_server_write_iv->x,
4055 (size_t) desired_iv_len );
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]4056}
4057/* END_CASE */
4058
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4059/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4060void ssl_tls13_derive_secret( int hash_alg,
4061 data_t *secret,
4062 int label_idx,
4063 data_t *ctx,
4064 int desired_length,
4065 int already_hashed,
4066 data_t *expected )
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]4067{
4068 unsigned char dst[ 100 ];
4069
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]4070 unsigned char const *lbl = NULL;
4071 size_t lbl_len;
Xiaofei Baid25fab62021-12-02 06:36:27 +0000[diff] [blame]4072#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
4073 if( label_idx == (int) tls13_label_ ## name ) \
4074 { \
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4075 lbl = mbedtls_ssl_tls13_labels.name; \
4076 lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]4077 }
4078MBEDTLS_SSL_TLS1_3_LABEL_LIST
4079#undef MBEDTLS_SSL_TLS1_3_LABEL
4080 TEST_ASSERT( lbl != NULL );
4081
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]4082 /* Check sanity of test parameters. */
4083 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
4084 TEST_ASSERT( (size_t) desired_length == expected->len );
4085
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4086 TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]4087 (mbedtls_md_type_t) hash_alg,
4088 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]4089 lbl, lbl_len,
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]4090 ctx->x, ctx->len,
4091 already_hashed,
4092 dst, desired_length ) == 0 );
4093
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4094 ASSERT_COMPARE( dst, desired_length,
4095 expected->x, desired_length );
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]4096}
4097/* END_CASE */
4098
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4099/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4100void ssl_tls13_derive_early_secrets( int hash_alg,
4101 data_t *secret,
4102 data_t *transcript,
4103 data_t *traffic_expected,
4104 data_t *exporter_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4105{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4106 mbedtls_ssl_tls13_early_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4107
4108 /* Double-check that we've passed sane parameters. */
4109 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4110 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4111 size_t const md_size = mbedtls_md_get_size( md_info );
4112 TEST_ASSERT( md_info != 0 &&
4113 secret->len == md_size &&
4114 transcript->len == md_size &&
4115 traffic_expected->len == md_size &&
4116 exporter_expected->len == md_size );
4117
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4118 TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4119 md_type, secret->x, transcript->x, transcript->len,
4120 &secrets ) == 0 );
4121
4122 ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
4123 traffic_expected->x, traffic_expected->len );
4124 ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
4125 exporter_expected->x, exporter_expected->len );
4126}
4127/* END_CASE */
4128
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4129/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4130void ssl_tls13_derive_handshake_secrets( int hash_alg,
4131 data_t *secret,
4132 data_t *transcript,
4133 data_t *client_expected,
4134 data_t *server_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4135{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4136 mbedtls_ssl_tls13_handshake_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4137
4138 /* Double-check that we've passed sane parameters. */
4139 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4140 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4141 size_t const md_size = mbedtls_md_get_size( md_info );
4142 TEST_ASSERT( md_info != 0 &&
4143 secret->len == md_size &&
4144 transcript->len == md_size &&
4145 client_expected->len == md_size &&
4146 server_expected->len == md_size );
4147
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4148 TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4149 md_type, secret->x, transcript->x, transcript->len,
4150 &secrets ) == 0 );
4151
4152 ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
4153 client_expected->x, client_expected->len );
4154 ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
4155 server_expected->x, server_expected->len );
4156}
4157/* END_CASE */
4158
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4159/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4160void ssl_tls13_derive_application_secrets( int hash_alg,
4161 data_t *secret,
4162 data_t *transcript,
4163 data_t *client_expected,
4164 data_t *server_expected,
4165 data_t *exporter_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4166{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4167 mbedtls_ssl_tls13_application_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4168
4169 /* Double-check that we've passed sane parameters. */
4170 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4171 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4172 size_t const md_size = mbedtls_md_get_size( md_info );
4173 TEST_ASSERT( md_info != 0 &&
4174 secret->len == md_size &&
4175 transcript->len == md_size &&
4176 client_expected->len == md_size &&
4177 server_expected->len == md_size &&
4178 exporter_expected->len == md_size );
4179
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4180 TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4181 md_type, secret->x, transcript->x, transcript->len,
4182 &secrets ) == 0 );
4183
4184 ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
4185 client_expected->x, client_expected->len );
4186 ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
4187 server_expected->x, server_expected->len );
4188 ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
4189 exporter_expected->x, exporter_expected->len );
4190}
4191/* END_CASE */
4192
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4193/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4194void ssl_tls13_derive_resumption_secrets( int hash_alg,
4195 data_t *secret,
4196 data_t *transcript,
4197 data_t *resumption_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4198{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4199 mbedtls_ssl_tls13_application_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4200
4201 /* Double-check that we've passed sane parameters. */
4202 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4203 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4204 size_t const md_size = mbedtls_md_get_size( md_info );
4205 TEST_ASSERT( md_info != 0 &&
4206 secret->len == md_size &&
4207 transcript->len == md_size &&
4208 resumption_expected->len == md_size );
4209
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4210 TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4211 md_type, secret->x, transcript->x, transcript->len,
4212 &secrets ) == 0 );
4213
4214 ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
4215 resumption_expected->x, resumption_expected->len );
4216}
4217/* END_CASE */
4218
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4219/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4220void ssl_tls13_create_psk_binder( int hash_alg,
4221 data_t *psk,
4222 int psk_type,
4223 data_t *transcript,
4224 data_t *binder_expected )
Hanno Becker55bc2c52021-05-24 06:53:52 +0100[diff] [blame]4225{
4226 unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
4227
4228 /* Double-check that we've passed sane parameters. */
4229 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4230 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4231 size_t const md_size = mbedtls_md_get_size( md_info );
4232 TEST_ASSERT( md_info != 0 &&
4233 transcript->len == md_size &&
4234 binder_expected->len == md_size );
4235
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4236 TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
Hanno Becker55bc2c52021-05-24 06:53:52 +0100[diff] [blame]4237 NULL, /* SSL context for debugging only */
4238 md_type,
4239 psk->x, psk->len,
4240 psk_type,
4241 transcript->x,
4242 binder ) == 0 );
4243
4244 ASSERT_COMPARE( binder, md_size,
4245 binder_expected->x, binder_expected->len );
4246}
4247/* END_CASE */
4248
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4249/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4250void ssl_tls13_record_protection( int ciphersuite,
4251 int endpoint,
4252 int ctr,
4253 int padding_used,
4254 data_t *server_write_key,
4255 data_t *server_write_iv,
4256 data_t *client_write_key,
4257 data_t *client_write_iv,
4258 data_t *plaintext,
4259 data_t *ciphertext )
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4260{
4261 mbedtls_ssl_key_set keys;
4262 mbedtls_ssl_transform transform_send;
4263 mbedtls_ssl_transform transform_recv;
4264 mbedtls_record rec;
4265 unsigned char *buf = NULL;
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4266 size_t buf_len;
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4267 int other_endpoint;
4268
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]4269 USE_PSA_INIT( );
4270
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4271 TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
4272 endpoint == MBEDTLS_SSL_IS_SERVER );
4273
4274 if( endpoint == MBEDTLS_SSL_IS_SERVER )
4275 other_endpoint = MBEDTLS_SSL_IS_CLIENT;
4276 if( endpoint == MBEDTLS_SSL_IS_CLIENT )
4277 other_endpoint = MBEDTLS_SSL_IS_SERVER;
4278
4279 TEST_ASSERT( server_write_key->len == client_write_key->len );
4280 TEST_ASSERT( server_write_iv->len == client_write_iv->len );
4281
4282 memcpy( keys.client_write_key,
4283 client_write_key->x, client_write_key->len );
4284 memcpy( keys.client_write_iv,
4285 client_write_iv->x, client_write_iv->len );
4286 memcpy( keys.server_write_key,
4287 server_write_key->x, server_write_key->len );
4288 memcpy( keys.server_write_iv,
4289 server_write_iv->x, server_write_iv->len );
4290
4291 keys.key_len = server_write_key->len;
4292 keys.iv_len = server_write_iv->len;
4293
4294 mbedtls_ssl_transform_init( &transform_recv );
4295 mbedtls_ssl_transform_init( &transform_send );
4296
4297 TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
4298 &transform_send, endpoint,
4299 ciphersuite, &keys, NULL ) == 0 );
4300 TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
4301 &transform_recv, other_endpoint,
4302 ciphersuite, &keys, NULL ) == 0 );
4303
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4304 /* Make sure we have enough space in the buffer even if
4305 * we use more padding than the KAT. */
4306 buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
4307 ASSERT_ALLOC( buf, buf_len );
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4308 rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
Hanno Becker41537452021-04-20 05:35:28 +0100[diff] [blame]4309
4310 /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4311 mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
4312 MBEDTLS_SSL_MINOR_VERSION_3,
4313 MBEDTLS_SSL_TRANSPORT_STREAM,
4314 rec.ver );
4315
4316 /* Copy plaintext into record structure */
4317 rec.buf = buf;
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4318 rec.buf_len = buf_len;
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4319 rec.data_offset = 0;
4320 TEST_ASSERT( plaintext->len <= ciphertext->len );
4321 memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
4322 rec.data_len = plaintext->len;
4323#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
4324 rec.cid_len = 0;
4325#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
4326
4327 memset( &rec.ctr[0], 0, 8 );
4328 rec.ctr[7] = ctr;
4329
4330 TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
4331 NULL, NULL ) == 0 );
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4332
4333 if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
4334 {
4335 ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
4336 ciphertext->x, ciphertext->len );
4337 }
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4338
4339 TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
4340 ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
4341 plaintext->x, plaintext->len );
4342
Hanno Becker80e760e2021-03-23 06:00:21 +0000[diff] [blame]4343 mbedtls_free( buf );
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4344 mbedtls_ssl_transform_free( &transform_send );
4345 mbedtls_ssl_transform_free( &transform_recv );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]4346 USE_PSA_DONE( );
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4347}
4348/* END_CASE */
4349
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4350/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4351void ssl_tls13_key_evolution( int hash_alg,
4352 data_t *secret,
4353 data_t *input,
4354 data_t *expected )
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]4355{
4356 unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
4357
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4358 TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]4359 (mbedtls_md_type_t) hash_alg,
4360 secret->len ? secret->x : NULL,
4361 input->len ? input->x : NULL, input->len,
4362 secret_new ) == 0 );
4363
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4364 ASSERT_COMPARE( secret_new, (size_t) expected->len,
4365 expected->x, (size_t) expected->len );
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]4366}
4367/* END_CASE */
4368
Jerry Yu53d23e22022-02-09 16:25:09 +0800[diff] [blame]4369/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4370void ssl_tls_prf( int type, data_t * secret, data_t * random,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4371 char *label, data_t *result_str, int exp_ret )
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4372{
4373 unsigned char *output;
4374
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4375 output = mbedtls_calloc( 1, result_str->len );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4376 if( output == NULL )
4377 goto exit;
4378
Gilles Peskine9de97e22021-02-02 21:00:11 +0100[diff] [blame]4379 USE_PSA_INIT( );
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]4380
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4381 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
4382 label, random->x, random->len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4383 output, result_str->len ) == exp_ret );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4384
4385 if( exp_ret == 0 )
4386 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4387 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
4388 result_str->len, result_str->len ) == 0 );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4389 }
4390exit:
4391
4392 mbedtls_free( output );
Gilles Peskine1f186ff2021-02-02 21:04:06 +0100[diff] [blame]4393 USE_PSA_DONE( );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4394}
4395/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4396
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4397/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4398void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4399{
4400 mbedtls_ssl_session original, restored;
4401 unsigned char *buf = NULL;
4402 size_t len;
4403
4404 /*
4405 * Test that a save-load pair is the identity
4406 */
4407
4408 mbedtls_ssl_session_init( &original );
4409 mbedtls_ssl_session_init( &restored );
4410
4411 /* Prepare a dummy session to work on */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4412 TEST_ASSERT( ssl_populate_session_tls12( &original, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4413
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4414 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4415 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
4416 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4417 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
4418 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
4419 == 0 );
4420
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4421 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4422 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
4423
4424 /*
4425 * Make sure both session structures are identical
4426 */
4427#if defined(MBEDTLS_HAVE_TIME)
4428 TEST_ASSERT( original.start == restored.start );
4429#endif
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4430 TEST_ASSERT( original.minor_ver == restored.minor_ver );
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4431 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
4432 TEST_ASSERT( original.compression == restored.compression );
4433 TEST_ASSERT( original.id_len == restored.id_len );
4434 TEST_ASSERT( memcmp( original.id,
4435 restored.id, sizeof( original.id ) ) == 0 );
4436 TEST_ASSERT( memcmp( original.master,
4437 restored.master, sizeof( original.master ) ) == 0 );
4438
4439#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]4440#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4441 TEST_ASSERT( ( original.peer_cert == NULL ) ==
4442 ( restored.peer_cert == NULL ) );
4443 if( original.peer_cert != NULL )
4444 {
4445 TEST_ASSERT( original.peer_cert->raw.len ==
4446 restored.peer_cert->raw.len );
4447 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
4448 restored.peer_cert->raw.p,
4449 original.peer_cert->raw.len ) == 0 );
4450 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]4451#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
4452 TEST_ASSERT( original.peer_cert_digest_type ==
4453 restored.peer_cert_digest_type );
4454 TEST_ASSERT( original.peer_cert_digest_len ==
4455 restored.peer_cert_digest_len );
4456 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
4457 ( restored.peer_cert_digest == NULL ) );
4458 if( original.peer_cert_digest != NULL )
4459 {
4460 TEST_ASSERT( memcmp( original.peer_cert_digest,
4461 restored.peer_cert_digest,
4462 original.peer_cert_digest_len ) == 0 );
4463 }
4464#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
4465#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4466 TEST_ASSERT( original.verify_result == restored.verify_result );
4467
4468#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
4469 TEST_ASSERT( original.ticket_len == restored.ticket_len );
4470 if( original.ticket_len != 0 )
4471 {
4472 TEST_ASSERT( original.ticket != NULL );
4473 TEST_ASSERT( restored.ticket != NULL );
4474 TEST_ASSERT( memcmp( original.ticket,
4475 restored.ticket, original.ticket_len ) == 0 );
4476 }
4477 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
4478#endif
4479
4480#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
4481 TEST_ASSERT( original.mfl_code == restored.mfl_code );
4482#endif
4483
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4484#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
4485 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
4486#endif
4487
4488exit:
4489 mbedtls_ssl_session_free( &original );
4490 mbedtls_ssl_session_free( &restored );
4491 mbedtls_free( buf );
4492}
4493/* END_CASE */
4494
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]4495/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4496void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4497{
4498 mbedtls_ssl_session session;
4499 unsigned char *buf1 = NULL, *buf2 = NULL;
4500 size_t len0, len1, len2;
4501
4502 /*
4503 * Test that a load-save pair is the identity
4504 */
4505
4506 mbedtls_ssl_session_init( &session );
4507
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]4508 /* Prepare a dummy session to work on */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4509 TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]4510
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4511 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4512 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
4513 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4514
4515 /* Allocate first buffer */
4516 buf1 = mbedtls_calloc( 1, len0 );
4517 TEST_ASSERT( buf1 != NULL );
4518
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4519 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4520 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
4521 == 0 );
4522 TEST_ASSERT( len0 == len1 );
4523 mbedtls_ssl_session_free( &session );
4524
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4525 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]4526 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4527
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4528 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4529 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]4530 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4531 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
4532 == 0 );
4533
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4534 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4535 TEST_ASSERT( len1 == len2 );
4536 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
4537
4538exit:
4539 mbedtls_ssl_session_free( &session );
4540 mbedtls_free( buf1 );
4541 mbedtls_free( buf2 );
4542}
4543/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4544
4545/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4546void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4547{
4548 mbedtls_ssl_session session;
4549 unsigned char *buf = NULL;
4550 size_t good_len, bad_len, test_len;
4551
4552 /*
4553 * Test that session_save() fails cleanly on small buffers
4554 */
4555
4556 mbedtls_ssl_session_init( &session );
4557
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4558 /* Prepare dummy session and get serialized size */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4559 TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4560 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4561 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4562
4563 /* Try all possible bad lengths */
4564 for( bad_len = 1; bad_len < good_len; bad_len++ )
4565 {
4566 /* Allocate exact size so that asan/valgrind can detect any overwrite */
4567 mbedtls_free( buf );
4568 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
4569 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
4570 &test_len )
4571 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4572 TEST_ASSERT( test_len == good_len );
4573 }
4574
4575exit:
4576 mbedtls_ssl_session_free( &session );
4577 mbedtls_free( buf );
4578}
4579/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4580
4581/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4582void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4583{
4584 mbedtls_ssl_session session;
4585 unsigned char *good_buf = NULL, *bad_buf = NULL;
4586 size_t good_len, bad_len;
4587
4588 /*
4589 * Test that session_load() fails cleanly on small buffers
4590 */
4591
4592 mbedtls_ssl_session_init( &session );
4593
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4594 /* Prepare serialized session data */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4595 TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4596 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4597 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4598 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
4599 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
4600 &good_len ) == 0 );
4601 mbedtls_ssl_session_free( &session );
4602
4603 /* Try all possible bad lengths */
4604 for( bad_len = 0; bad_len < good_len; bad_len++ )
4605 {
4606 /* Allocate exact size so that asan/valgrind can detect any overread */
4607 mbedtls_free( bad_buf );
4608 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
4609 TEST_ASSERT( bad_buf != NULL );
4610 memcpy( bad_buf, good_buf, bad_len );
4611
4612 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
4613 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
4614 }
4615
4616exit:
4617 mbedtls_ssl_session_free( &session );
4618 mbedtls_free( good_buf );
4619 mbedtls_free( bad_buf );
4620}
4621/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4622
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4623/* BEGIN_CASE */
4624void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4625 int corrupt_minor,
4626 int corrupt_patch,
4627 int corrupt_config )
4628{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4629 unsigned char serialized_session[ 2048 ];
4630 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4631 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4632 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4633 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
4634 corrupt_minor == 1,
4635 corrupt_patch == 1,
4636 corrupt_config == 1,
4637 corrupt_config == 1 };
4638
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4639 mbedtls_ssl_session_init( &session );
Paul Elliott46a6c202021-12-09 18:16:13 +0000[diff] [blame]4640 TEST_ASSERT( ssl_populate_session_tls12( &session, 0, NULL ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4641
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4642 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4643 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4644 serialized_session,
4645 sizeof( serialized_session ),
4646 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4647
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4648 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4649
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4650 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4651 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4652 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4653 serialized_session,
4654 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4655 mbedtls_ssl_session_free( &session );
4656
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4657 /* Go through the bytes in the serialized session header and
4658 * corrupt them bit-by-bit. */
4659 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4660 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4661 int cur_bit;
4662 unsigned char * const byte = &serialized_session[ cur_byte ];
4663
4664 if( should_corrupt_byte[ cur_byte ] == 0 )
4665 continue;
4666
4667 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
4668 {
4669 unsigned char const corrupted_bit = 0x1u << cur_bit;
4670 /* Modify a single bit in the serialized session. */
4671 *byte ^= corrupted_bit;
4672
4673 /* Attempt to deserialize */
4674 TEST_ASSERT( mbedtls_ssl_session_load( &session,
4675 serialized_session,
4676 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]4677 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4678
4679 /* Undo the change */
4680 *byte ^= corrupted_bit;
4681 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4682 }
4683
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4684}
4685/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4686
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4687/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4688void mbedtls_endpoint_sanity( int endpoint_type )
4689{
4690 enum { BUFFSIZE = 1024 };
4691 mbedtls_endpoint ep;
4692 int ret = -1;
4693
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4694 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
4695 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4696 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4697
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]4698 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4699 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4700
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4701 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
4702 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4703 TEST_ASSERT( ret == 0 );
4704
4705exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4706 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4707}
4708/* END_CASE */
4709
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4710/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4711void move_handshake_to_state(int endpoint_type, int state, int need_pass)
4712{
4713 enum { BUFFSIZE = 1024 };
4714 mbedtls_endpoint base_ep, second_ep;
4715 int ret = -1;
4716
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4717 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
4718 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4719 TEST_ASSERT( ret == 0 );
4720
4721 ret = mbedtls_endpoint_init( &second_ep,
4722 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]4723 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4724 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4725 TEST_ASSERT( ret == 0 );
4726
4727 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
4728 &(second_ep.socket),
4729 BUFFSIZE );
4730 TEST_ASSERT( ret == 0 );
4731
4732 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
4733 &(second_ep.ssl),
4734 state );
4735 if( need_pass )
4736 {
4737 TEST_ASSERT( ret == 0 );
4738 TEST_ASSERT( base_ep.ssl.state == state );
4739 }
4740 else
4741 {
4742 TEST_ASSERT( ret != 0 );
4743 TEST_ASSERT( base_ep.ssl.state != state );
4744 }
4745
4746exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4747 mbedtls_endpoint_free( &base_ep, NULL );
4748 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4749}
4750/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4751
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4752/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4753void handshake_version( int dtls, int client_min_version, int client_max_version,
4754 int server_min_version, int server_max_version,
4755 int expected_negotiated_version )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4756{
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4757 handshake_test_options options;
4758 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4759
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4760 options.client_min_version = client_min_version;
4761 options.client_max_version = client_max_version;
4762 options.server_min_version = server_min_version;
4763 options.server_max_version = server_max_version;
4764
4765 options.expected_negotiated_version = expected_negotiated_version;
4766
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4767 options.dtls = dtls;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4768 perform_handshake( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4769
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4770 /* The goto below is used to avoid an "unused label" warning.*/
4771 goto exit;
4772}
4773/* END_CASE */
Andrzej Kurek9e9efdc2020-02-26 05:25:23 -0500[diff] [blame]4774
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4775/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4776void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
4777{
4778 handshake_test_options options;
4779 init_handshake_options( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4780
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4781 options.cipher = cipher;
4782 options.dtls = dtls;
4783 options.psk_str = psk_str;
4784 options.pk_alg = pk_alg;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]4785
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4786 perform_handshake( &options );
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4787
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4788 /* The goto below is used to avoid an "unused label" warning.*/
4789 goto exit;
4790}
4791/* END_CASE */
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4792
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4793/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4794void handshake_cipher( char* cipher, int pk_alg, int dtls )
4795{
4796 test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4797
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4798 /* The goto below is used to avoid an "unused label" warning.*/
4799 goto exit;
4800}
4801/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4802
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4803/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4804void app_data( int mfl, int cli_msg_len, int srv_msg_len,
4805 int expected_cli_fragments,
4806 int expected_srv_fragments, int dtls )
4807{
4808 handshake_test_options options;
4809 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4810
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4811 options.mfl = mfl;
4812 options.cli_msg_len = cli_msg_len;
4813 options.srv_msg_len = srv_msg_len;
4814 options.expected_cli_fragments = expected_cli_fragments;
4815 options.expected_srv_fragments = expected_srv_fragments;
4816 options.dtls = dtls;
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4817
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4818 perform_handshake( &options );
4819 /* The goto below is used to avoid an "unused label" warning.*/
4820 goto exit;
4821}
4822/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4823
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4824/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4825void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
4826 int expected_cli_fragments,
4827 int expected_srv_fragments )
4828{
4829 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4830 expected_srv_fragments, 0 );
4831 /* The goto below is used to avoid an "unused label" warning.*/
4832 goto exit;
4833}
4834/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4835
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4836/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4837void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
4838 int expected_cli_fragments,
4839 int expected_srv_fragments )
4840{
4841 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4842 expected_srv_fragments, 1 );
4843 /* The goto below is used to avoid an "unused label" warning.*/
4844 goto exit;
4845}
4846/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4847
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4848/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4849void handshake_serialization( )
4850{
4851 handshake_test_options options;
4852 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4853
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4854 options.serialize = 1;
4855 options.dtls = 1;
4856 perform_handshake( &options );
4857 /* The goto below is used to avoid an "unused label" warning.*/
4858 goto exit;
4859}
4860/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4861
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4862/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]4863void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
4864{
4865 handshake_test_options options;
4866 log_pattern srv_pattern, cli_pattern;
4867
4868 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
4869 srv_pattern.counter = 0;
4870 cli_pattern.counter = 0;
4871
4872 init_handshake_options( &options );
4873 options.dtls = 1;
4874 options.mfl = mfl;
Darryl Greenaad82f92019-12-02 10:53:11 +0000[diff] [blame]4875 /* Set cipher to one using CBC so that record splitting can be tested */
4876 options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]4877 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
4878 options.srv_log_obj = &srv_pattern;
4879 options.cli_log_obj = &cli_pattern;
4880 options.srv_log_fun = log_analyzer;
4881 options.cli_log_fun = log_analyzer;
4882
4883 perform_handshake( &options );
4884
4885 /* Test if the server received a fragmented handshake */
4886 if( expected_srv_hs_fragmentation )
4887 {
4888 TEST_ASSERT( srv_pattern.counter >= 1 );
4889 }
4890 /* Test if the client received a fragmented handshake */
4891 if( expected_cli_hs_fragmentation )
4892 {
4893 TEST_ASSERT( cli_pattern.counter >= 1 );
4894 }
4895}
4896/* END_CASE */
4897
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4898/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4899void renegotiation( int legacy_renegotiation )
4900{
4901 handshake_test_options options;
4902 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4903
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4904 options.renegotiate = 1;
4905 options.legacy_renegotiation = legacy_renegotiation;
4906 options.dtls = 1;
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4907
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4908 perform_handshake( &options );
4909 /* The goto below is used to avoid an "unused label" warning.*/
4910 goto exit;
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4911}
4912/* END_CASE */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4913
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4914/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4915void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4916 int serialize, int dtls, char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4917{
4918 handshake_test_options options;
4919 init_handshake_options( &options );
4920
4921 options.mfl = mfl;
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4922 options.cipher = cipher;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4923 options.renegotiate = renegotiation;
4924 options.legacy_renegotiation = legacy_renegotiation;
4925 options.serialize = serialize;
4926 options.dtls = dtls;
4927 options.resize_buffers = 1;
4928
4929 perform_handshake( &options );
4930 /* The goto below is used to avoid an "unused label" warning.*/
4931 goto exit;
4932}
4933/* END_CASE */
4934
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4935/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4936void resize_buffers_serialize_mfl( int mfl )
4937{
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4938 test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
4939 (char *) "" );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4940
4941 /* The goto below is used to avoid an "unused label" warning.*/
4942 goto exit;
4943}
4944/* END_CASE */
4945
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4946/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4947void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
4948 char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4949{
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4950 test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4951
4952 /* The goto below is used to avoid an "unused label" warning.*/
4953 goto exit;
4954}
4955/* END_CASE */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4956
Manuel Pégourié-Gonnarded0e8642020-07-21 11:20:30 +0200[diff] [blame]4957/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4958void ssl_cf_hmac( int hash )
4959{
4960 /*
Gabor Mezei90437e32021-10-20 11:59:27 +0200[diff] [blame]4961 * Test the function mbedtls_ct_hmac() against a reference
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4962 * implementation.
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4963 */
4964 mbedtls_md_context_t ctx, ref_ctx;
4965 const mbedtls_md_info_t *md_info;
4966 size_t out_len, block_size;
4967 size_t min_in_len, in_len, max_in_len, i;
4968 /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
4969 unsigned char add_data[13];
4970 unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
4971 unsigned char *data = NULL;
4972 unsigned char *out = NULL;
4973 unsigned char rec_num = 0;
4974
4975 mbedtls_md_init( &ctx );
4976 mbedtls_md_init( &ref_ctx );
4977
4978 md_info = mbedtls_md_info_from_type( hash );
4979 TEST_ASSERT( md_info != NULL );
4980 out_len = mbedtls_md_get_size( md_info );
4981 TEST_ASSERT( out_len != 0 );
4982 block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
4983
4984 /* Use allocated out buffer to catch overwrites */
4985 ASSERT_ALLOC( out, out_len );
4986
4987 /* Set up contexts with the given hash and a dummy key */
4988 TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
4989 TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
4990 memset( ref_out, 42, sizeof( ref_out ) );
4991 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
4992 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
4993 memset( ref_out, 0, sizeof( ref_out ) );
4994
4995 /*
4996 * Test all possible lengths up to a point. The difference between
4997 * max_in_len and min_in_len is at most 255, and make sure they both vary
4998 * by at least one block size.
4999 */
5000 for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
5001 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]5002 mbedtls_test_set_step( max_in_len * 10000 );
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +0200[diff] [blame]5003
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]5004 /* Use allocated in buffer to catch overreads */
Manuel Pégourié-Gonnardc3219002020-07-22 10:32:52 +0200[diff] [blame]5005 ASSERT_ALLOC( data, max_in_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]5006
5007 min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
5008 for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
5009 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]5010 mbedtls_test_set_step( max_in_len * 10000 + in_len );
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +0200[diff] [blame]5011
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]5012 /* Set up dummy data and add_data */
5013 rec_num++;
5014 memset( add_data, rec_num, sizeof( add_data ) );
5015 for( i = 0; i < in_len; i++ )
5016 data[i] = ( i & 0xff ) ^ rec_num;
5017
5018 /* Get the function's result */
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]5019 TEST_CF_SECRET( &in_len, sizeof( in_len ) );
Gabor Mezei90437e32021-10-20 11:59:27 +0200[diff] [blame]5020 TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
gabor-mezei-arm9fa43ce2021-09-28 16:14:47 +0200[diff] [blame]5021 data, in_len,
5022 min_in_len, max_in_len,
5023 out ) );
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]5024 TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
5025 TEST_CF_PUBLIC( out, out_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]5026
5027 /* Compute the reference result */
5028 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
5029 sizeof( add_data ) ) );
5030 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
5031 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
5032 TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
5033
5034 /* Compare */
5035 ASSERT_COMPARE( out, out_len, ref_out, out_len );
5036 }
5037
5038 mbedtls_free( data );
5039 data = NULL;
5040 }
5041
5042exit:
5043 mbedtls_md_free( &ref_ctx );
5044 mbedtls_md_free( &ctx );
5045
5046 mbedtls_free( data );
5047 mbedtls_free( out );
5048}
5049/* END_CASE */
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]5050
5051/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
5052void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
5053{
5054 unsigned char *dst = NULL;
5055 unsigned char *src = NULL;
5056 size_t src_len = offset_max + len;
5057 size_t secret;
5058
5059 ASSERT_ALLOC( dst, len );
5060 ASSERT_ALLOC( src, src_len );
5061
5062 /* Fill src in a way that we can detect if we copied the right bytes */
5063 mbedtls_test_rnd_std_rand( NULL, src, src_len );
5064
5065 for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
5066 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]5067 mbedtls_test_set_step( (int) secret );
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]5068
5069 TEST_CF_SECRET( &secret, sizeof( secret ) );
Gabor Mezei90437e32021-10-20 11:59:27 +0200[diff] [blame]5070 mbedtls_ct_memcpy_offset( dst, src, secret,
gabor-mezei-arm9fa43ce2021-09-28 16:14:47 +0200[diff] [blame]5071 offset_min, offset_max, len );
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]5072 TEST_CF_PUBLIC( &secret, sizeof( secret ) );
5073 TEST_CF_PUBLIC( dst, len );
5074
5075 ASSERT_COMPARE( dst, len, src + secret, len );
5076 }
5077
5078exit:
5079 mbedtls_free( dst );
5080 mbedtls_free( src );
5081}
5082/* END_CASE */
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]5083
5084/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
5085void test_multiple_psks()
5086{
5087 unsigned char psk0[10] = { 0 };
5088 unsigned char psk0_identity[] = { 'f', 'o', 'o' };
5089
5090 unsigned char psk1[10] = { 0 };
5091 unsigned char psk1_identity[] = { 'b', 'a', 'r' };
5092
5093 mbedtls_ssl_config conf;
5094
5095 mbedtls_ssl_config_init( &conf );
5096
5097 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5098 psk0, sizeof( psk0 ),
5099 psk0_identity, sizeof( psk0_identity ) ) == 0 );
5100 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5101 psk1, sizeof( psk1 ),
5102 psk1_identity, sizeof( psk1_identity ) ) ==
5103 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5104
5105exit:
5106
5107 mbedtls_ssl_config_free( &conf );
5108}
5109/* END_CASE */
5110
5111/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
5112void test_multiple_psks_opaque( int mode )
5113{
5114 /*
5115 * Mode 0: Raw PSK, then opaque PSK
5116 * Mode 1: Opaque PSK, then raw PSK
5117 * Mode 2: 2x opaque PSK
5118 */
5119
5120 unsigned char psk0_raw[10] = { 0 };
5121 unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' };
5122
Andrzej Kurek03e01462022-01-03 12:53:24 +0100[diff] [blame]5123 mbedtls_svc_key_id_t psk0_opaque = mbedtls_svc_key_id_make( 0x1, (psa_key_id_t) 1 );
5124
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]5125 unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' };
5126
5127 unsigned char psk1_raw[10] = { 0 };
5128 unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' };
5129
Andrzej Kurek03e01462022-01-03 12:53:24 +0100[diff] [blame]5130 mbedtls_svc_key_id_t psk1_opaque = mbedtls_svc_key_id_make( 0x1, (psa_key_id_t) 2 );
5131
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]5132 unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' };
5133
5134 mbedtls_ssl_config conf;
5135
5136 USE_PSA_INIT( );
5137 mbedtls_ssl_config_init( &conf );
5138
5139 switch( mode )
5140 {
5141 case 0:
5142
5143 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5144 psk0_raw, sizeof( psk0_raw ),
5145 psk0_raw_identity, sizeof( psk0_raw_identity ) )
5146 == 0 );
5147 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5148 psk1_opaque,
5149 psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
5150 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5151 break;
5152
5153 case 1:
5154
5155 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5156 psk0_opaque,
5157 psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
5158 == 0 );
5159 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5160 psk1_raw, sizeof( psk1_raw ),
5161 psk1_raw_identity, sizeof( psk1_raw_identity ) )
5162 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5163
5164 break;
5165
5166 case 2:
5167
5168 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5169 psk0_opaque,
5170 psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
5171 == 0 );
5172 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5173 psk1_opaque,
5174 psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
5175 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5176
5177 break;
5178
5179 default:
5180 TEST_ASSERT( 0 );
5181 break;
5182 }
5183
5184exit:
5185
5186 mbedtls_ssl_config_free( &conf );
5187 USE_PSA_DONE( );
5188
5189}
5190/* END_CASE */
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5191
5192/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
5193void conf_curve()
5194{
5195
5196 mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
5197 MBEDTLS_ECP_DP_SECP224R1,
5198 MBEDTLS_ECP_DP_SECP256R1,
5199 MBEDTLS_ECP_DP_NONE };
5200 mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
5201 MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
5202 MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
5203 MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
5204
5205 mbedtls_ssl_config conf;
5206 mbedtls_ssl_config_init( &conf );
Jerry Yubaa49342022-02-15 10:26:40 +0800[diff] [blame]5207#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5208 mbedtls_ssl_conf_max_version( &conf, 3, 3 );
5209 mbedtls_ssl_conf_min_version( &conf, 3, 3 );
Jerry Yubaa49342022-02-15 10:26:40 +0800[diff] [blame]5210#else
5211 mbedtls_ssl_conf_max_version( &conf, 3, 4 );
5212 mbedtls_ssl_conf_min_version( &conf, 3, 4 );
5213#endif
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5214 mbedtls_ssl_conf_curves( &conf, curve_list );
5215
5216 mbedtls_ssl_context ssl;
5217 mbedtls_ssl_init( &ssl );
Paul Elliott46a6c202021-12-09 18:16:13 +0000[diff] [blame]5218 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5219
5220 TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
5221 TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
5222
5223 TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
5224
5225 for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
5226 TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] );
5227
5228 mbedtls_ssl_free( &ssl );
5229 mbedtls_ssl_config_free( &conf );
5230}
5231/* END_CASE */
5232
5233/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
5234void conf_group()
5235{
5236 uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
5237 MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
5238 MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
5239 MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
5240
5241 mbedtls_ssl_config conf;
5242 mbedtls_ssl_config_init( &conf );
5243
5244 mbedtls_ssl_conf_max_version( &conf, 3, 3 );
5245 mbedtls_ssl_conf_min_version( &conf, 3, 3 );
5246
5247 mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
5248
5249 mbedtls_ssl_context ssl;
5250 mbedtls_ssl_init( &ssl );
Paul Elliott46a6c202021-12-09 18:16:13 +0000[diff] [blame]5251 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5252
5253 TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );
5254
5255 TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
5256
5257 for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
5258 TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] );
5259
5260 mbedtls_ssl_free( &ssl );
5261 mbedtls_ssl_config_free( &conf );
5262}
5263/* END_CASE */