TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2a1f178d7c6bb137bdcdf518e20b53ddd1b22fe3 / . / tests / suites / test_suite_ssl.function
blob: 4fba1f187a89383c959fafd719f29ba04948ed59 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame^]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
6#include <mbedtls/certs.h>
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]7
8/*
9 * Buffer structure for custom I/O callbacks.
10 */
11
12typedef struct mbedtls_test_buffer
13{
14 size_t start;
15 size_t content_length;
16 size_t capacity;
17 unsigned char *buffer;
18} mbedtls_test_buffer;
19
20/*
21 * Initialises \p buf. After calling this function it is safe to call
22 * `mbedtls_test_buffer_free()` on \p buf.
23 */
24void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
25{
26 memset( buf, 0, sizeof( *buf ) );
27}
28
29/*
30 * Sets up \p buf. After calling this function it is safe to call
31 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
32 */
33int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
34{
35 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
36 sizeof(unsigned char) );
37 if( NULL == buf->buffer )
38 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
39 buf->capacity = capacity;
40
41 return 0;
42}
43
44void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
45{
46 if( buf->buffer != NULL )
47 mbedtls_free( buf->buffer );
48
49 memset( buf, 0, sizeof( *buf ) );
50}
51
52/*
53 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
54 *
55 * \p buf must have been initialized and set up by calling
56 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
57 *
58 * \retval \p input_len, if the data fits.
59 * \retval 0 <= value < \p input_len, if the data does not fit.
60 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
61 * zero and \p input is NULL.
62 */
63int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame^]64 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]65{
66 size_t overflow = 0;
67
68 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
69 return -1;
70
71 /* Reduce input_len to a number that fits in the buffer. */
72 if ( ( buf->content_length + input_len ) > buf->capacity )
73 {
74 input_len = buf->capacity - buf->content_length;
75 }
76
77 if( input == NULL )
78 {
79 return ( input_len == 0 ) ? 0 : -1;
80 }
81
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]82 /* Check if the buffer has not come full circle and free space is not in
83 * the middle */
84 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]85 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]86
87 /* Calculate the number of bytes that need to be placed at lower memory
88 * address */
89 if( buf->start + buf->content_length + input_len
90 > buf->capacity )
91 {
92 overflow = ( buf->start + buf->content_length + input_len )
93 % buf->capacity;
94 }
95
96 memcpy( buf->buffer + buf->start + buf->content_length, input,
97 input_len - overflow );
98 memcpy( buf->buffer, input + input_len - overflow, overflow );
99
100 }
101 else
102 {
103 /* The buffer has come full circle and free space is in the middle */
104 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
105 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]106 }
107
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]108 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]109 return input_len;
110}
111
112/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]113 * Gets \p output_len bytes from the ring buffer \p buf into the
114 * \p output buffer. The output buffer can be NULL, in this case a part of the
115 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]116 *
117 * \p buf must have been initialized and set up by calling
118 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
119 *
120 * \retval \p output_len, if the data is available.
121 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]122 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]123 */
124int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
125 unsigned char* output, size_t output_len )
126{
127 size_t overflow = 0;
128
129 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
130 return -1;
131
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]132 if( output == NULL && output_len == 0 )
133 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]134
135 if( buf->content_length < output_len )
136 output_len = buf->content_length;
137
138 /* Calculate the number of bytes that need to be drawn from lower memory
139 * address */
140 if( buf->start + output_len > buf->capacity )
141 {
142 overflow = ( buf->start + output_len ) % buf->capacity;
143 }
144
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]145 if( output != NULL )
146 {
147 memcpy( output, buf->buffer + buf->start, output_len - overflow );
148 memcpy( output + output_len - overflow, buf->buffer, overflow );
149 }
150
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]151 buf->content_length -= output_len;
152 buf->start = ( buf->start + output_len ) % buf->capacity;
153
154 return output_len;
155}
156
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]157/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]158 * Errors used in the message transport mock tests
159 */
160 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
161 #define MBEDTLS_TEST_ERROR_QUEUE_FULL -22
162 #define MBEDTLS_TEST_ERROR_QUEUE_EMPTY -33
163 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
164
165/*
166 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
167 */
168typedef struct mbedtls_test_message_queue
169{
170 size_t *messages;
171 int pos;
172 int num;
173 int capacity;
174} mbedtls_test_message_queue;
175
176/*
177 * Setup and free functions for the message metadata queue.
178 *
179 * \p capacity describes the number of message metadata chunks that can be held
180 * within the queue.
181 *
182 * \retval 0, if a metadata queue of a given length can be allocated.
183 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
184 */
185int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
186 size_t capacity )
187{
188 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
189 if( NULL == queue->messages )
190 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
191
192 queue->capacity = capacity;
193 queue->pos = 0;
194 queue->num = 0;
195
196 return 0;
197}
198
199void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
200{
201 if( queue == NULL )
202 return;
203
204 if( queue->messages != NULL )
205 mbedtls_free( queue->messages );
206
207 memset( queue, 0, sizeof( *queue ) );
208}
209
210/*
211 * Push message length information onto the message metadata queue.
212 * This will become the last element to leave it (fifo).
213 *
214 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
215 * \retval MBEDTLS_TEST_ERROR_QUEUE_FULL, if the queue is full.
216 * \retval \p len, if the push was successful.
217 */
218int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
219 size_t len )
220{
221 int place;
222 if( queue == NULL )
223 return MBEDTLS_TEST_ERROR_ARG_NULL;
224
225 if( queue->num >= queue->capacity )
226 return MBEDTLS_TEST_ERROR_QUEUE_FULL;
227
228 place = ( queue->pos + queue->num ) % queue->capacity;
229 queue->messages[place] = len;
230 queue->num++;
231 return len;
232}
233
234/*
235 * Pop information about the next message length from the queue. This will be
236 * the oldest inserted message length(fifo). \p msg_len can be null, in which
237 * case the data will be popped from the queue but not copied anywhere.
238 *
239 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
240 * \retval MBEDTLS_TEST_ERROR_QUEUE_EMPTY, if the queue is empty.
241 * \retval message length, if the pop was successful, up to the given
242 \p buf_len.
243 */
244int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
245 size_t buf_len )
246{
247 size_t message_length;
248 if( queue == NULL )
249 return MBEDTLS_TEST_ERROR_ARG_NULL;
250 if( queue->num == 0 )
251 return MBEDTLS_TEST_ERROR_QUEUE_EMPTY;
252
253 message_length = queue->messages[queue->pos];
254 queue->messages[queue->pos] = 0;
255 queue->num--;
256 queue->pos++;
257 queue->pos %= queue->capacity;
258 if( queue->pos < 0 )
259 queue->pos += queue->capacity;
260
261 return ( message_length > buf_len ) ? buf_len : message_length;
262}
263
264/*
265 * Take a peek on the info about the next message length from the queue.
266 * This will be the oldest inserted message length(fifo).
267 *
268 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
269 * \retval MBEDTLS_TEST_ERROR_QUEUE_EMPTY, if the queue is empty.
270 * \retval 0, if the peek was successful.
271 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
272 * too small to fit the message. In this case the \p msg_len will be
273 * set to the full message length so that the
274 * caller knows what portion of the message can be dropped.
275 */
276int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
277 size_t buf_len, size_t* msg_len )
278{
279 if( queue == NULL || msg_len == NULL )
280 return MBEDTLS_TEST_ERROR_ARG_NULL;
281 if( queue->num == 0 )
282 return MBEDTLS_TEST_ERROR_QUEUE_EMPTY;
283
284 *msg_len = queue->messages[queue->pos];
285 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
286}
287/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]288 * Context for the I/O callbacks simulating network connection.
289 */
290
291#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
292
293typedef struct mbedtls_mock_socket
294{
295 int status;
296 mbedtls_test_buffer *input;
297 mbedtls_test_buffer *output;
298 struct mbedtls_mock_socket *peer;
299} mbedtls_mock_socket;
300
301/*
302 * Setup and teardown functions for mock sockets.
303 */
304void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
305{
306 memset( socket, 0, sizeof( *socket ) );
307}
308
309/*
310 * Closes the socket \p socket.
311 *
312 * \p socket must have been previously initialized by calling
313 * mbedtls_mock_socket_init().
314 *
315 * This function frees all allocated resources and both sockets are aware of the
316 * new connection state.
317 *
318 * That is, this function does not simulate half-open TCP connections and the
319 * phenomenon that when closing a UDP connection the peer is not aware of the
320 * connection having been closed.
321 */
322void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
323{
324 if( socket == NULL )
325 return;
326
327 if( socket->input != NULL )
328 {
329 mbedtls_test_buffer_free( socket->input );
330 mbedtls_free( socket->input );
331 }
332
333 if( socket->output != NULL )
334 {
335 mbedtls_test_buffer_free( socket->output );
336 mbedtls_free( socket->output );
337 }
338
339 if( socket->peer != NULL )
340 memset( socket->peer, 0, sizeof( *socket->peer ) );
341
342 memset( socket, 0, sizeof( *socket ) );
343}
344
345/*
346 * Establishes a connection between \p peer1 and \p peer2.
347 *
348 * \p peer1 and \p peer2 must have been previously initialized by calling
349 * mbedtls_mock_socket_init().
350 *
351 * The capacites of the internal buffers are set to \p bufsize. Setting this to
352 * the correct value allows for simulation of MTU, sanity testing the mock
353 * implementation and mocking TCP connections with lower memory cost.
354 */
355int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
356 mbedtls_mock_socket* peer2,
357 size_t bufsize )
358{
359 int ret = -1;
360
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]361 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]362 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
363 if( peer1->output == NULL )
364 {
365 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
366 goto exit;
367 }
368 mbedtls_test_buffer_init( peer1->output );
369 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
370 {
371 goto exit;
372 }
373
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]374 peer2->output =
375 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
376 if( peer2->output == NULL )
377 {
378 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
379 goto exit;
380 }
381 mbedtls_test_buffer_init( peer2->output );
382 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
383 {
384 goto exit;
385 }
386
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]387 peer1->peer = peer2;
388 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]389 peer1->input = peer2->output;
390 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]391
392 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
393 ret = 0;
394
395exit:
396
397 if( ret != 0 )
398 {
399 mbedtls_mock_socket_close( peer1 );
400 mbedtls_mock_socket_close( peer2 );
401 }
402
403 return ret;
404}
405
406/*
407 * Callbacks for simulating blocking I/O over connection-oriented transport.
408 */
409
410int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
411{
412 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
413
414 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
415 return -1;
416
417 return mbedtls_test_buffer_put( socket->output, buf, len );
418}
419
420int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
421{
422 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
423
424 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
425 return -1;
426
427 return mbedtls_test_buffer_get( socket->input, buf, len );
428}
429
430/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]431 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
432 */
433
434int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
435{
436 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
437
438 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
439 return -1;
440
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]441 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]442 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]443 return MBEDTLS_ERR_SSL_WANT_WRITE;
444 }
445
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]446 return mbedtls_test_buffer_put( socket->output, buf, len );
447}
448
449int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
450{
451 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
452
453 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
454 return -1;
455
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]456 if( socket->input->content_length == 0)
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]457 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]458 return MBEDTLS_ERR_SSL_WANT_READ;
459 }
460
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]461 return mbedtls_test_buffer_get( socket->input, buf, len );
462}
463
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]464/* Errors used in the message socket mocks */
465
466#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
467#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
468#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
469
470/*
471 * Structure used as an addon, or a wrapper, around the mocked sockets.
472 * Contains an input queue, to which the other socket pushes metadata,
473 * and an output queue, to which this one pushes metadata. This context is
474 * considered as an owner of the input queue only, which is initialized and
475 * freed in the respective setup and free calls.
476 */
477typedef struct mbedtls_test_message_socket_context
478{
479 mbedtls_test_message_queue* queue_input;
480 mbedtls_test_message_queue* queue_output;
481 mbedtls_mock_socket* socket;
482} mbedtls_test_message_socket_context;
483
484/*
485 * Setup a given mesasge socket context including initialization of
486 * input/output queues to a chosen capacity of messages. Also set the
487 * corresponding mock socket.
488 *
489 * \retval 0, if everything succeeds.
490 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
491 * queue failed.
492 */
493int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
494 mbedtls_test_message_queue* queue_output,
495 size_t queue_capacity,
496 mbedtls_mock_socket* socket,
497 mbedtls_test_message_socket_context* ctx )
498{
499 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
500 if( ret != 0 )
501 return ret;
502 ctx->queue_input = queue_input;
503 ctx->queue_output = queue_output;
504 ctx->socket = socket;
505 mbedtls_mock_socket_init( socket );
506
507 return 0;
508}
509
510/*
511 * Close a given message socket context, along with the socket itself. Free the
512 * memory allocated by the input queue.
513 */
514void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
515{
516 if( ctx == NULL )
517 return;
518
519 mbedtls_test_message_queue_free( ctx->queue_input );
520 mbedtls_mock_socket_close( ctx->socket );
521 memset( ctx, 0, sizeof( *ctx ) );
522}
523
524/*
525 * Send one message through a given message socket context.
526 *
527 * \retval \p len, if everything succeeds.
528 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
529 * elements or the context itself is null.
530 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
531 * \retval MBEDTLS_TEST_ERROR_QUEUE_FULL, if the output queue is full.
532 *
533 * This function will also return any error from
534 * mbedtls_test_message_queue_push_info.
535 */
536int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
537{
538 mbedtls_test_message_queue* queue;
539 mbedtls_mock_socket* socket;
540 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
541
542 if( context == NULL || context->socket == NULL
543 || context->queue_output == NULL )
544 {
545 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
546 }
547
548 queue = context->queue_output;
549 socket = context->socket;
550
551 if( queue->num >= queue->capacity )
552 return MBEDTLS_TEST_ERROR_QUEUE_FULL;
553
554 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
555 return MBEDTLS_TEST_ERROR_SEND_FAILED;
556
557 return mbedtls_test_message_queue_push_info( queue, len );
558}
559
560/*
561 * Receive one message from a given message socket context and return message
562 * length or an error.
563 *
564 * \retval message length, if everything succeeds.
565 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
566 * elements or the context itself is null.
567 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
568 *
569 * This function will also return any error other than
570 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
571 */
572int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
573{
574 mbedtls_test_message_queue* queue;
575 mbedtls_mock_socket* socket;
576 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
577 size_t drop_len;
578 size_t msg_len;
579 int ret;
580
581 if( context == NULL || context->socket == NULL
582 || context->queue_input == NULL )
583 {
584 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
585 }
586
587 queue = context->queue_input;
588 socket = context->socket;
589
590 /* Peek first, so that in case of a socket error the data remains in
591 * the queue. */
592 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
593 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
594 {
595 /* Calculate how much to drop */
596 drop_len = msg_len - buf_len;
597
598 /* Set the requested message len to be buffer length */
599 msg_len = buf_len;
600 } else if( ret != 0 )
601 {
602 return ret;
603 }
604
605 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
606 return MBEDTLS_TEST_ERROR_RECV_FAILED;
607
608 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
609 {
610 /* Drop the remaining part of the message */
611 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
612 {
613 /* Inconsistent state - part of the message was read,
614 * and a part couldn't. Not much we can do here, but it should not
615 * happen in test environment, unless forced manually. */
616 }
617 }
618 mbedtls_test_message_queue_pop_info( queue, buf_len );
619
620 return msg_len;
621}
622
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame^]623#if defined(MBEDTLS_X509_CRT_PARSE_C)
624
625/*
626 * Structure with endpoint's certificates for SSL communication tests.
627 */
628typedef struct mbedtls_endpoint_certificate
629{
630 mbedtls_x509_crt ca_cert;
631 mbedtls_x509_crt cert;
632 mbedtls_x509_crt cert2;
633 mbedtls_pk_context pkey;
634 mbedtls_pk_context pkey2;
635} mbedtls_endpoint_certificate;
636
637/*
638 * Endpoint structure for SSL communication tests.
639 */
640typedef struct mbedtls_endpoint
641{
642 const char *name;
643 mbedtls_ssl_context ssl;
644 mbedtls_ssl_config conf;
645 mbedtls_ctr_drbg_context ctr_drbg;
646 mbedtls_entropy_context entropy;
647 mbedtls_mock_socket socket;
648 mbedtls_endpoint_certificate cert;
649} mbedtls_endpoint;
650
651/*
652 * Initializes \p ep_cert structure and assigns it to endpoint
653 * represented by \p ep.
654 *
655 * \retval 0 on success, otherwise error code.
656 */
657int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep )
658{
659 int i = 0;
660 int ret = -1;
661 mbedtls_endpoint_certificate *cert;
662
663 if( ep == NULL )
664 {
665 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
666 }
667
668 cert = &( ep->cert );
669 mbedtls_x509_crt_init( &( cert->ca_cert ) );
670 mbedtls_x509_crt_init( &( cert->cert ) );
671 mbedtls_x509_crt_init( &( cert->cert2 ) );
672 mbedtls_pk_init( &( cert->pkey ) );
673 mbedtls_pk_init( &( cert->pkey2 ) );
674
675 /* Load the trusted CA */
676
677 for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
678 {
679 ret = mbedtls_x509_crt_parse( &( cert->ca_cert ),
680 (const unsigned char *) mbedtls_test_cas[i],
681 mbedtls_test_cas_len[i] );
682 TEST_ASSERT( ret == 0 );
683 }
684
685 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
686 {
687 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
688 (const unsigned char *) mbedtls_test_cas_der[i],
689 mbedtls_test_cas_der_len[i] );
690 TEST_ASSERT( ret == 0 );
691 }
692
693 /* Load own certificate and private key */
694
695 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
696 {
697 ret = mbedtls_x509_crt_parse( &( cert->cert ),
698 (const unsigned char *) mbedtls_test_srv_crt_rsa,
699 mbedtls_test_srv_crt_rsa_len );
700 TEST_ASSERT( ret == 0 );
701
702 ret = mbedtls_pk_parse_key( &( cert->pkey ),
703 (const unsigned char *) mbedtls_test_srv_key_rsa,
704 mbedtls_test_srv_key_rsa_len, NULL, 0 );
705 TEST_ASSERT( ret == 0 );
706
707 ret = mbedtls_x509_crt_parse( &( cert->cert2 ),
708 (const unsigned char *) mbedtls_test_srv_crt_ec,
709 mbedtls_test_srv_crt_ec_len );
710 TEST_ASSERT( ret == 0 );
711
712 ret = mbedtls_pk_parse_key( &( cert->pkey2 ),
713 (const unsigned char *) mbedtls_test_srv_key_ec,
714 mbedtls_test_srv_key_ec_len, NULL, 0 );
715 TEST_ASSERT( ret == 0 );
716 }
717 else
718 {
719 ret = mbedtls_x509_crt_parse( &( cert->cert ),
720 (const unsigned char *) mbedtls_test_cli_crt,
721 mbedtls_test_cli_crt_len );
722 TEST_ASSERT( ret == 0 );
723
724 ret = mbedtls_pk_parse_key( &( cert->pkey ),
725 (const unsigned char *) mbedtls_test_cli_key,
726 mbedtls_test_cli_key_len, NULL, 0 );
727 TEST_ASSERT( ret == 0 );
728 }
729
730 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
731
732 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ), &( cert->pkey ) );
733 TEST_ASSERT( ret == 0 );
734
735 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
736 {
737 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert2 ), &( cert->pkey2 ) );
738 TEST_ASSERT( ret == 0 );
739 }
740
741exit:
742 if( ret != 0 )
743 {
744 mbedtls_x509_crt_free( &( cert->ca_cert ) );
745 mbedtls_x509_crt_free( &( cert->cert ) );
746 mbedtls_x509_crt_free( &( cert->cert2 ) );
747 mbedtls_pk_free( &( cert->pkey ) );
748 mbedtls_pk_free( &( cert->pkey2 ) );
749 }
750
751 return ret;
752}
753
754/*
755 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
756 * after calling this function even if it fails.
757 *
758 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
759 * MBEDTLS_SSL_IS_CLIENT.
760 *
761 * \retval 0 on success, otherwise error code.
762 */
763int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type )
764{
765 int ret = -1;
766
767 if( ep == NULL )
768 {
769 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
770 }
771
772 memset( ep, 0, sizeof( *ep ) );
773
774 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
775
776 mbedtls_ssl_init( &( ep->ssl ) );
777 mbedtls_ssl_config_init( &( ep->conf ) );
778 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
779 mbedtls_ssl_conf_rng( &( ep->conf ),
780 mbedtls_ctr_drbg_random,
781 &( ep->ctr_drbg ) );
782 mbedtls_entropy_init( &( ep->entropy ) );
783 mbedtls_mock_socket_init( &( ep->socket ) );
784
785 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
786 &( ep->entropy ), (const unsigned char *) ( ep->name ),
787 strlen( ep->name ) );
788 TEST_ASSERT( ret == 0 );
789
790 /* Non-blocking callbacks without timeout */
791 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
792 mbedtls_mock_tcp_send_nb,
793 mbedtls_mock_tcp_recv_nb,
794 NULL );
795
796 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
797 TEST_ASSERT( ret == 0 );
798
799 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
800 MBEDTLS_SSL_TRANSPORT_STREAM,
801 MBEDTLS_SSL_PRESET_DEFAULT );
802 TEST_ASSERT( ret == 0 );
803
804 ret = mbedtls_endpoint_certificate_init( ep );
805 TEST_ASSERT( ret == 0 );
806
807exit:
808 return ret;
809}
810
811/*
812 * Deinitializes certificates from endpoint represented by \p ep.
813 */
814void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
815{
816 mbedtls_endpoint_certificate *cert = &( ep->cert );
817 mbedtls_x509_crt_free( &( cert->ca_cert ) );
818 mbedtls_x509_crt_free( &( cert->cert ) );
819 mbedtls_x509_crt_free( &( cert->cert2 ) );
820 mbedtls_pk_free( &( cert->pkey ) );
821 mbedtls_pk_free( &( cert->pkey2 ) );
822}
823
824/*
825 * Deinitializes endpoint represented by \p ep.
826 */
827void mbedtls_endpoint_free( mbedtls_endpoint *ep )
828{
829 mbedtls_endpoint_certificate_free( ep );
830
831 mbedtls_ssl_free( &( ep->ssl ) );
832 mbedtls_ssl_config_free( &( ep->conf ) );
833 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
834 mbedtls_entropy_free( &( ep->entropy ) );
835 mbedtls_mock_socket_close( &( ep->socket ) );
836}
837
838/*
839 * This function moves ssl handshake from \p ssl to prescribed \p state.
840 * /p second_ssl is used as second endpoint and their sockets have to be
841 * connected before calling this function.
842 *
843 * \retval 0 on success, otherwise error code.
844 */
845int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
846 mbedtls_ssl_context *second_ssl,
847 int state )
848{
849 enum { BUFFSIZE = 1024 };
850 int max_steps = 1000;
851 int ret = 0;
852
853 if( ssl == NULL || second_ssl == NULL )
854 {
855 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
856 }
857
858 /* Perform communication via connected sockets */
859 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
860 {
861 /* If /p second_ssl ends the handshake procedure before /p ssl then
862 * there is no need to call the next step */
863 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
864 {
865 ret = mbedtls_ssl_handshake_step( second_ssl );
866 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
867 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
868 {
869 return ret;
870 }
871 }
872
873 /* We only care about the \p ssl state and returns, so we call it last,
874 * to leave the iteration as soon as the state is as expected. */
875 ret = mbedtls_ssl_handshake_step( ssl );
876 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
877 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
878 {
879 return ret;
880 }
881 }
882
883 return ( max_steps >= 0 ) ? ret : -1;
884}
885
886#endif /* MBEDTLS_X509_CRT_PARSE_C */
887
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]888/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]889 * Helper function setting up inverse record transformations
890 * using given cipher, hash, EtM mode, authentication tag length,
891 * and version.
892 */
893
894#define CHK( x ) \
895 do \
896 { \
897 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]898 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]899 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]900 goto cleanup; \
901 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]902 } while( 0 )
903
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]904#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
905#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
906#else
907#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
908#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]909
910static int build_transforms( mbedtls_ssl_transform *t_in,
911 mbedtls_ssl_transform *t_out,
912 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]913 int etm, int tag_mode, int ver,
914 size_t cid0_len,
915 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]916{
917 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]918 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]919
920 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]921 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]922 unsigned char iv_enc[16], iv_dec[16];
923
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]924#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]925 unsigned char cid0[ SSL_CID_LEN_MIN ];
926 unsigned char cid1[ SSL_CID_LEN_MIN ];
927
928 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
929 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]930#else
931 ((void) cid0_len);
932 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]933#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]934
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]935 maclen = 0;
936
937 /* Pick cipher */
938 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
939 CHK( cipher_info != NULL );
940 CHK( cipher_info->iv_size <= 16 );
941 CHK( cipher_info->key_bitlen % 8 == 0 );
942
943 /* Pick keys */
944 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]945 /* Allocate `keylen + 1` bytes to ensure that we get
946 * a non-NULL pointers from `mbedtls_calloc` even if
947 * `keylen == 0` in the case of the NULL cipher. */
948 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
949 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]950 memset( key0, 0x1, keylen );
951 memset( key1, 0x2, keylen );
952
953 /* Setup cipher contexts */
954 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
955 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
956 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
957 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
958
959#if defined(MBEDTLS_CIPHER_MODE_CBC)
960 if( cipher_info->mode == MBEDTLS_MODE_CBC )
961 {
962 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
963 MBEDTLS_PADDING_NONE ) == 0 );
964 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
965 MBEDTLS_PADDING_NONE ) == 0 );
966 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
967 MBEDTLS_PADDING_NONE ) == 0 );
968 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
969 MBEDTLS_PADDING_NONE ) == 0 );
970 }
971#endif /* MBEDTLS_CIPHER_MODE_CBC */
972
973 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
974 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
975 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
976 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
977 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
978 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
979 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
980 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]981
982 /* Setup MAC contexts */
983#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
984 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
985 cipher_info->mode == MBEDTLS_MODE_STREAM )
986 {
987 mbedtls_md_info_t const *md_info;
988 unsigned char *md0, *md1;
989
990 /* Pick hash */
991 md_info = mbedtls_md_info_from_type( hash_id );
992 CHK( md_info != NULL );
993
994 /* Pick hash keys */
995 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]996 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
997 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]998 memset( md0, 0x5, maclen );
999 memset( md1, 0x6, maclen );
1000
1001 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1002 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1003 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1004 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1005
1006 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
1007 {
1008 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1009 md0, maclen ) == 0 );
1010 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1011 md1, maclen ) == 0 );
1012 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1013 md1, maclen ) == 0 );
1014 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1015 md0, maclen ) == 0 );
1016 }
1017#if defined(MBEDTLS_SSL_PROTO_SSL3)
1018 else
1019 {
1020 memcpy( &t_in->mac_enc, md0, maclen );
1021 memcpy( &t_in->mac_dec, md1, maclen );
1022 memcpy( &t_out->mac_enc, md1, maclen );
1023 memcpy( &t_out->mac_dec, md0, maclen );
1024 }
1025#endif
1026
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1027 mbedtls_free( md0 );
1028 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1029 }
1030#else
1031 ((void) hash_id);
1032#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
1033
1034
1035 /* Pick IV's (regardless of whether they
1036 * are being used by the transform). */
1037 ivlen = cipher_info->iv_size;
1038 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1039 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1040
1041 /*
1042 * Setup transforms
1043 */
1044
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1045#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1046 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1047 t_out->encrypt_then_mac = etm;
1048 t_in->encrypt_then_mac = etm;
1049#else
1050 ((void) etm);
1051#endif
1052
1053 t_out->minor_ver = ver;
1054 t_in->minor_ver = ver;
1055 t_out->ivlen = ivlen;
1056 t_in->ivlen = ivlen;
1057
1058 switch( cipher_info->mode )
1059 {
1060 case MBEDTLS_MODE_GCM:
1061 case MBEDTLS_MODE_CCM:
1062 t_out->fixed_ivlen = 4;
1063 t_in->fixed_ivlen = 4;
1064 t_out->maclen = 0;
1065 t_in->maclen = 0;
1066 switch( tag_mode )
1067 {
1068 case 0: /* Full tag */
1069 t_out->taglen = 16;
1070 t_in->taglen = 16;
1071 break;
1072 case 1: /* Partial tag */
1073 t_out->taglen = 8;
1074 t_in->taglen = 8;
1075 break;
1076 default:
1077 return( 1 );
1078 }
1079 break;
1080
1081 case MBEDTLS_MODE_CHACHAPOLY:
1082 t_out->fixed_ivlen = 12;
1083 t_in->fixed_ivlen = 12;
1084 t_out->maclen = 0;
1085 t_in->maclen = 0;
1086 switch( tag_mode )
1087 {
1088 case 0: /* Full tag */
1089 t_out->taglen = 16;
1090 t_in->taglen = 16;
1091 break;
1092 case 1: /* Partial tag */
1093 t_out->taglen = 8;
1094 t_in->taglen = 8;
1095 break;
1096 default:
1097 return( 1 );
1098 }
1099 break;
1100
1101 case MBEDTLS_MODE_STREAM:
1102 case MBEDTLS_MODE_CBC:
1103 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1104 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1105 t_out->taglen = 0;
1106 t_in->taglen = 0;
1107 switch( tag_mode )
1108 {
1109 case 0: /* Full tag */
1110 t_out->maclen = maclen;
1111 t_in->maclen = maclen;
1112 break;
1113 case 1: /* Partial tag */
1114 t_out->maclen = 10;
1115 t_in->maclen = 10;
1116 break;
1117 default:
1118 return( 1 );
1119 }
1120 break;
1121 default:
1122 return( 1 );
1123 break;
1124 }
1125
1126 /* Setup IV's */
1127
1128 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1129 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1130 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1131 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1132
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1133#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1134 /* Add CID */
1135 memcpy( &t_in->in_cid, cid0, cid0_len );
1136 memcpy( &t_in->out_cid, cid1, cid1_len );
1137 t_in->in_cid_len = cid0_len;
1138 t_in->out_cid_len = cid1_len;
1139 memcpy( &t_out->in_cid, cid1, cid1_len );
1140 memcpy( &t_out->out_cid, cid0, cid0_len );
1141 t_out->in_cid_len = cid1_len;
1142 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1143#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1144
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1145cleanup:
1146
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1147 mbedtls_free( key0 );
1148 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1149
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1150 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1151}
1152
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1153/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1154 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1155 * Choose dummy values, mostly non-0 to distinguish from the init default.
1156 */
1157static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1158 int ticket_len,
1159 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1160{
1161#if defined(MBEDTLS_HAVE_TIME)
1162 session->start = mbedtls_time( NULL ) - 42;
1163#endif
1164 session->ciphersuite = 0xabcd;
1165 session->compression = 1;
1166 session->id_len = sizeof( session->id );
1167 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1168 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1169
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1170#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1171 if( strlen( crt_file ) != 0 )
1172 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1173 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1174 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1175
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1176 mbedtls_x509_crt_init( &tmp_crt );
1177 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1178 if( ret != 0 )
1179 return( ret );
1180
1181#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1182 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1183 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1184 if( session->peer_cert == NULL )
1185 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1186 *session->peer_cert = tmp_crt;
1187 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1188#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1189 /* Calculate digest of temporary CRT. */
1190 session->peer_cert_digest =
1191 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1192 if( session->peer_cert_digest == NULL )
1193 return( -1 );
1194 ret = mbedtls_md( mbedtls_md_info_from_type(
1195 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1196 tmp_crt.raw.p, tmp_crt.raw.len,
1197 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1198 if( ret != 0 )
1199 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1200 session->peer_cert_digest_type =
1201 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1202 session->peer_cert_digest_len =
1203 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1204#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1205
1206 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1207 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1208#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1209 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1210#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1211 session->verify_result = 0xdeadbeef;
1212
1213#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1214 if( ticket_len != 0 )
1215 {
1216 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1217 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1218 return( -1 );
1219 memset( session->ticket, 33, ticket_len );
1220 }
1221 session->ticket_len = ticket_len;
1222 session->ticket_lifetime = 86401;
1223#else
1224 (void) ticket_len;
1225#endif
1226
1227#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1228 session->mfl_code = 1;
1229#endif
1230#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1231 session->trunc_hmac = 1;
1232#endif
1233#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1234 session->encrypt_then_mac = 1;
1235#endif
1236
1237 return( 0 );
1238}
1239
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1240/* END_HEADER */
1241
1242/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1243 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1244 * END_DEPENDENCIES
1245 */
1246
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1247/* BEGIN_CASE */
1248void test_callback_buffer_sanity()
1249{
1250 enum { MSGLEN = 10 };
1251 mbedtls_test_buffer buf;
1252 unsigned char input[MSGLEN];
1253 unsigned char output[MSGLEN];
1254
1255 memset( input, 0, sizeof(input) );
1256
1257 /* Make sure calling put and get on NULL buffer results in error. */
1258 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
1259 == -1 );
1260 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
1261 == -1 );
1262 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1263
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1264 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
1265 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
1266
1267 /* Make sure calling put and get on a buffer that hasn't been set up results
1268 * in eror. */
1269 mbedtls_test_buffer_init( &buf );
1270
1271 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
1272 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
1273 == -1 );
1274 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1275
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1276 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
1277 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
1278
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1279 /* Make sure calling put and get on NULL input only results in
1280 * error if the length is not zero, and that a NULL output is valid for data
1281 * dropping.
1282 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1283
1284 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
1285
1286 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
1287 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1288 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1289 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
1290 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
1291
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]1292 /* Make sure calling put several times in the row is safe */
1293
1294 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
1295 == sizeof( input ) );
1296 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
1297 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
1298 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
1299 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
1300
1301
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1302exit:
1303
1304 mbedtls_test_buffer_free( &buf );
1305}
1306/* END_CASE */
1307
1308/*
1309 * Test if the implementation of `mbedtls_test_buffer` related functions is
1310 * correct and works as expected.
1311 *
1312 * That is
1313 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
1314 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1315 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
1316 * bytes.
1317 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1318 * - All of the bytes we got match the bytes we put in in a FIFO manner.
1319 */
1320
1321/* BEGIN_CASE */
1322void test_callback_buffer( int size, int put1, int put1_ret,
1323 int get1, int get1_ret, int put2, int put2_ret,
1324 int get2, int get2_ret )
1325{
1326 enum { ROUNDS = 2 };
1327 size_t put[ROUNDS];
1328 int put_ret[ROUNDS];
1329 size_t get[ROUNDS];
1330 int get_ret[ROUNDS];
1331 mbedtls_test_buffer buf;
1332 unsigned char* input = NULL;
1333 size_t input_len;
1334 unsigned char* output = NULL;
1335 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1336 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1337
1338 mbedtls_test_buffer_init( &buf );
1339 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
1340
1341 /* Check the sanity of input parameters and initialise local variables. That
1342 * is, ensure that the amount of data is not negative and that we are not
1343 * expecting more to put or get than we actually asked for. */
1344 TEST_ASSERT( put1 >= 0 );
1345 put[0] = put1;
1346 put_ret[0] = put1_ret;
1347 TEST_ASSERT( put1_ret <= put1 );
1348 TEST_ASSERT( put2 >= 0 );
1349 put[1] = put2;
1350 put_ret[1] = put2_ret;
1351 TEST_ASSERT( put2_ret <= put2 );
1352
1353 TEST_ASSERT( get1 >= 0 );
1354 get[0] = get1;
1355 get_ret[0] = get1_ret;
1356 TEST_ASSERT( get1_ret <= get1 );
1357 TEST_ASSERT( get2 >= 0 );
1358 get[1] = get2;
1359 get_ret[1] = get2_ret;
1360 TEST_ASSERT( get2_ret <= get2 );
1361
1362 input_len = 0;
1363 /* Calculate actual input and output lengths */
1364 for( j = 0; j < ROUNDS; j++ )
1365 {
1366 if( put_ret[j] > 0 )
1367 {
1368 input_len += put_ret[j];
1369 }
1370 }
1371 /* In order to always have a valid pointer we always allocate at least 1
1372 * byte. */
1373 if( input_len == 0 )
1374 input_len = 1;
1375 ASSERT_ALLOC( input, input_len );
1376
1377 output_len = 0;
1378 for( j = 0; j < ROUNDS; j++ )
1379 {
1380 if( get_ret[j] > 0 )
1381 {
1382 output_len += get_ret[j];
1383 }
1384 }
1385 TEST_ASSERT( output_len <= input_len );
1386 /* In order to always have a valid pointer we always allocate at least 1
1387 * byte. */
1388 if( output_len == 0 )
1389 output_len = 1;
1390 ASSERT_ALLOC( output, output_len );
1391
1392 /* Fill up the buffer with structured data so that unwanted changes
1393 * can be detected */
1394 for( i = 0; i < input_len; i++ )
1395 {
1396 input[i] = i & 0xFF;
1397 }
1398
1399 written = read = 0;
1400 for( j = 0; j < ROUNDS; j++ )
1401 {
1402 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
1403 input + written, put[j] ) );
1404 written += put_ret[j];
1405 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
1406 output + read, get[j] ) );
1407 read += get_ret[j];
1408 TEST_ASSERT( read <= written );
1409 if( get_ret[j] > 0 )
1410 {
1411 TEST_ASSERT( memcmp( output + read - get_ret[j],
1412 input + read - get_ret[j], get_ret[j] )
1413 == 0 );
1414 }
1415 }
1416
1417exit:
1418
1419 mbedtls_free( input );
1420 mbedtls_free( output );
1421 mbedtls_test_buffer_free( &buf );
1422}
1423/* END_CASE */
1424
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1425/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1426 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
1427 * correct and works as expected on unconnected sockets.
1428 */
1429
1430/* BEGIN_CASE */
1431void ssl_mock_sanity( )
1432{
1433 enum { MSGLEN = 105 };
1434 unsigned char message[MSGLEN];
1435 unsigned char received[MSGLEN];
1436 mbedtls_mock_socket socket;
1437
1438 mbedtls_mock_socket_init( &socket );
1439 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
1440 mbedtls_mock_socket_close( &socket );
1441 mbedtls_mock_socket_init( &socket );
1442 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
1443 mbedtls_mock_socket_close( &socket );
1444
1445 mbedtls_mock_socket_init( &socket );
1446 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
1447 mbedtls_mock_socket_close( &socket );
1448 mbedtls_mock_socket_init( &socket );
1449 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
1450 mbedtls_mock_socket_close( &socket );
1451
1452exit:
1453
1454 mbedtls_mock_socket_close( &socket );
1455}
1456/* END_CASE */
1457
1458/*
1459 * Test if the implementation of `mbedtls_mock_socket` related functions can
1460 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1461 */
1462
1463/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1464void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1465{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1466 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1467 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1468 unsigned char message[MSGLEN];
1469 unsigned char received[MSGLEN];
1470 mbedtls_mock_socket client;
1471 mbedtls_mock_socket server;
1472 size_t written, read;
1473 int send_ret, recv_ret;
1474 mbedtls_ssl_send_t *send;
1475 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1476 unsigned i;
1477
1478 if( blocking == 0 )
1479 {
1480 send = mbedtls_mock_tcp_send_nb;
1481 recv = mbedtls_mock_tcp_recv_nb;
1482 }
1483 else
1484 {
1485 send = mbedtls_mock_tcp_send_b;
1486 recv = mbedtls_mock_tcp_recv_b;
1487 }
1488
1489 mbedtls_mock_socket_init( &client );
1490 mbedtls_mock_socket_init( &server );
1491
1492 /* Fill up the buffer with structured data so that unwanted changes
1493 * can be detected */
1494 for( i = 0; i < MSGLEN; i++ )
1495 {
1496 message[i] = i & 0xFF;
1497 }
1498
1499 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1500 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1501
1502 /* Send the message to the server */
1503 send_ret = recv_ret = 1;
1504 written = read = 0;
1505 while( send_ret != 0 || recv_ret != 0 )
1506 {
1507 send_ret = send( &client, message + written, MSGLEN - written );
1508
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1509 TEST_ASSERT( send_ret >= 0 );
1510 TEST_ASSERT( send_ret <= BUFLEN );
1511 written += send_ret;
1512
1513 /* If the buffer is full we can test blocking and non-blocking send */
1514 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1515 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1516 int blocking_ret = send( &client, message , 1 );
1517 if ( blocking )
1518 {
1519 TEST_ASSERT( blocking_ret == 0 );
1520 }
1521 else
1522 {
1523 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1524 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1525 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1526
1527 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1528
1529 /* The result depends on whether any data was sent */
1530 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1531 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1532 TEST_ASSERT( recv_ret > 0 );
1533 TEST_ASSERT( recv_ret <= BUFLEN );
1534 read += recv_ret;
1535 }
1536 else if( blocking )
1537 {
1538 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1539 }
1540 else
1541 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1542 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
1543 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1544 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1545
1546 /* If the buffer is empty we can test blocking and non-blocking read */
1547 if ( recv_ret == BUFLEN )
1548 {
1549 int blocking_ret = recv( &server, received, 1 );
1550 if ( blocking )
1551 {
1552 TEST_ASSERT( blocking_ret == 0 );
1553 }
1554 else
1555 {
1556 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1557 }
1558 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1559 }
1560 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1561
1562exit:
1563
1564 mbedtls_mock_socket_close( &client );
1565 mbedtls_mock_socket_close( &server );
1566}
1567/* END_CASE */
1568
1569/*
1570 * Test if the implementation of `mbedtls_mock_socket` related functions can
1571 * send messages in both direction at the same time (with the I/O calls
1572 * interleaving).
1573 */
1574
1575/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1576void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1577{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1578 enum { ROUNDS = 2 };
1579 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1580 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1581 unsigned char message[ROUNDS][MSGLEN];
1582 unsigned char received[ROUNDS][MSGLEN];
1583 mbedtls_mock_socket client;
1584 mbedtls_mock_socket server;
1585 size_t written[ROUNDS];
1586 size_t read[ROUNDS];
1587 int send_ret[ROUNDS];
1588 int recv_ret[ROUNDS];
1589 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1590 mbedtls_ssl_send_t *send;
1591 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1592
1593 if( blocking == 0 )
1594 {
1595 send = mbedtls_mock_tcp_send_nb;
1596 recv = mbedtls_mock_tcp_recv_nb;
1597 }
1598 else
1599 {
1600 send = mbedtls_mock_tcp_send_b;
1601 recv = mbedtls_mock_tcp_recv_b;
1602 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1603
1604 mbedtls_mock_socket_init( &client );
1605 mbedtls_mock_socket_init( &server );
1606
1607 /* Fill up the buffers with structured data so that unwanted changes
1608 * can be detected */
1609 for( i = 0; i < ROUNDS; i++ )
1610 {
1611 for( j = 0; j < MSGLEN; j++ )
1612 {
1613 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1614 }
1615 }
1616
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1617 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1618 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1619
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1620 /* Send the message from both sides, interleaving. */
1621 progress = 1;
1622 for( i = 0; i < ROUNDS; i++ )
1623 {
1624 written[i] = 0;
1625 read[i] = 0;
1626 }
1627 /* This loop does not stop as long as there was a successful write or read
1628 * of at least one byte on either side. */
1629 while( progress != 0 )
1630 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1631 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1632
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1633 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1634 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1635 /* First sending is from the client */
1636 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1637
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1638 send_ret[i] = send( socket, message[i] + written[i],
1639 MSGLEN - written[i] );
1640 TEST_ASSERT( send_ret[i] >= 0 );
1641 TEST_ASSERT( send_ret[i] <= BUFLEN );
1642 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1643
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1644 /* If the buffer is full we can test blocking and non-blocking
1645 * send */
1646 if ( send_ret[i] == BUFLEN )
1647 {
1648 int blocking_ret = send( socket, message[i] , 1 );
1649 if ( blocking )
1650 {
1651 TEST_ASSERT( blocking_ret == 0 );
1652 }
1653 else
1654 {
1655 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1656 }
1657 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1658 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1659
1660 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1661 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1662 /* First receiving is from the server */
1663 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
1664
1665 recv_ret[i] = recv( socket, received[i] + read[i],
1666 MSGLEN - read[i] );
1667
1668 /* The result depends on whether any data was sent */
1669 if ( send_ret[i] > 0 )
1670 {
1671 TEST_ASSERT( recv_ret[i] > 0 );
1672 TEST_ASSERT( recv_ret[i] <= BUFLEN );
1673 read[i] += recv_ret[i];
1674 }
1675 else if( blocking )
1676 {
1677 TEST_ASSERT( recv_ret[i] == 0 );
1678 }
1679 else
1680 {
1681 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
1682 recv_ret[i] = 0;
1683 }
1684
1685 /* If the buffer is empty we can test blocking and non-blocking
1686 * read */
1687 if ( recv_ret[i] == BUFLEN )
1688 {
1689 int blocking_ret = recv( socket, received[i], 1 );
1690 if ( blocking )
1691 {
1692 TEST_ASSERT( blocking_ret == 0 );
1693 }
1694 else
1695 {
1696 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1697 }
1698 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1699 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1700
1701 progress = 0;
1702 for( i = 0; i < ROUNDS; i++ )
1703 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1704 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1705 }
1706 }
1707
1708 for( i = 0; i < ROUNDS; i++ )
1709 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1710
1711exit:
1712
1713 mbedtls_mock_socket_close( &client );
1714 mbedtls_mock_socket_close( &server );
1715}
1716/* END_CASE */
1717
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1718/* BEGIN_CASE */
1719void ssl_message_queue_sanity( )
1720{
1721 mbedtls_test_message_queue queue;
1722
1723 /* Trying to push/pull to an empty queue */
1724 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
1725 == MBEDTLS_TEST_ERROR_ARG_NULL );
1726 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
1727 == MBEDTLS_TEST_ERROR_ARG_NULL );
1728
1729 mbedtls_test_message_queue_setup( &queue, 3 );
1730 TEST_ASSERT( queue.capacity == 3 );
1731 TEST_ASSERT( queue.num == 0 );
1732
1733exit:
1734 mbedtls_test_message_queue_free( &queue );
1735}
1736/* END_CASE */
1737
1738/* BEGIN_CASE */
1739void ssl_message_queue_basic( )
1740{
1741 mbedtls_test_message_queue queue;
1742
1743 mbedtls_test_message_queue_setup( &queue, 3 );
1744
1745 /* Sanity test - 3 pushes and 3 pops with sufficient space */
1746 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1747 TEST_ASSERT( queue.capacity == 3 );
1748 TEST_ASSERT( queue.num == 1 );
1749 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1750 TEST_ASSERT( queue.capacity == 3 );
1751 TEST_ASSERT( queue.num == 2 );
1752 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1753 TEST_ASSERT( queue.capacity == 3 );
1754 TEST_ASSERT( queue.num == 3 );
1755
1756 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1757 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1758 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1759
1760exit:
1761 mbedtls_test_message_queue_free( &queue );
1762}
1763/* END_CASE */
1764
1765/* BEGIN_CASE */
1766void ssl_message_queue_overflow_underflow( )
1767{
1768 mbedtls_test_message_queue queue;
1769
1770 mbedtls_test_message_queue_setup( &queue, 3 );
1771
1772 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
1773 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1774 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1775 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1776 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
1777 == MBEDTLS_TEST_ERROR_QUEUE_FULL );
1778
1779 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1780 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1781 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1782
1783 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
1784 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1785
1786exit:
1787 mbedtls_test_message_queue_free( &queue );
1788}
1789/* END_CASE */
1790
1791/* BEGIN_CASE */
1792void ssl_message_queue_interleaved( )
1793{
1794 mbedtls_test_message_queue queue;
1795
1796 mbedtls_test_message_queue_setup( &queue, 3 );
1797
1798 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
1799 * (to wrap around the buffer) */
1800 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1801 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1802
1803 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1804
1805 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1806 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
1807
1808 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1809 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1810
1811 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
1812 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
1813
1814 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
1815
1816 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
1817
1818 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
1819
1820exit:
1821 mbedtls_test_message_queue_free( &queue );
1822}
1823/* END_CASE */
1824
1825/* BEGIN_CASE */
1826void ssl_message_queue_insufficient_buffer( )
1827{
1828 mbedtls_test_message_queue queue;
1829 size_t message_len = 10;
1830 size_t buffer_len = 5;
1831
1832 mbedtls_test_message_queue_setup( &queue, 1 );
1833
1834 /* Popping without a sufficient buffer */
1835 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
1836 == (int) message_len );
1837 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
1838 == (int) buffer_len );
1839exit:
1840 mbedtls_test_message_queue_free( &queue );
1841}
1842/* END_CASE */
1843
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1844/* BEGIN_CASE */
1845void ssl_message_mock_uninitialized( )
1846{
1847 enum { MSGLEN = 10 };
1848 unsigned char message[MSGLEN], received[MSGLEN];
1849 mbedtls_mock_socket client, server;
1850 mbedtls_test_message_queue server_queue, client_queue;
1851 mbedtls_test_message_socket_context server_context, client_context;
1852
1853 /* Send with a NULL context */
1854 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
1855 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1856
1857 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
1858 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1859
1860 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1861 &server,
1862 &server_context ) == 0 );
1863
1864 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1865 &client,
1866 &client_context ) == 0 );
1867
1868 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
1869 == MBEDTLS_TEST_ERROR_SEND_FAILED );
1870
1871 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1872 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1873
1874 /* Push directly to a queue to later simulate a disconnected behavior */
1875 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
1876 == MSGLEN );
1877
1878 /* Test if there's an error when trying to read from a disconnected
1879 * socket */
1880 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1881 == MBEDTLS_TEST_ERROR_RECV_FAILED );
1882 exit:
1883 mbedtls_message_socket_close( &server_context );
1884 mbedtls_message_socket_close( &client_context );
1885}
1886/* END_CASE */
1887
1888/* BEGIN_CASE */
1889void ssl_message_mock_basic( )
1890{
1891 enum { MSGLEN = 10 };
1892 unsigned char message[MSGLEN], received[MSGLEN];
1893 mbedtls_mock_socket client, server;
1894 unsigned i;
1895 mbedtls_test_message_queue server_queue, client_queue;
1896 mbedtls_test_message_socket_context server_context, client_context;
1897
1898 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1899 &server,
1900 &server_context ) == 0 );
1901
1902 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1903 &client,
1904 &client_context ) == 0 );
1905
1906 /* Fill up the buffer with structured data so that unwanted changes
1907 * can be detected */
1908 for( i = 0; i < MSGLEN; i++ )
1909 {
1910 message[i] = i & 0xFF;
1911 }
1912 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1913 MSGLEN ) );
1914
1915 /* Send the message to the server */
1916 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1917 MSGLEN ) == MSGLEN );
1918
1919 /* Read from the server */
1920 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1921 == MSGLEN );
1922
1923 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1924 memset( received, 0, MSGLEN );
1925
1926 /* Send the message to the client */
1927 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
1928 MSGLEN ) == MSGLEN );
1929
1930 /* Read from the client */
1931 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
1932 == MSGLEN );
1933 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1934
1935 exit:
1936 mbedtls_message_socket_close( &server_context );
1937 mbedtls_message_socket_close( &client_context );
1938}
1939/* END_CASE */
1940
1941/* BEGIN_CASE */
1942void ssl_message_mock_queue_overflow_underflow( )
1943{
1944 enum { MSGLEN = 10 };
1945 unsigned char message[MSGLEN], received[MSGLEN];
1946 mbedtls_mock_socket client, server;
1947 unsigned i;
1948 mbedtls_test_message_queue server_queue, client_queue;
1949 mbedtls_test_message_socket_context server_context, client_context;
1950
1951 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
1952 &server,
1953 &server_context ) == 0 );
1954
1955 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
1956 &client,
1957 &client_context ) == 0 );
1958
1959 /* Fill up the buffer with structured data so that unwanted changes
1960 * can be detected */
1961 for( i = 0; i < MSGLEN; i++ )
1962 {
1963 message[i] = i & 0xFF;
1964 }
1965 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1966 MSGLEN*2 ) );
1967
1968 /* Send three message to the server, last one with an error */
1969 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1970 MSGLEN - 1 ) == MSGLEN - 1 );
1971
1972 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1973 MSGLEN ) == MSGLEN );
1974
1975 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1976 MSGLEN )
1977 == MBEDTLS_TEST_ERROR_QUEUE_FULL );
1978
1979 /* Read three messages from the server, last one with an error */
1980 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
1981 MSGLEN - 1 ) == MSGLEN - 1 );
1982
1983 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1984 == MSGLEN );
1985
1986 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1987
1988 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1989 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1990
1991 exit:
1992 mbedtls_message_socket_close( &server_context );
1993 mbedtls_message_socket_close( &client_context );
1994}
1995/* END_CASE */
1996
1997/* BEGIN_CASE */
1998void ssl_message_mock_socket_overflow( )
1999{
2000 enum { MSGLEN = 10 };
2001 unsigned char message[MSGLEN], received[MSGLEN];
2002 mbedtls_mock_socket client, server;
2003 unsigned i;
2004 mbedtls_test_message_queue server_queue, client_queue;
2005 mbedtls_test_message_socket_context server_context, client_context;
2006
2007 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2008 &server,
2009 &server_context ) == 0 );
2010
2011 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2012 &client,
2013 &client_context ) == 0 );
2014
2015 /* Fill up the buffer with structured data so that unwanted changes
2016 * can be detected */
2017 for( i = 0; i < MSGLEN; i++ )
2018 {
2019 message[i] = i & 0xFF;
2020 }
2021 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2022 MSGLEN ) );
2023
2024 /* Send two message to the server, second one with an error */
2025 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2026 MSGLEN ) == MSGLEN );
2027
2028 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2029 MSGLEN )
2030 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2031
2032 /* Read the only message from the server */
2033 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2034 == MSGLEN );
2035
2036 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2037
2038 exit:
2039 mbedtls_message_socket_close( &server_context );
2040 mbedtls_message_socket_close( &client_context );
2041}
2042/* END_CASE */
2043
2044/* BEGIN_CASE */
2045void ssl_message_mock_truncated( )
2046{
2047 enum { MSGLEN = 10 };
2048 unsigned char message[MSGLEN], received[MSGLEN];
2049 mbedtls_mock_socket client, server;
2050 unsigned i;
2051 mbedtls_test_message_queue server_queue, client_queue;
2052 mbedtls_test_message_socket_context server_context, client_context;
2053
2054 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2055 &server,
2056 &server_context ) == 0 );
2057
2058 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2059 &client,
2060 &client_context ) == 0 );
2061
2062 memset( received, 0, MSGLEN );
2063 /* Fill up the buffer with structured data so that unwanted changes
2064 * can be detected */
2065 for( i = 0; i < MSGLEN; i++ )
2066 {
2067 message[i] = i & 0xFF;
2068 }
2069 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2070 2 * MSGLEN ) );
2071
2072 /* Send two messages to the server, the second one small enough to fit in the
2073 * receiver's buffer. */
2074 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2075 MSGLEN ) == MSGLEN );
2076 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2077 MSGLEN / 2 ) == MSGLEN / 2 );
2078 /* Read a truncated message from the server */
2079 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2080 == MSGLEN/2 );
2081
2082 /* Test that the first half of the message is valid, and second one isn't */
2083 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2084 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2085 != 0 );
2086 memset( received, 0, MSGLEN );
2087
2088 /* Read a full message from the server */
2089 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2090 == MSGLEN / 2 );
2091
2092 /* Test that the first half of the message is valid */
2093 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2094
2095 exit:
2096 mbedtls_message_socket_close( &server_context );
2097 mbedtls_message_socket_close( &client_context );
2098}
2099/* END_CASE */
2100
2101/* BEGIN_CASE */
2102void ssl_message_mock_socket_read_error( )
2103{
2104 enum { MSGLEN = 10 };
2105 unsigned char message[MSGLEN], received[MSGLEN];
2106 mbedtls_mock_socket client, server;
2107 unsigned i;
2108 mbedtls_test_message_queue server_queue, client_queue;
2109 mbedtls_test_message_socket_context server_context, client_context;
2110
2111 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2112 &server,
2113 &server_context ) == 0 );
2114
2115 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2116 &client,
2117 &client_context ) == 0 );
2118
2119 /* Fill up the buffer with structured data so that unwanted changes
2120 * can be detected */
2121 for( i = 0; i < MSGLEN; i++ )
2122 {
2123 message[i] = i & 0xFF;
2124 }
2125 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2126 MSGLEN ) );
2127
2128 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2129 MSGLEN ) == MSGLEN );
2130
2131 /* Force a read error by disconnecting the socket by hand */
2132 server.status = 0;
2133 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2134 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2135 /* Return to a valid state */
2136 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2137
2138 memset( received, 0, sizeof( received ) );
2139
2140 /* Test that even though the server tried to read once disconnected, the
2141 * continuity is preserved */
2142 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2143 == MSGLEN );
2144
2145 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2146
2147 exit:
2148 mbedtls_message_socket_close( &server_context );
2149 mbedtls_message_socket_close( &client_context );
2150}
2151/* END_CASE */
2152
2153/* BEGIN_CASE */
2154void ssl_message_mock_interleaved_one_way( )
2155{
2156 enum { MSGLEN = 10 };
2157 unsigned char message[MSGLEN], received[MSGLEN];
2158 mbedtls_mock_socket client, server;
2159 unsigned i;
2160 mbedtls_test_message_queue server_queue, client_queue;
2161 mbedtls_test_message_socket_context server_context, client_context;
2162
2163 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2164 &server,
2165 &server_context ) == 0 );
2166
2167 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2168 &client,
2169 &client_context ) == 0 );
2170
2171 /* Fill up the buffer with structured data so that unwanted changes
2172 * can be detected */
2173 for( i = 0; i < MSGLEN; i++ )
2174 {
2175 message[i] = i & 0xFF;
2176 }
2177 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2178 MSGLEN*3 ) );
2179
2180 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
2181 * (to wrap around the buffer) */
2182 for( i = 0; i < 2; i++ )
2183 {
2184 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2185 MSGLEN ) == MSGLEN );
2186
2187 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2188 MSGLEN ) == MSGLEN );
2189
2190 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2191 MSGLEN ) == MSGLEN );
2192 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2193 memset( received, 0, sizeof( received ) );
2194 }
2195
2196 for( i = 0; i < 2; i++ )
2197 {
2198 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2199 MSGLEN ) == MSGLEN );
2200
2201 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2202 }
2203 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2204 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
2205 exit:
2206 mbedtls_message_socket_close( &server_context );
2207 mbedtls_message_socket_close( &client_context );
2208}
2209/* END_CASE */
2210
2211/* BEGIN_CASE */
2212void ssl_message_mock_interleaved_two_ways( )
2213{
2214 enum { MSGLEN = 10 };
2215 unsigned char message[MSGLEN], received[MSGLEN];
2216 mbedtls_mock_socket client, server;
2217 unsigned i;
2218 mbedtls_test_message_queue server_queue, client_queue;
2219 mbedtls_test_message_socket_context server_context, client_context;
2220
2221 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2222 &server,
2223 &server_context ) == 0 );
2224
2225 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2226 &client,
2227 &client_context ) == 0 );
2228
2229 /* Fill up the buffer with structured data so that unwanted changes
2230 * can be detected */
2231 for( i = 0; i < MSGLEN; i++ )
2232 {
2233 message[i] = i & 0xFF;
2234 }
2235 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2236 MSGLEN*3 ) );
2237
2238 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
2239 * (to wrap around the buffer) both ways. */
2240 for( i = 0; i < 2; i++ )
2241 {
2242 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2243 MSGLEN ) == MSGLEN );
2244
2245 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2246 MSGLEN ) == MSGLEN );
2247
2248 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2249 MSGLEN ) == MSGLEN );
2250
2251 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2252 MSGLEN ) == MSGLEN );
2253
2254 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2255 MSGLEN ) == MSGLEN );
2256
2257 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2258
2259 memset( received, 0, sizeof( received ) );
2260
2261 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2262 MSGLEN ) == MSGLEN );
2263
2264 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2265
2266 memset( received, 0, sizeof( received ) );
2267 }
2268
2269 for( i = 0; i < 2; i++ )
2270 {
2271 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2272 MSGLEN ) == MSGLEN );
2273
2274 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2275 memset( received, 0, sizeof( received ) );
2276
2277 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2278 MSGLEN ) == MSGLEN );
2279
2280 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2281 memset( received, 0, sizeof( received ) );
2282 }
2283
2284 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2285 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
2286
2287 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2288 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
2289 exit:
2290 mbedtls_message_socket_close( &server_context );
2291 mbedtls_message_socket_close( &client_context );
2292}
2293/* END_CASE */
2294
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2295/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]2296void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2297{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2298 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2299 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2300 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2301
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2302 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2303 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2304
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]2305 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
2306 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]2307 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2308 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2309 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2310
2311 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2312 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2313 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2314 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2315 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2316 }
2317
2318 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2319 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2320 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2321
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2322 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2323 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2324}
2325/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]2326
2327/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
2328void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
2329{
2330 mbedtls_ssl_context ssl;
2331 mbedtls_ssl_init( &ssl );
2332
2333 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
2334 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
2335
2336 mbedtls_ssl_free( &ssl );
2337}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]2338/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2339
2340/* BEGIN_CASE */
2341void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2342 int etm, int tag_mode, int ver,
2343 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2344{
2345 /*
2346 * Test several record encryptions and decryptions
2347 * with plenty of space before and after the data
2348 * within the record buffer.
2349 */
2350
2351 int ret;
2352 int num_records = 16;
2353 mbedtls_ssl_context ssl; /* ONLY for debugging */
2354
2355 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2356 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2357 size_t const buflen = 512;
2358 mbedtls_record rec, rec_backup;
2359
2360 mbedtls_ssl_init( &ssl );
2361 mbedtls_ssl_transform_init( &t0 );
2362 mbedtls_ssl_transform_init( &t1 );
2363 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2364 etm, tag_mode, ver,
2365 (size_t) cid0_len,
2366 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2367
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2368 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2369
2370 while( num_records-- > 0 )
2371 {
2372 mbedtls_ssl_transform *t_dec, *t_enc;
2373 /* Take turns in who's sending and who's receiving. */
2374 if( num_records % 3 == 0 )
2375 {
2376 t_dec = &t0;
2377 t_enc = &t1;
2378 }
2379 else
2380 {
2381 t_dec = &t1;
2382 t_enc = &t0;
2383 }
2384
2385 /*
2386 * The record header affects the transformation in two ways:
2387 * 1) It determines the AEAD additional data
2388 * 2) The record counter sometimes determines the IV.
2389 *
2390 * Apart from that, the fields don't have influence.
2391 * In particular, it is currently not the responsibility
2392 * of ssl_encrypt/decrypt_buf to check if the transform
2393 * version matches the record version, or that the
2394 * type is sensible.
2395 */
2396
2397 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
2398 rec.type = 42;
2399 rec.ver[0] = num_records;
2400 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2401#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2402 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2403#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2404
2405 rec.buf = buf;
2406 rec.buf_len = buflen;
2407 rec.data_offset = 16;
2408 /* Make sure to vary the length to exercise different
2409 * paddings. */
2410 rec.data_len = 1 + num_records;
2411
2412 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2413
2414 /* Make a copy for later comparison */
2415 rec_backup = rec;
2416
2417 /* Encrypt record */
2418 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
2419 rnd_std_rand, NULL );
2420 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2421 if( ret != 0 )
2422 {
2423 continue;
2424 }
2425
2426 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2427 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
2428 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2429
2430 /* Compare results */
2431 TEST_ASSERT( rec.type == rec_backup.type );
2432 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2433 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2434 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2435 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2436 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2437 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2438 rec_backup.buf + rec_backup.data_offset,
2439 rec.data_len ) == 0 );
2440 }
2441
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2442exit:
2443
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2444 /* Cleanup */
2445 mbedtls_ssl_free( &ssl );
2446 mbedtls_ssl_transform_free( &t0 );
2447 mbedtls_ssl_transform_free( &t1 );
2448
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2449 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2450}
2451/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2452
2453/* BEGIN_CASE */
2454void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2455 int etm, int tag_mode, int ver,
2456 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2457{
2458 /*
2459 * Test pairs of encryption and decryption with an increasing
2460 * amount of space in the record buffer - in more detail:
2461 * 1) Try to encrypt with 0, 1, 2, ... bytes available
2462 * in front of the plaintext, and expect the encryption
2463 * to succeed starting from some offset. Always keep
2464 * enough space in the end of the buffer.
2465 * 2) Try to encrypt with 0, 1, 2, ... bytes available
2466 * at the end of the plaintext, and expect the encryption
2467 * to succeed starting from some offset. Always keep
2468 * enough space at the beginning of the buffer.
2469 * 3) Try to encrypt with 0, 1, 2, ... bytes available
2470 * both at the front and end of the plaintext,
2471 * and expect the encryption to succeed starting from
2472 * some offset.
2473 *
2474 * If encryption succeeds, check that decryption succeeds
2475 * and yields the original record.
2476 */
2477
2478 mbedtls_ssl_context ssl; /* ONLY for debugging */
2479
2480 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2481 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2482 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2483 mbedtls_record rec, rec_backup;
2484
2485 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2486 int mode; /* Mode 1, 2 or 3 as explained above */
2487 size_t offset; /* Available space at beginning/end/both */
2488 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2489
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2490 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
2491 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2492
2493 int seen_success; /* Indicates if in the current mode we've
2494 * already seen a successful test. */
2495
2496 mbedtls_ssl_init( &ssl );
2497 mbedtls_ssl_transform_init( &t0 );
2498 mbedtls_ssl_transform_init( &t1 );
2499 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2500 etm, tag_mode, ver,
2501 (size_t) cid0_len,
2502 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2503
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2504 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2505
2506 for( mode=1; mode <= 3; mode++ )
2507 {
2508 seen_success = 0;
2509 for( offset=0; offset <= threshold; offset++ )
2510 {
2511 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]2512 t_dec = &t0;
2513 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2514
2515 memset( rec.ctr, offset, sizeof( rec.ctr ) );
2516 rec.type = 42;
2517 rec.ver[0] = offset;
2518 rec.ver[1] = offset;
2519 rec.buf = buf;
2520 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2521#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2522 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2523#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2524
2525 switch( mode )
2526 {
2527 case 1: /* Space in the beginning */
2528 rec.data_offset = offset;
2529 rec.data_len = buflen - offset - default_post_padding;
2530 break;
2531
2532 case 2: /* Space in the end */
2533 rec.data_offset = default_pre_padding;
2534 rec.data_len = buflen - default_pre_padding - offset;
2535 break;
2536
2537 case 3: /* Space in the beginning and end */
2538 rec.data_offset = offset;
2539 rec.data_len = buflen - 2 * offset;
2540 break;
2541
2542 default:
2543 TEST_ASSERT( 0 );
2544 break;
2545 }
2546
2547 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2548
2549 /* Make a copy for later comparison */
2550 rec_backup = rec;
2551
2552 /* Encrypt record */
2553 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
2554
2555 if( ( mode == 1 || mode == 2 ) && seen_success )
2556 {
2557 TEST_ASSERT( ret == 0 );
2558 }
2559 else
2560 {
2561 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2562 if( ret == 0 )
2563 seen_success = 1;
2564 }
2565
2566 if( ret != 0 )
2567 continue;
2568
2569 /* Decrypt record with t_dec */
2570 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
2571
2572 /* Compare results */
2573 TEST_ASSERT( rec.type == rec_backup.type );
2574 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2575 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2576 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2577 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2578 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2579 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2580 rec_backup.buf + rec_backup.data_offset,
2581 rec.data_len ) == 0 );
2582 }
2583
2584 TEST_ASSERT( seen_success == 1 );
2585 }
2586
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2587exit:
2588
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2589 /* Cleanup */
2590 mbedtls_ssl_free( &ssl );
2591 mbedtls_ssl_transform_free( &t0 );
2592 mbedtls_ssl_transform_free( &t1 );
2593
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2594 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2595}
2596/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2597
2598/* BEGIN_CASE */
2599void ssl_tls_prf( int type, data_t * secret, data_t * random,
2600 char *label, data_t *result_hex_str, int exp_ret )
2601{
2602 unsigned char *output;
2603
2604 output = mbedtls_calloc( 1, result_hex_str->len );
2605 if( output == NULL )
2606 goto exit;
2607
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]2608#if defined(MBEDTLS_USE_PSA_CRYPTO)
2609 TEST_ASSERT( psa_crypto_init() == 0 );
2610#endif
2611
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2612 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
2613 label, random->x, random->len,
2614 output, result_hex_str->len ) == exp_ret );
2615
2616 if( exp_ret == 0 )
2617 {
2618 TEST_ASSERT( hexcmp( output, result_hex_str->x,
2619 result_hex_str->len, result_hex_str->len ) == 0 );
2620 }
2621exit:
2622
2623 mbedtls_free( output );
2624}
2625/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2626
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2627/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2628void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2629{
2630 mbedtls_ssl_session original, restored;
2631 unsigned char *buf = NULL;
2632 size_t len;
2633
2634 /*
2635 * Test that a save-load pair is the identity
2636 */
2637
2638 mbedtls_ssl_session_init( &original );
2639 mbedtls_ssl_session_init( &restored );
2640
2641 /* Prepare a dummy session to work on */
2642 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
2643
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2644 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2645 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
2646 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2647 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
2648 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
2649 == 0 );
2650
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2651 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2652 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
2653
2654 /*
2655 * Make sure both session structures are identical
2656 */
2657#if defined(MBEDTLS_HAVE_TIME)
2658 TEST_ASSERT( original.start == restored.start );
2659#endif
2660 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
2661 TEST_ASSERT( original.compression == restored.compression );
2662 TEST_ASSERT( original.id_len == restored.id_len );
2663 TEST_ASSERT( memcmp( original.id,
2664 restored.id, sizeof( original.id ) ) == 0 );
2665 TEST_ASSERT( memcmp( original.master,
2666 restored.master, sizeof( original.master ) ) == 0 );
2667
2668#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2669#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2670 TEST_ASSERT( ( original.peer_cert == NULL ) ==
2671 ( restored.peer_cert == NULL ) );
2672 if( original.peer_cert != NULL )
2673 {
2674 TEST_ASSERT( original.peer_cert->raw.len ==
2675 restored.peer_cert->raw.len );
2676 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
2677 restored.peer_cert->raw.p,
2678 original.peer_cert->raw.len ) == 0 );
2679 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2680#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2681 TEST_ASSERT( original.peer_cert_digest_type ==
2682 restored.peer_cert_digest_type );
2683 TEST_ASSERT( original.peer_cert_digest_len ==
2684 restored.peer_cert_digest_len );
2685 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
2686 ( restored.peer_cert_digest == NULL ) );
2687 if( original.peer_cert_digest != NULL )
2688 {
2689 TEST_ASSERT( memcmp( original.peer_cert_digest,
2690 restored.peer_cert_digest,
2691 original.peer_cert_digest_len ) == 0 );
2692 }
2693#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2694#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2695 TEST_ASSERT( original.verify_result == restored.verify_result );
2696
2697#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2698 TEST_ASSERT( original.ticket_len == restored.ticket_len );
2699 if( original.ticket_len != 0 )
2700 {
2701 TEST_ASSERT( original.ticket != NULL );
2702 TEST_ASSERT( restored.ticket != NULL );
2703 TEST_ASSERT( memcmp( original.ticket,
2704 restored.ticket, original.ticket_len ) == 0 );
2705 }
2706 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
2707#endif
2708
2709#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2710 TEST_ASSERT( original.mfl_code == restored.mfl_code );
2711#endif
2712
2713#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2714 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
2715#endif
2716
2717#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2718 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
2719#endif
2720
2721exit:
2722 mbedtls_ssl_session_free( &original );
2723 mbedtls_ssl_session_free( &restored );
2724 mbedtls_free( buf );
2725}
2726/* END_CASE */
2727
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]2728/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2729void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2730{
2731 mbedtls_ssl_session session;
2732 unsigned char *buf1 = NULL, *buf2 = NULL;
2733 size_t len0, len1, len2;
2734
2735 /*
2736 * Test that a load-save pair is the identity
2737 */
2738
2739 mbedtls_ssl_session_init( &session );
2740
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2741 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2742 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2743
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2744 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2745 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
2746 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2747
2748 /* Allocate first buffer */
2749 buf1 = mbedtls_calloc( 1, len0 );
2750 TEST_ASSERT( buf1 != NULL );
2751
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2752 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2753 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
2754 == 0 );
2755 TEST_ASSERT( len0 == len1 );
2756 mbedtls_ssl_session_free( &session );
2757
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2758 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]2759 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2760
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2761 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2762 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]2763 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2764 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
2765 == 0 );
2766
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2767 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2768 TEST_ASSERT( len1 == len2 );
2769 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
2770
2771exit:
2772 mbedtls_ssl_session_free( &session );
2773 mbedtls_free( buf1 );
2774 mbedtls_free( buf2 );
2775}
2776/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2777
2778/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2779void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2780{
2781 mbedtls_ssl_session session;
2782 unsigned char *buf = NULL;
2783 size_t good_len, bad_len, test_len;
2784
2785 /*
2786 * Test that session_save() fails cleanly on small buffers
2787 */
2788
2789 mbedtls_ssl_session_init( &session );
2790
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2791 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2792 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2793 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2794 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2795
2796 /* Try all possible bad lengths */
2797 for( bad_len = 1; bad_len < good_len; bad_len++ )
2798 {
2799 /* Allocate exact size so that asan/valgrind can detect any overwrite */
2800 mbedtls_free( buf );
2801 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
2802 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
2803 &test_len )
2804 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2805 TEST_ASSERT( test_len == good_len );
2806 }
2807
2808exit:
2809 mbedtls_ssl_session_free( &session );
2810 mbedtls_free( buf );
2811}
2812/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2813
2814/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2815void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2816{
2817 mbedtls_ssl_session session;
2818 unsigned char *good_buf = NULL, *bad_buf = NULL;
2819 size_t good_len, bad_len;
2820
2821 /*
2822 * Test that session_load() fails cleanly on small buffers
2823 */
2824
2825 mbedtls_ssl_session_init( &session );
2826
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2827 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2828 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2829 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2830 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2831 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
2832 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
2833 &good_len ) == 0 );
2834 mbedtls_ssl_session_free( &session );
2835
2836 /* Try all possible bad lengths */
2837 for( bad_len = 0; bad_len < good_len; bad_len++ )
2838 {
2839 /* Allocate exact size so that asan/valgrind can detect any overread */
2840 mbedtls_free( bad_buf );
2841 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
2842 TEST_ASSERT( bad_buf != NULL );
2843 memcpy( bad_buf, good_buf, bad_len );
2844
2845 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
2846 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
2847 }
2848
2849exit:
2850 mbedtls_ssl_session_free( &session );
2851 mbedtls_free( good_buf );
2852 mbedtls_free( bad_buf );
2853}
2854/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2855
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2856/* BEGIN_CASE */
2857void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2858 int corrupt_minor,
2859 int corrupt_patch,
2860 int corrupt_config )
2861{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2862 unsigned char serialized_session[ 2048 ];
2863 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2864 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2865 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2866 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
2867 corrupt_minor == 1,
2868 corrupt_patch == 1,
2869 corrupt_config == 1,
2870 corrupt_config == 1 };
2871
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2872 mbedtls_ssl_session_init( &session );
2873
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2874 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2875 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2876 serialized_session,
2877 sizeof( serialized_session ),
2878 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2879
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2880 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2881
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2882 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2883 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2884 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2885 serialized_session,
2886 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2887 mbedtls_ssl_session_free( &session );
2888
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2889 /* Go through the bytes in the serialized session header and
2890 * corrupt them bit-by-bit. */
2891 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2892 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2893 int cur_bit;
2894 unsigned char * const byte = &serialized_session[ cur_byte ];
2895
2896 if( should_corrupt_byte[ cur_byte ] == 0 )
2897 continue;
2898
2899 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
2900 {
2901 unsigned char const corrupted_bit = 0x1u << cur_bit;
2902 /* Modify a single bit in the serialized session. */
2903 *byte ^= corrupted_bit;
2904
2905 /* Attempt to deserialize */
2906 TEST_ASSERT( mbedtls_ssl_session_load( &session,
2907 serialized_session,
2908 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]2909 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2910
2911 /* Undo the change */
2912 *byte ^= corrupted_bit;
2913 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2914 }
2915
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2916}
2917/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame^]2918
2919/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
2920void mbedtls_endpoint_sanity( int endpoint_type )
2921{
2922 enum { BUFFSIZE = 1024 };
2923 mbedtls_endpoint ep;
2924 int ret = -1;
2925
2926 ret = mbedtls_endpoint_init( NULL, endpoint_type );
2927 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
2928
2929 ret = mbedtls_endpoint_certificate_init( NULL );
2930 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
2931
2932 ret = mbedtls_endpoint_init( &ep, endpoint_type );
2933 TEST_ASSERT( ret == 0 );
2934
2935exit:
2936 mbedtls_endpoint_free( &ep );
2937}
2938/* END_CASE */
2939
2940/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
2941void move_handshake_to_state(int endpoint_type, int state, int need_pass)
2942{
2943 enum { BUFFSIZE = 1024 };
2944 mbedtls_endpoint base_ep, second_ep;
2945 int ret = -1;
2946
2947 ret = mbedtls_endpoint_init( &base_ep, endpoint_type );
2948 TEST_ASSERT( ret == 0 );
2949
2950 ret = mbedtls_endpoint_init( &second_ep,
2951 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
2952 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER );
2953 TEST_ASSERT( ret == 0 );
2954
2955 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
2956 &(second_ep.socket),
2957 BUFFSIZE );
2958 TEST_ASSERT( ret == 0 );
2959
2960 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
2961 &(second_ep.ssl),
2962 state );
2963 if( need_pass )
2964 {
2965 TEST_ASSERT( ret == 0 );
2966 TEST_ASSERT( base_ep.ssl.state == state );
2967 }
2968 else
2969 {
2970 TEST_ASSERT( ret != 0 );
2971 TEST_ASSERT( base_ep.ssl.state != state );
2972 }
2973
2974exit:
2975 mbedtls_endpoint_free( &base_ep );
2976 mbedtls_endpoint_free( &second_ep );
2977}
2978/* END_CASE */