TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 45916ba9165e8d722f194fa049dcca5897ee7bf8 / . / tests / suites / test_suite_ssl.function
blob: 55ab2d6f3ffd0130357bd3adbe2a5a027b134a59 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
6#include <mbedtls/certs.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]7#include <mbedtls/timing.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]8#include <mbedtls/debug.h>
9
10typedef struct log_pattern
11{
12 const char *pattern;
13 size_t counter;
14} log_pattern;
15
16/* This function can be passed to mbedtls to receive output logs from it. In
17 * this case, it will count the instances of a log_pattern in the received
18 * logged messages.
19 */
20void log_analyzer( void *ctx, int level,
21 const char *file, int line,
22 const char *str )
23{
24 log_pattern *p = (log_pattern *) ctx;
25
26 (void) level;
27 (void) line;
28 (void) file;
29
30 if( NULL != p &&
31 NULL != p->pattern &&
32 NULL != strstr( str, p->pattern ) )
33 {
34 p->counter++;
35 }
36}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]37
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]38typedef struct handshake_test_options
39{
40 const char *cipher;
41 int version;
42 int pk_alg;
43 data_t *psk_str;
44 int dtls;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]45 int srv_auth_mode;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]46 int serialize;
47 int mfl;
48 int cli_msg_len;
49 int srv_msg_len;
50 int expected_cli_fragments;
51 int expected_srv_fragments;
52 int renegotiate;
53 int legacy_renegotiation;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]54 void *srv_log_obj;
55 void *cli_log_obj;
56 void (*srv_log_fun)(void *, int, const char *, int, const char *);
57 void (*cli_log_fun)(void *, int, const char *, int, const char *);
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]58} handshake_test_options;
59
60void init_handshake_options( handshake_test_options *opts )
61{
62 opts->cipher = "";
63 opts->version = MBEDTLS_SSL_MINOR_VERSION_3;
64 opts->pk_alg = MBEDTLS_PK_RSA;
65 opts->psk_str = NULL;
66 opts->dtls = 0;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]67 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]68 opts->serialize = 0;
69 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
70 opts->cli_msg_len = 100;
71 opts->srv_msg_len = 100;
72 opts->expected_cli_fragments = 1;
73 opts->expected_srv_fragments = 1;
74 opts->renegotiate = 0;
75 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]76 opts->srv_log_obj = NULL;
77 opts->srv_log_obj = NULL;
78 opts->srv_log_fun = NULL;
79 opts->cli_log_fun = NULL;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]80}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]81/*
82 * Buffer structure for custom I/O callbacks.
83 */
84
85typedef struct mbedtls_test_buffer
86{
87 size_t start;
88 size_t content_length;
89 size_t capacity;
90 unsigned char *buffer;
91} mbedtls_test_buffer;
92
93/*
94 * Initialises \p buf. After calling this function it is safe to call
95 * `mbedtls_test_buffer_free()` on \p buf.
96 */
97void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
98{
99 memset( buf, 0, sizeof( *buf ) );
100}
101
102/*
103 * Sets up \p buf. After calling this function it is safe to call
104 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
105 */
106int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
107{
108 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
109 sizeof(unsigned char) );
110 if( NULL == buf->buffer )
111 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
112 buf->capacity = capacity;
113
114 return 0;
115}
116
117void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
118{
119 if( buf->buffer != NULL )
120 mbedtls_free( buf->buffer );
121
122 memset( buf, 0, sizeof( *buf ) );
123}
124
125/*
126 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
127 *
128 * \p buf must have been initialized and set up by calling
129 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
130 *
131 * \retval \p input_len, if the data fits.
132 * \retval 0 <= value < \p input_len, if the data does not fit.
133 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
134 * zero and \p input is NULL.
135 */
136int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]137 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]138{
139 size_t overflow = 0;
140
141 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
142 return -1;
143
144 /* Reduce input_len to a number that fits in the buffer. */
145 if ( ( buf->content_length + input_len ) > buf->capacity )
146 {
147 input_len = buf->capacity - buf->content_length;
148 }
149
150 if( input == NULL )
151 {
152 return ( input_len == 0 ) ? 0 : -1;
153 }
154
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]155 /* Check if the buffer has not come full circle and free space is not in
156 * the middle */
157 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]158 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]159
160 /* Calculate the number of bytes that need to be placed at lower memory
161 * address */
162 if( buf->start + buf->content_length + input_len
163 > buf->capacity )
164 {
165 overflow = ( buf->start + buf->content_length + input_len )
166 % buf->capacity;
167 }
168
169 memcpy( buf->buffer + buf->start + buf->content_length, input,
170 input_len - overflow );
171 memcpy( buf->buffer, input + input_len - overflow, overflow );
172
173 }
174 else
175 {
176 /* The buffer has come full circle and free space is in the middle */
177 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
178 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]179 }
180
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]181 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]182 return input_len;
183}
184
185/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]186 * Gets \p output_len bytes from the ring buffer \p buf into the
187 * \p output buffer. The output buffer can be NULL, in this case a part of the
188 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]189 *
190 * \p buf must have been initialized and set up by calling
191 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
192 *
193 * \retval \p output_len, if the data is available.
194 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]195 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]196 */
197int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
198 unsigned char* output, size_t output_len )
199{
200 size_t overflow = 0;
201
202 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
203 return -1;
204
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]205 if( output == NULL && output_len == 0 )
206 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]207
208 if( buf->content_length < output_len )
209 output_len = buf->content_length;
210
211 /* Calculate the number of bytes that need to be drawn from lower memory
212 * address */
213 if( buf->start + output_len > buf->capacity )
214 {
215 overflow = ( buf->start + output_len ) % buf->capacity;
216 }
217
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]218 if( output != NULL )
219 {
220 memcpy( output, buf->buffer + buf->start, output_len - overflow );
221 memcpy( output + output_len - overflow, buf->buffer, overflow );
222 }
223
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]224 buf->content_length -= output_len;
225 buf->start = ( buf->start + output_len ) % buf->capacity;
226
227 return output_len;
228}
229
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]230/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]231 * Errors used in the message transport mock tests
232 */
233 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]234 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
235
236/*
237 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
238 */
239typedef struct mbedtls_test_message_queue
240{
241 size_t *messages;
242 int pos;
243 int num;
244 int capacity;
245} mbedtls_test_message_queue;
246
247/*
248 * Setup and free functions for the message metadata queue.
249 *
250 * \p capacity describes the number of message metadata chunks that can be held
251 * within the queue.
252 *
253 * \retval 0, if a metadata queue of a given length can be allocated.
254 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
255 */
256int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
257 size_t capacity )
258{
259 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
260 if( NULL == queue->messages )
261 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
262
263 queue->capacity = capacity;
264 queue->pos = 0;
265 queue->num = 0;
266
267 return 0;
268}
269
270void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
271{
272 if( queue == NULL )
273 return;
274
275 if( queue->messages != NULL )
276 mbedtls_free( queue->messages );
277
278 memset( queue, 0, sizeof( *queue ) );
279}
280
281/*
282 * Push message length information onto the message metadata queue.
283 * This will become the last element to leave it (fifo).
284 *
285 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]286 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]287 * \retval \p len, if the push was successful.
288 */
289int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
290 size_t len )
291{
292 int place;
293 if( queue == NULL )
294 return MBEDTLS_TEST_ERROR_ARG_NULL;
295
296 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]297 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]298
299 place = ( queue->pos + queue->num ) % queue->capacity;
300 queue->messages[place] = len;
301 queue->num++;
302 return len;
303}
304
305/*
306 * Pop information about the next message length from the queue. This will be
307 * the oldest inserted message length(fifo). \p msg_len can be null, in which
308 * case the data will be popped from the queue but not copied anywhere.
309 *
310 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]311 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]312 * \retval message length, if the pop was successful, up to the given
313 \p buf_len.
314 */
315int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
316 size_t buf_len )
317{
318 size_t message_length;
319 if( queue == NULL )
320 return MBEDTLS_TEST_ERROR_ARG_NULL;
321 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]322 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]323
324 message_length = queue->messages[queue->pos];
325 queue->messages[queue->pos] = 0;
326 queue->num--;
327 queue->pos++;
328 queue->pos %= queue->capacity;
329 if( queue->pos < 0 )
330 queue->pos += queue->capacity;
331
332 return ( message_length > buf_len ) ? buf_len : message_length;
333}
334
335/*
336 * Take a peek on the info about the next message length from the queue.
337 * This will be the oldest inserted message length(fifo).
338 *
339 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]340 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]341 * \retval 0, if the peek was successful.
342 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
343 * too small to fit the message. In this case the \p msg_len will be
344 * set to the full message length so that the
345 * caller knows what portion of the message can be dropped.
346 */
347int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
348 size_t buf_len, size_t* msg_len )
349{
350 if( queue == NULL || msg_len == NULL )
351 return MBEDTLS_TEST_ERROR_ARG_NULL;
352 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]353 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]354
355 *msg_len = queue->messages[queue->pos];
356 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
357}
358/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]359 * Context for the I/O callbacks simulating network connection.
360 */
361
362#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
363
364typedef struct mbedtls_mock_socket
365{
366 int status;
367 mbedtls_test_buffer *input;
368 mbedtls_test_buffer *output;
369 struct mbedtls_mock_socket *peer;
370} mbedtls_mock_socket;
371
372/*
373 * Setup and teardown functions for mock sockets.
374 */
375void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
376{
377 memset( socket, 0, sizeof( *socket ) );
378}
379
380/*
381 * Closes the socket \p socket.
382 *
383 * \p socket must have been previously initialized by calling
384 * mbedtls_mock_socket_init().
385 *
386 * This function frees all allocated resources and both sockets are aware of the
387 * new connection state.
388 *
389 * That is, this function does not simulate half-open TCP connections and the
390 * phenomenon that when closing a UDP connection the peer is not aware of the
391 * connection having been closed.
392 */
393void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
394{
395 if( socket == NULL )
396 return;
397
398 if( socket->input != NULL )
399 {
400 mbedtls_test_buffer_free( socket->input );
401 mbedtls_free( socket->input );
402 }
403
404 if( socket->output != NULL )
405 {
406 mbedtls_test_buffer_free( socket->output );
407 mbedtls_free( socket->output );
408 }
409
410 if( socket->peer != NULL )
411 memset( socket->peer, 0, sizeof( *socket->peer ) );
412
413 memset( socket, 0, sizeof( *socket ) );
414}
415
416/*
417 * Establishes a connection between \p peer1 and \p peer2.
418 *
419 * \p peer1 and \p peer2 must have been previously initialized by calling
420 * mbedtls_mock_socket_init().
421 *
422 * The capacites of the internal buffers are set to \p bufsize. Setting this to
423 * the correct value allows for simulation of MTU, sanity testing the mock
424 * implementation and mocking TCP connections with lower memory cost.
425 */
426int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
427 mbedtls_mock_socket* peer2,
428 size_t bufsize )
429{
430 int ret = -1;
431
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]432 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]433 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
434 if( peer1->output == NULL )
435 {
436 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
437 goto exit;
438 }
439 mbedtls_test_buffer_init( peer1->output );
440 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
441 {
442 goto exit;
443 }
444
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]445 peer2->output =
446 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
447 if( peer2->output == NULL )
448 {
449 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
450 goto exit;
451 }
452 mbedtls_test_buffer_init( peer2->output );
453 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
454 {
455 goto exit;
456 }
457
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]458 peer1->peer = peer2;
459 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]460 peer1->input = peer2->output;
461 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]462
463 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
464 ret = 0;
465
466exit:
467
468 if( ret != 0 )
469 {
470 mbedtls_mock_socket_close( peer1 );
471 mbedtls_mock_socket_close( peer2 );
472 }
473
474 return ret;
475}
476
477/*
478 * Callbacks for simulating blocking I/O over connection-oriented transport.
479 */
480
481int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
482{
483 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
484
485 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
486 return -1;
487
488 return mbedtls_test_buffer_put( socket->output, buf, len );
489}
490
491int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
492{
493 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
494
495 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
496 return -1;
497
498 return mbedtls_test_buffer_get( socket->input, buf, len );
499}
500
501/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]502 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
503 */
504
505int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
506{
507 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
508
509 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
510 return -1;
511
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]512 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]513 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]514 return MBEDTLS_ERR_SSL_WANT_WRITE;
515 }
516
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]517 return mbedtls_test_buffer_put( socket->output, buf, len );
518}
519
520int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
521{
522 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
523
524 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
525 return -1;
526
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]527 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]528 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]529 return MBEDTLS_ERR_SSL_WANT_READ;
530 }
531
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]532 return mbedtls_test_buffer_get( socket->input, buf, len );
533}
534
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]535/* Errors used in the message socket mocks */
536
537#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
538#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
539#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
540
541/*
542 * Structure used as an addon, or a wrapper, around the mocked sockets.
543 * Contains an input queue, to which the other socket pushes metadata,
544 * and an output queue, to which this one pushes metadata. This context is
545 * considered as an owner of the input queue only, which is initialized and
546 * freed in the respective setup and free calls.
547 */
548typedef struct mbedtls_test_message_socket_context
549{
550 mbedtls_test_message_queue* queue_input;
551 mbedtls_test_message_queue* queue_output;
552 mbedtls_mock_socket* socket;
553} mbedtls_test_message_socket_context;
554
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]555void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
556{
557 ctx->queue_input = NULL;
558 ctx->queue_output = NULL;
559 ctx->socket = NULL;
560}
561
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]562/*
563 * Setup a given mesasge socket context including initialization of
564 * input/output queues to a chosen capacity of messages. Also set the
565 * corresponding mock socket.
566 *
567 * \retval 0, if everything succeeds.
568 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
569 * queue failed.
570 */
571int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
572 mbedtls_test_message_queue* queue_output,
573 size_t queue_capacity,
574 mbedtls_mock_socket* socket,
575 mbedtls_test_message_socket_context* ctx )
576{
577 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
578 if( ret != 0 )
579 return ret;
580 ctx->queue_input = queue_input;
581 ctx->queue_output = queue_output;
582 ctx->socket = socket;
583 mbedtls_mock_socket_init( socket );
584
585 return 0;
586}
587
588/*
589 * Close a given message socket context, along with the socket itself. Free the
590 * memory allocated by the input queue.
591 */
592void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
593{
594 if( ctx == NULL )
595 return;
596
597 mbedtls_test_message_queue_free( ctx->queue_input );
598 mbedtls_mock_socket_close( ctx->socket );
599 memset( ctx, 0, sizeof( *ctx ) );
600}
601
602/*
603 * Send one message through a given message socket context.
604 *
605 * \retval \p len, if everything succeeds.
606 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
607 * elements or the context itself is null.
608 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]609 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]610 *
611 * This function will also return any error from
612 * mbedtls_test_message_queue_push_info.
613 */
614int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
615{
616 mbedtls_test_message_queue* queue;
617 mbedtls_mock_socket* socket;
618 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
619
620 if( context == NULL || context->socket == NULL
621 || context->queue_output == NULL )
622 {
623 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
624 }
625
626 queue = context->queue_output;
627 socket = context->socket;
628
629 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]630 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]631
632 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
633 return MBEDTLS_TEST_ERROR_SEND_FAILED;
634
635 return mbedtls_test_message_queue_push_info( queue, len );
636}
637
638/*
639 * Receive one message from a given message socket context and return message
640 * length or an error.
641 *
642 * \retval message length, if everything succeeds.
643 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
644 * elements or the context itself is null.
645 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
646 *
647 * This function will also return any error other than
648 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
649 */
650int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
651{
652 mbedtls_test_message_queue* queue;
653 mbedtls_mock_socket* socket;
654 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
655 size_t drop_len;
656 size_t msg_len;
657 int ret;
658
659 if( context == NULL || context->socket == NULL
660 || context->queue_input == NULL )
661 {
662 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
663 }
664
665 queue = context->queue_input;
666 socket = context->socket;
667
668 /* Peek first, so that in case of a socket error the data remains in
669 * the queue. */
670 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
671 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
672 {
673 /* Calculate how much to drop */
674 drop_len = msg_len - buf_len;
675
676 /* Set the requested message len to be buffer length */
677 msg_len = buf_len;
678 } else if( ret != 0 )
679 {
680 return ret;
681 }
682
683 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
684 return MBEDTLS_TEST_ERROR_RECV_FAILED;
685
686 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
687 {
688 /* Drop the remaining part of the message */
689 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
690 {
691 /* Inconsistent state - part of the message was read,
692 * and a part couldn't. Not much we can do here, but it should not
693 * happen in test environment, unless forced manually. */
694 }
695 }
696 mbedtls_test_message_queue_pop_info( queue, buf_len );
697
698 return msg_len;
699}
700
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]701#if defined(MBEDTLS_X509_CRT_PARSE_C)
702
703/*
704 * Structure with endpoint's certificates for SSL communication tests.
705 */
706typedef struct mbedtls_endpoint_certificate
707{
708 mbedtls_x509_crt ca_cert;
709 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]710 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]711} mbedtls_endpoint_certificate;
712
713/*
714 * Endpoint structure for SSL communication tests.
715 */
716typedef struct mbedtls_endpoint
717{
718 const char *name;
719 mbedtls_ssl_context ssl;
720 mbedtls_ssl_config conf;
721 mbedtls_ctr_drbg_context ctr_drbg;
722 mbedtls_entropy_context entropy;
723 mbedtls_mock_socket socket;
724 mbedtls_endpoint_certificate cert;
725} mbedtls_endpoint;
726
727/*
728 * Initializes \p ep_cert structure and assigns it to endpoint
729 * represented by \p ep.
730 *
731 * \retval 0 on success, otherwise error code.
732 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]733int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]734{
735 int i = 0;
736 int ret = -1;
737 mbedtls_endpoint_certificate *cert;
738
739 if( ep == NULL )
740 {
741 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
742 }
743
744 cert = &( ep->cert );
745 mbedtls_x509_crt_init( &( cert->ca_cert ) );
746 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]747 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]748
749 /* Load the trusted CA */
750
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]751 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
752 {
753 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
754 (const unsigned char *) mbedtls_test_cas_der[i],
755 mbedtls_test_cas_der_len[i] );
756 TEST_ASSERT( ret == 0 );
757 }
758
759 /* Load own certificate and private key */
760
761 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
762 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]763 if( pk_alg == MBEDTLS_PK_RSA )
764 {
765 ret = mbedtls_x509_crt_parse( &( cert->cert ),
766 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
767 mbedtls_test_srv_crt_rsa_sha256_der_len );
768 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]769
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]770 ret = mbedtls_pk_parse_key( &( cert->pkey ),
771 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
772 mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
773 TEST_ASSERT( ret == 0 );
774 }
775 else
776 {
777 ret = mbedtls_x509_crt_parse( &( cert->cert ),
778 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
779 mbedtls_test_srv_crt_ec_der_len );
780 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]781
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]782 ret = mbedtls_pk_parse_key( &( cert->pkey ),
783 (const unsigned char*) mbedtls_test_srv_key_ec_der,
784 mbedtls_test_srv_key_ec_der_len, NULL, 0 );
785 TEST_ASSERT( ret == 0 );
786 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]787 }
788 else
789 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]790 if( pk_alg == MBEDTLS_PK_RSA )
791 {
792 ret = mbedtls_x509_crt_parse( &( cert->cert ),
793 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
794 mbedtls_test_cli_crt_rsa_der_len );
795 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]796
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]797 ret = mbedtls_pk_parse_key( &( cert->pkey ),
798 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
799 mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
800 TEST_ASSERT( ret == 0 );
801 }
802 else
803 {
804 ret = mbedtls_x509_crt_parse( &( cert->cert ),
805 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
806 mbedtls_test_cli_crt_ec_len );
807 TEST_ASSERT( ret == 0 );
808
809 ret = mbedtls_pk_parse_key( &( cert->pkey ),
810 (const unsigned char *) mbedtls_test_cli_key_ec_der,
811 mbedtls_test_cli_key_ec_der_len, NULL, 0 );
812 TEST_ASSERT( ret == 0 );
813 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]814 }
815
816 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
817
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]818 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
819 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]820 TEST_ASSERT( ret == 0 );
821
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]822exit:
823 if( ret != 0 )
824 {
825 mbedtls_x509_crt_free( &( cert->ca_cert ) );
826 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]827 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]828 }
829
830 return ret;
831}
832
833/*
834 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
835 * after calling this function even if it fails.
836 *
837 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
838 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]839 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
840 * MBEDTLS_PK_ECDSA are supported.
841 * \p dtls_context - in case of DTLS - this is the context handling metadata.
842 * \p input_queue - used only in case of DTLS.
843 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]844 *
845 * \retval 0 on success, otherwise error code.
846 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]847int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
848 mbedtls_test_message_socket_context *dtls_context,
849 mbedtls_test_message_queue *input_queue,
850 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]851{
852 int ret = -1;
853
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]854 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]855 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]856
857 if( ep == NULL )
858 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]859
860 memset( ep, 0, sizeof( *ep ) );
861
862 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
863
864 mbedtls_ssl_init( &( ep->ssl ) );
865 mbedtls_ssl_config_init( &( ep->conf ) );
866 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
867 mbedtls_ssl_conf_rng( &( ep->conf ),
868 mbedtls_ctr_drbg_random,
869 &( ep->ctr_drbg ) );
870 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]871 if( dtls_context != NULL )
872 {
873 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
874 100, &( ep->socket ),
875 dtls_context ) == 0 );
876 }
877 else
878 {
879 mbedtls_mock_socket_init( &( ep->socket ) );
880 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]881
882 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
883 &( ep->entropy ), (const unsigned char *) ( ep->name ),
884 strlen( ep->name ) );
885 TEST_ASSERT( ret == 0 );
886
887 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]888 if( dtls_context != NULL )
889 {
890 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
891 mbedtls_mock_tcp_send_msg,
892 mbedtls_mock_tcp_recv_msg,
893 NULL );
894 }
895 else
896 {
897 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
898 mbedtls_mock_tcp_send_nb,
899 mbedtls_mock_tcp_recv_nb,
900 NULL );
901 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]902
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]903 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]904 ( dtls_context != NULL ) ?
905 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
906 MBEDTLS_SSL_TRANSPORT_STREAM,
907 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]908 TEST_ASSERT( ret == 0 );
909
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]910 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
911 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]912
913#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
914 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
915 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
916#endif
917
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]918 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]919 TEST_ASSERT( ret == 0 );
920
921exit:
922 return ret;
923}
924
925/*
926 * Deinitializes certificates from endpoint represented by \p ep.
927 */
928void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
929{
930 mbedtls_endpoint_certificate *cert = &( ep->cert );
931 mbedtls_x509_crt_free( &( cert->ca_cert ) );
932 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]933 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]934}
935
936/*
937 * Deinitializes endpoint represented by \p ep.
938 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]939void mbedtls_endpoint_free( mbedtls_endpoint *ep,
940 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]941{
942 mbedtls_endpoint_certificate_free( ep );
943
944 mbedtls_ssl_free( &( ep->ssl ) );
945 mbedtls_ssl_config_free( &( ep->conf ) );
946 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
947 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]948
949 if( context != NULL )
950 {
951 mbedtls_message_socket_close( context );
952 }
953 else
954 {
955 mbedtls_mock_socket_close( &( ep->socket ) );
956 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]957}
958
959/*
960 * This function moves ssl handshake from \p ssl to prescribed \p state.
961 * /p second_ssl is used as second endpoint and their sockets have to be
962 * connected before calling this function.
963 *
964 * \retval 0 on success, otherwise error code.
965 */
966int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
967 mbedtls_ssl_context *second_ssl,
968 int state )
969{
970 enum { BUFFSIZE = 1024 };
971 int max_steps = 1000;
972 int ret = 0;
973
974 if( ssl == NULL || second_ssl == NULL )
975 {
976 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
977 }
978
979 /* Perform communication via connected sockets */
980 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
981 {
982 /* If /p second_ssl ends the handshake procedure before /p ssl then
983 * there is no need to call the next step */
984 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
985 {
986 ret = mbedtls_ssl_handshake_step( second_ssl );
987 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
988 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
989 {
990 return ret;
991 }
992 }
993
994 /* We only care about the \p ssl state and returns, so we call it last,
995 * to leave the iteration as soon as the state is as expected. */
996 ret = mbedtls_ssl_handshake_step( ssl );
997 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
998 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
999 {
1000 return ret;
1001 }
1002 }
1003
1004 return ( max_steps >= 0 ) ? ret : -1;
1005}
1006
1007#endif /* MBEDTLS_X509_CRT_PARSE_C */
1008
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1009/*
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1010 * Write application data. Increase write counter and fragments counter if
1011 * necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1012 */
1013int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1014 int buf_len, int *written,
1015 int *fragments, const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1016{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1017 int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
1018 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1019 {
1020 (*fragments)++;
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1021 *written += ret;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1022 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1023
1024 if( expected_fragments == 0 )
1025 {
1026 /* Used for DTLS and the message size larger than MFL. In that case
1027 * the message can not be fragmented and the library should return
1028 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
1029 * to prevent a dead loop inside mbedtls_exchange_data(). */
1030 return ret;
1031 }
1032 else if( expected_fragments == 1 )
1033 {
1034 /* Used for TLS/DTLS and the message size lower than MFL */
1035 TEST_ASSERT( ret == buf_len ||
1036 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1037 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1038 }
1039 else
1040 {
1041 /* Used for TLS and the message size larger than MFL */
1042 TEST_ASSERT( expected_fragments > 1 );
1043 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1044 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1045 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1046 }
1047
1048 return 0;
1049
1050exit:
1051 /* Some of the tests failed */
1052 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1053}
1054
1055/*
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1056 * Read application data and increase read counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1057 */
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1058int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
1059 int buf_len, int *read,
1060 const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1061{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1062 int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
1063 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1064 {
1065 *read += ret;
1066 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1067
1068 if( expected_fragments == 0 )
1069 {
1070 TEST_ASSERT( ret == 0 );
1071 }
1072 else if( expected_fragments == 1 )
1073 {
1074 TEST_ASSERT( ret == buf_len ||
1075 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1076 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1077 }
1078 else
1079 {
1080 TEST_ASSERT( expected_fragments > 1 );
1081 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1082 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1083 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1084 }
1085
1086 return 0;
1087
1088exit:
1089 /* Some of the tests failed */
1090 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1091}
1092
1093/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1094 * Helper function setting up inverse record transformations
1095 * using given cipher, hash, EtM mode, authentication tag length,
1096 * and version.
1097 */
1098
1099#define CHK( x ) \
1100 do \
1101 { \
1102 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1103 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1104 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1105 goto cleanup; \
1106 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1107 } while( 0 )
1108
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1109void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
1110 int* forced_ciphersuite )
1111{
1112 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1113 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
1114 forced_ciphersuite[1] = 0;
1115
1116 ciphersuite_info =
1117 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
1118
1119 TEST_ASSERT( ciphersuite_info != NULL );
1120 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
1121 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
1122
1123 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
1124 {
1125 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
1126 }
1127 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
1128 {
1129 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
1130 }
1131
1132 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
1133
1134exit:
1135 return;
1136}
1137
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1138int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1139 const unsigned char *name, size_t name_len )
1140{
1141 (void) p_info;
1142 (void) ssl;
1143 (void) name;
1144 (void) name_len;
1145
1146 return ( 0 );
1147}
1148
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1149#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1150#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1151#else
1152#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1153#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1154
1155static int build_transforms( mbedtls_ssl_transform *t_in,
1156 mbedtls_ssl_transform *t_out,
1157 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1158 int etm, int tag_mode, int ver,
1159 size_t cid0_len,
1160 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1161{
1162 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1163 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1164
1165 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1166 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1167 unsigned char iv_enc[16], iv_dec[16];
1168
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1169#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1170 unsigned char cid0[ SSL_CID_LEN_MIN ];
1171 unsigned char cid1[ SSL_CID_LEN_MIN ];
1172
1173 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1174 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1175#else
1176 ((void) cid0_len);
1177 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1178#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1179
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1180 maclen = 0;
1181
1182 /* Pick cipher */
1183 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1184 CHK( cipher_info != NULL );
1185 CHK( cipher_info->iv_size <= 16 );
1186 CHK( cipher_info->key_bitlen % 8 == 0 );
1187
1188 /* Pick keys */
1189 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1190 /* Allocate `keylen + 1` bytes to ensure that we get
1191 * a non-NULL pointers from `mbedtls_calloc` even if
1192 * `keylen == 0` in the case of the NULL cipher. */
1193 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1194 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1195 memset( key0, 0x1, keylen );
1196 memset( key1, 0x2, keylen );
1197
1198 /* Setup cipher contexts */
1199 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1200 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1201 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1202 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1203
1204#if defined(MBEDTLS_CIPHER_MODE_CBC)
1205 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1206 {
1207 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1208 MBEDTLS_PADDING_NONE ) == 0 );
1209 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1210 MBEDTLS_PADDING_NONE ) == 0 );
1211 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1212 MBEDTLS_PADDING_NONE ) == 0 );
1213 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1214 MBEDTLS_PADDING_NONE ) == 0 );
1215 }
1216#endif /* MBEDTLS_CIPHER_MODE_CBC */
1217
1218 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1219 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1220 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1221 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1222 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1223 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1224 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1225 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1226
1227 /* Setup MAC contexts */
1228#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
1229 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1230 cipher_info->mode == MBEDTLS_MODE_STREAM )
1231 {
1232 mbedtls_md_info_t const *md_info;
1233 unsigned char *md0, *md1;
1234
1235 /* Pick hash */
1236 md_info = mbedtls_md_info_from_type( hash_id );
1237 CHK( md_info != NULL );
1238
1239 /* Pick hash keys */
1240 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1241 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1242 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1243 memset( md0, 0x5, maclen );
1244 memset( md1, 0x6, maclen );
1245
1246 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1247 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1248 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1249 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1250
1251 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
1252 {
1253 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1254 md0, maclen ) == 0 );
1255 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1256 md1, maclen ) == 0 );
1257 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1258 md1, maclen ) == 0 );
1259 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1260 md0, maclen ) == 0 );
1261 }
1262#if defined(MBEDTLS_SSL_PROTO_SSL3)
1263 else
1264 {
1265 memcpy( &t_in->mac_enc, md0, maclen );
1266 memcpy( &t_in->mac_dec, md1, maclen );
1267 memcpy( &t_out->mac_enc, md1, maclen );
1268 memcpy( &t_out->mac_dec, md0, maclen );
1269 }
1270#endif
1271
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1272 mbedtls_free( md0 );
1273 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1274 }
1275#else
1276 ((void) hash_id);
1277#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
1278
1279
1280 /* Pick IV's (regardless of whether they
1281 * are being used by the transform). */
1282 ivlen = cipher_info->iv_size;
1283 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1284 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1285
1286 /*
1287 * Setup transforms
1288 */
1289
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1290#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1291 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1292 t_out->encrypt_then_mac = etm;
1293 t_in->encrypt_then_mac = etm;
1294#else
1295 ((void) etm);
1296#endif
1297
1298 t_out->minor_ver = ver;
1299 t_in->minor_ver = ver;
1300 t_out->ivlen = ivlen;
1301 t_in->ivlen = ivlen;
1302
1303 switch( cipher_info->mode )
1304 {
1305 case MBEDTLS_MODE_GCM:
1306 case MBEDTLS_MODE_CCM:
1307 t_out->fixed_ivlen = 4;
1308 t_in->fixed_ivlen = 4;
1309 t_out->maclen = 0;
1310 t_in->maclen = 0;
1311 switch( tag_mode )
1312 {
1313 case 0: /* Full tag */
1314 t_out->taglen = 16;
1315 t_in->taglen = 16;
1316 break;
1317 case 1: /* Partial tag */
1318 t_out->taglen = 8;
1319 t_in->taglen = 8;
1320 break;
1321 default:
1322 return( 1 );
1323 }
1324 break;
1325
1326 case MBEDTLS_MODE_CHACHAPOLY:
1327 t_out->fixed_ivlen = 12;
1328 t_in->fixed_ivlen = 12;
1329 t_out->maclen = 0;
1330 t_in->maclen = 0;
1331 switch( tag_mode )
1332 {
1333 case 0: /* Full tag */
1334 t_out->taglen = 16;
1335 t_in->taglen = 16;
1336 break;
1337 case 1: /* Partial tag */
1338 t_out->taglen = 8;
1339 t_in->taglen = 8;
1340 break;
1341 default:
1342 return( 1 );
1343 }
1344 break;
1345
1346 case MBEDTLS_MODE_STREAM:
1347 case MBEDTLS_MODE_CBC:
1348 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1349 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1350 t_out->taglen = 0;
1351 t_in->taglen = 0;
1352 switch( tag_mode )
1353 {
1354 case 0: /* Full tag */
1355 t_out->maclen = maclen;
1356 t_in->maclen = maclen;
1357 break;
1358 case 1: /* Partial tag */
1359 t_out->maclen = 10;
1360 t_in->maclen = 10;
1361 break;
1362 default:
1363 return( 1 );
1364 }
1365 break;
1366 default:
1367 return( 1 );
1368 break;
1369 }
1370
1371 /* Setup IV's */
1372
1373 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1374 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1375 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1376 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1377
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1378#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1379 /* Add CID */
1380 memcpy( &t_in->in_cid, cid0, cid0_len );
1381 memcpy( &t_in->out_cid, cid1, cid1_len );
1382 t_in->in_cid_len = cid0_len;
1383 t_in->out_cid_len = cid1_len;
1384 memcpy( &t_out->in_cid, cid1, cid1_len );
1385 memcpy( &t_out->out_cid, cid0, cid0_len );
1386 t_out->in_cid_len = cid1_len;
1387 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1388#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1389
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1390cleanup:
1391
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1392 mbedtls_free( key0 );
1393 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1394
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1395 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1396}
1397
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1398/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1399 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1400 * Choose dummy values, mostly non-0 to distinguish from the init default.
1401 */
1402static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1403 int ticket_len,
1404 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1405{
1406#if defined(MBEDTLS_HAVE_TIME)
1407 session->start = mbedtls_time( NULL ) - 42;
1408#endif
1409 session->ciphersuite = 0xabcd;
1410 session->compression = 1;
1411 session->id_len = sizeof( session->id );
1412 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1413 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1414
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1415#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1416 if( strlen( crt_file ) != 0 )
1417 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1418 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1419 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1420
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1421 mbedtls_x509_crt_init( &tmp_crt );
1422 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1423 if( ret != 0 )
1424 return( ret );
1425
1426#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1427 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1428 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1429 if( session->peer_cert == NULL )
1430 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1431 *session->peer_cert = tmp_crt;
1432 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1433#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1434 /* Calculate digest of temporary CRT. */
1435 session->peer_cert_digest =
1436 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1437 if( session->peer_cert_digest == NULL )
1438 return( -1 );
1439 ret = mbedtls_md( mbedtls_md_info_from_type(
1440 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1441 tmp_crt.raw.p, tmp_crt.raw.len,
1442 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1443 if( ret != 0 )
1444 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1445 session->peer_cert_digest_type =
1446 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1447 session->peer_cert_digest_len =
1448 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1449#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1450
1451 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1452 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1453#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1454 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1455#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1456 session->verify_result = 0xdeadbeef;
1457
1458#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1459 if( ticket_len != 0 )
1460 {
1461 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1462 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1463 return( -1 );
1464 memset( session->ticket, 33, ticket_len );
1465 }
1466 session->ticket_len = ticket_len;
1467 session->ticket_lifetime = 86401;
1468#else
1469 (void) ticket_len;
1470#endif
1471
1472#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1473 session->mfl_code = 1;
1474#endif
1475#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1476 session->trunc_hmac = 1;
1477#endif
1478#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1479 session->encrypt_then_mac = 1;
1480#endif
1481
1482 return( 0 );
1483}
1484
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1485/*
1486 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1487 * message was sent in the correct number of fragments.
1488 *
1489 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1490 * of them must be initialized and connected beforehand.
1491 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1492 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1493 * fragments the message should be sent.
1494 * expected_fragments is 0: can be used for DTLS testing while the message
1495 * size is larger than MFL. In that case the message
1496 * cannot be fragmented and sent to the second endpoint.
1497 * This value can be used for negative tests.
1498 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1499 * message size is below MFL
1500 * expected_fragments > 1: can be used for TLS testing while the message
1501 * size is larger than MFL
1502 *
1503 * \retval 0 on success, otherwise error code.
1504 */
1505int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
1506 int msg_len_1, const int expected_fragments_1,
1507 mbedtls_ssl_context *ssl_2,
1508 int msg_len_2, const int expected_fragments_2 )
1509{
1510 unsigned char *msg_buf_1 = malloc( msg_len_1 );
1511 unsigned char *msg_buf_2 = malloc( msg_len_2 );
1512 unsigned char *in_buf_1 = malloc( msg_len_2 );
1513 unsigned char *in_buf_2 = malloc( msg_len_1 );
1514 int msg_type, ret = -1;
1515
1516 /* Perform this test with two message types. At first use a message
1517 * consisting of only 0x00 for the client and only 0xFF for the server.
1518 * At the second time use message with generated data */
1519 for( msg_type = 0; msg_type < 2; msg_type++ )
1520 {
1521 int written_1 = 0;
1522 int written_2 = 0;
1523 int read_1 = 0;
1524 int read_2 = 0;
1525 int fragments_1 = 0;
1526 int fragments_2 = 0;
1527
1528 if( msg_type == 0 )
1529 {
1530 memset( msg_buf_1, 0x00, msg_len_1 );
1531 memset( msg_buf_2, 0xff, msg_len_2 );
1532 }
1533 else
1534 {
1535 int i, j = 0;
1536 for( i = 0; i < msg_len_1; i++ )
1537 {
1538 msg_buf_1[i] = j++ & 0xFF;
1539 }
1540 for( i = 0; i < msg_len_2; i++ )
1541 {
1542 msg_buf_2[i] = ( j -= 5 ) & 0xFF;
1543 }
1544 }
1545
1546 while( read_1 < msg_len_2 || read_2 < msg_len_1 )
1547 {
1548 /* ssl_1 sending */
1549 if( msg_len_1 > written_1 )
1550 {
1551 ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
1552 msg_len_1, &written_1,
1553 &fragments_1,
1554 expected_fragments_1 );
1555 if( expected_fragments_1 == 0 )
1556 {
1557 /* This error is expected when the message is too large and
1558 * cannot be fragmented */
1559 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1560 msg_len_1 = 0;
1561 }
1562 else
1563 {
1564 TEST_ASSERT( ret == 0 );
1565 }
1566 }
1567
1568 /* ssl_2 sending */
1569 if( msg_len_2 > written_2 )
1570 {
1571 ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
1572 msg_len_2, &written_2,
1573 &fragments_2,
1574 expected_fragments_2 );
1575 if( expected_fragments_2 == 0 )
1576 {
1577 /* This error is expected when the message is too large and
1578 * cannot be fragmented */
1579 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1580 msg_len_2 = 0;
1581 }
1582 else
1583 {
1584 TEST_ASSERT( ret == 0 );
1585 }
1586 }
1587
1588 /* ssl_1 reading */
1589 if( read_1 < msg_len_2 )
1590 {
1591 ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
1592 msg_len_2, &read_1,
1593 expected_fragments_1 );
1594 TEST_ASSERT( ret == 0 );
1595 }
1596
1597 /* ssl_2 reading */
1598 if( read_2 < msg_len_1 )
1599 {
1600 ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
1601 msg_len_1, &read_2,
1602 expected_fragments_2 );
1603 TEST_ASSERT( ret == 0 );
1604 }
1605 }
1606
1607 ret = -1;
1608 TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
1609 TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
1610 TEST_ASSERT( fragments_1 == expected_fragments_1 );
1611 TEST_ASSERT( fragments_2 == expected_fragments_2 );
1612 }
1613
1614 ret = 0;
1615
1616exit:
1617 free( msg_buf_1 );
1618 free( in_buf_1 );
1619 free( msg_buf_2 );
1620 free( in_buf_2 );
1621
1622 return ret;
1623}
1624
Piotr Nowicki95e9eb82020-02-14 11:33:34 +0100[diff] [blame]1625/*
1626 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1627 * must be initialized and connected beforehand.
1628 *
1629 * \retval 0 on success, otherwise error code.
1630 */
1631int exchange_data( mbedtls_ssl_context *ssl_1,
1632 mbedtls_ssl_context *ssl_2 )
1633{
1634 return mbedtls_exchange_data( ssl_1, 256, 1,
1635 ssl_2, 256, 1 );
1636}
1637
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1638#if defined(MBEDTLS_X509_CRT_PARSE_C)
1639void perform_handshake( handshake_test_options* options )
1640{
1641 /* forced_ciphersuite needs to last until the end of the handshake */
1642 int forced_ciphersuite[2];
1643 enum { BUFFSIZE = 17000 };
1644 mbedtls_endpoint client, server;
1645#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1646 const char *psk_identity = "foo";
1647#endif
1648#if defined(MBEDTLS_TIMING_C)
1649 mbedtls_timing_delay_context timer_client, timer_server;
1650#endif
1651#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1652 unsigned char *context_buf = NULL;
1653 size_t context_buf_len;
1654#endif
1655#if defined(MBEDTLS_SSL_RENEGOTIATION)
1656 int ret = -1;
1657#endif
1658
1659
1660 mbedtls_test_message_queue server_queue, client_queue;
1661 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]1662 mbedtls_message_socket_init( &server_context );
1663 mbedtls_message_socket_init( &client_context );
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1664
1665 /* Client side */
1666 if( options->dtls != 0 )
1667 {
1668 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1669 options->pk_alg, &client_context,
1670 &client_queue,
1671 &server_queue ) == 0 );
1672#if defined(MBEDTLS_TIMING_C)
1673 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
1674 mbedtls_timing_set_delay,
1675 mbedtls_timing_get_delay );
1676#endif
1677 }
1678 else
1679 {
1680 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1681 options->pk_alg, NULL, NULL,
1682 NULL ) == 0 );
1683 }
1684 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1685 options->version );
1686 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1687 options->version );
1688
1689 if( strlen( options->cipher ) > 0 )
1690 {
1691 set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
1692 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1693
1694#if defined (MBEDTLS_DEBUG_C)
1695 if( options->cli_log_fun )
1696 {
1697 mbedtls_debug_set_threshold( 4 );
1698 mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
1699 options->cli_log_obj );
1700 }
1701#endif
1702
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1703 /* Server side */
1704 if( options->dtls != 0 )
1705 {
1706 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1707 options->pk_alg, &server_context,
1708 &server_queue,
1709 &client_queue) == 0 );
1710#if defined(MBEDTLS_TIMING_C)
1711 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1712 mbedtls_timing_set_delay,
1713 mbedtls_timing_get_delay );
1714#endif
1715 }
1716 else
1717 {
1718 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1719 options->pk_alg, NULL, NULL, NULL ) == 0 );
1720 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1721
1722 mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
1723
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1724 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1725 options->version );
1726#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1727 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
1728 (unsigned char) options->mfl ) == 0 );
1729 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
1730 (unsigned char) options->mfl ) == 0 );
1731#else
1732 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
1733#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1734
1735#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1736 if( options->psk_str != NULL && options->psk_str->len > 0 )
1737 {
1738 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
1739 options->psk_str->len,
1740 (const unsigned char *) psk_identity,
1741 strlen( psk_identity ) ) == 0 );
1742
1743 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
1744 options->psk_str->len,
1745 (const unsigned char *) psk_identity,
1746 strlen( psk_identity ) ) == 0 );
1747
1748 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
1749 }
1750#endif
1751#if defined(MBEDTLS_SSL_RENEGOTIATION)
1752 if( options->renegotiate )
1753 {
1754 mbedtls_ssl_conf_renegotiation( &(server.conf),
1755 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1756 mbedtls_ssl_conf_renegotiation( &(client.conf),
1757 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1758
1759 mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
1760 options->legacy_renegotiation );
1761 mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
1762 options->legacy_renegotiation );
1763 }
1764#endif /* MBEDTLS_SSL_RENEGOTIATION */
1765
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1766#if defined (MBEDTLS_DEBUG_C)
1767 if( options->srv_log_fun )
1768 {
1769 mbedtls_debug_set_threshold( 4 );
1770 mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
1771 options->srv_log_obj );
1772 }
1773#endif
1774
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1775 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
1776 &(server.socket),
1777 BUFFSIZE ) == 0 );
1778
1779 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
1780 &(server.ssl),
1781 MBEDTLS_SSL_HANDSHAKE_OVER )
1782 == 0 );
1783 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1784 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1785
1786 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
1787 {
1788 /* Start data exchanging test */
1789 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
1790 options->expected_cli_fragments,
1791 &(server.ssl), options->srv_msg_len,
1792 options->expected_srv_fragments )
1793 == 0 );
1794 }
1795#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1796 if( options->serialize == 1 )
1797 {
1798 TEST_ASSERT( options->dtls == 1 );
1799
1800 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
1801 0, &context_buf_len )
1802 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1803
1804 context_buf = mbedtls_calloc( 1, context_buf_len );
1805 TEST_ASSERT( context_buf != NULL );
1806
1807 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
1808 context_buf_len,
1809 &context_buf_len ) == 0 );
1810
1811 mbedtls_ssl_free( &(server.ssl) );
1812 mbedtls_ssl_init( &(server.ssl) );
1813
1814 TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
1815
1816 mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
1817 mbedtls_mock_tcp_send_msg,
1818 mbedtls_mock_tcp_recv_msg,
1819 NULL );
1820
1821#if defined(MBEDTLS_TIMING_C)
1822 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1823 mbedtls_timing_set_delay,
1824 mbedtls_timing_get_delay );
1825#endif
1826 TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
1827 context_buf_len ) == 0 );
1828
1829 /* Retest writing/reading */
1830 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
1831 {
1832 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
1833 options->cli_msg_len,
1834 options->expected_cli_fragments,
1835 &(server.ssl),
1836 options->srv_msg_len,
1837 options->expected_srv_fragments )
1838 == 0 );
1839 }
1840 }
1841#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
1842#if defined(MBEDTLS_SSL_RENEGOTIATION)
1843 if( options->renegotiate )
1844 {
1845 /* Start test with renegotiation */
1846 TEST_ASSERT( server.ssl.renego_status ==
1847 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1848 TEST_ASSERT( client.ssl.renego_status ==
1849 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1850
1851 /* After calling this function for the server, it only sends a handshake
1852 * request. All renegotiation should happen during data exchanging */
1853 TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
1854 TEST_ASSERT( server.ssl.renego_status ==
1855 MBEDTLS_SSL_RENEGOTIATION_PENDING );
1856 TEST_ASSERT( client.ssl.renego_status ==
1857 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1858
1859 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
1860 TEST_ASSERT( server.ssl.renego_status ==
1861 MBEDTLS_SSL_RENEGOTIATION_DONE );
1862 TEST_ASSERT( client.ssl.renego_status ==
1863 MBEDTLS_SSL_RENEGOTIATION_DONE );
1864
1865 /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
1866 * should happen inside this function. However in this test, we cannot
1867 * perform simultaneous communication betwen client and server so this
1868 * function will return waiting error on the socket. All rest of
1869 * renegotiation should happen during data exchanging */
1870 ret = mbedtls_ssl_renegotiate( &(client.ssl) );
1871 TEST_ASSERT( ret == 0 ||
1872 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1873 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1874 TEST_ASSERT( server.ssl.renego_status ==
1875 MBEDTLS_SSL_RENEGOTIATION_DONE );
1876 TEST_ASSERT( client.ssl.renego_status ==
1877 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
1878
1879 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
1880 TEST_ASSERT( server.ssl.renego_status ==
1881 MBEDTLS_SSL_RENEGOTIATION_DONE );
1882 TEST_ASSERT( client.ssl.renego_status ==
1883 MBEDTLS_SSL_RENEGOTIATION_DONE );
1884 }
1885#endif /* MBEDTLS_SSL_RENEGOTIATION */
1886
1887exit:
1888 mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
1889 mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1890#if defined (MBEDTLS_DEBUG_C)
1891 if( options->cli_log_fun || options->srv_log_fun )
1892 {
1893 mbedtls_debug_set_threshold( 0 );
1894 }
1895#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1896#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1897 if( context_buf != NULL )
1898 mbedtls_free( context_buf );
1899#endif
1900}
1901#endif /* MBEDTLS_X509_CRT_PARSE_C */
1902
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1903/* END_HEADER */
1904
1905/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1906 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1907 * END_DEPENDENCIES
1908 */
1909
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1910/* BEGIN_CASE */
1911void test_callback_buffer_sanity()
1912{
1913 enum { MSGLEN = 10 };
1914 mbedtls_test_buffer buf;
1915 unsigned char input[MSGLEN];
1916 unsigned char output[MSGLEN];
1917
1918 memset( input, 0, sizeof(input) );
1919
1920 /* Make sure calling put and get on NULL buffer results in error. */
1921 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
1922 == -1 );
1923 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
1924 == -1 );
1925 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1926
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1927 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
1928 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
1929
1930 /* Make sure calling put and get on a buffer that hasn't been set up results
1931 * in eror. */
1932 mbedtls_test_buffer_init( &buf );
1933
1934 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
1935 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
1936 == -1 );
1937 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1938
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1939 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
1940 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
1941
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1942 /* Make sure calling put and get on NULL input only results in
1943 * error if the length is not zero, and that a NULL output is valid for data
1944 * dropping.
1945 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1946
1947 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
1948
1949 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
1950 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1951 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1952 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
1953 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
1954
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]1955 /* Make sure calling put several times in the row is safe */
1956
1957 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
1958 == sizeof( input ) );
1959 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
1960 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
1961 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
1962 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
1963
1964
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1965exit:
1966
1967 mbedtls_test_buffer_free( &buf );
1968}
1969/* END_CASE */
1970
1971/*
1972 * Test if the implementation of `mbedtls_test_buffer` related functions is
1973 * correct and works as expected.
1974 *
1975 * That is
1976 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
1977 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1978 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
1979 * bytes.
1980 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1981 * - All of the bytes we got match the bytes we put in in a FIFO manner.
1982 */
1983
1984/* BEGIN_CASE */
1985void test_callback_buffer( int size, int put1, int put1_ret,
1986 int get1, int get1_ret, int put2, int put2_ret,
1987 int get2, int get2_ret )
1988{
1989 enum { ROUNDS = 2 };
1990 size_t put[ROUNDS];
1991 int put_ret[ROUNDS];
1992 size_t get[ROUNDS];
1993 int get_ret[ROUNDS];
1994 mbedtls_test_buffer buf;
1995 unsigned char* input = NULL;
1996 size_t input_len;
1997 unsigned char* output = NULL;
1998 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1999 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2000
2001 mbedtls_test_buffer_init( &buf );
2002 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
2003
2004 /* Check the sanity of input parameters and initialise local variables. That
2005 * is, ensure that the amount of data is not negative and that we are not
2006 * expecting more to put or get than we actually asked for. */
2007 TEST_ASSERT( put1 >= 0 );
2008 put[0] = put1;
2009 put_ret[0] = put1_ret;
2010 TEST_ASSERT( put1_ret <= put1 );
2011 TEST_ASSERT( put2 >= 0 );
2012 put[1] = put2;
2013 put_ret[1] = put2_ret;
2014 TEST_ASSERT( put2_ret <= put2 );
2015
2016 TEST_ASSERT( get1 >= 0 );
2017 get[0] = get1;
2018 get_ret[0] = get1_ret;
2019 TEST_ASSERT( get1_ret <= get1 );
2020 TEST_ASSERT( get2 >= 0 );
2021 get[1] = get2;
2022 get_ret[1] = get2_ret;
2023 TEST_ASSERT( get2_ret <= get2 );
2024
2025 input_len = 0;
2026 /* Calculate actual input and output lengths */
2027 for( j = 0; j < ROUNDS; j++ )
2028 {
2029 if( put_ret[j] > 0 )
2030 {
2031 input_len += put_ret[j];
2032 }
2033 }
2034 /* In order to always have a valid pointer we always allocate at least 1
2035 * byte. */
2036 if( input_len == 0 )
2037 input_len = 1;
2038 ASSERT_ALLOC( input, input_len );
2039
2040 output_len = 0;
2041 for( j = 0; j < ROUNDS; j++ )
2042 {
2043 if( get_ret[j] > 0 )
2044 {
2045 output_len += get_ret[j];
2046 }
2047 }
2048 TEST_ASSERT( output_len <= input_len );
2049 /* In order to always have a valid pointer we always allocate at least 1
2050 * byte. */
2051 if( output_len == 0 )
2052 output_len = 1;
2053 ASSERT_ALLOC( output, output_len );
2054
2055 /* Fill up the buffer with structured data so that unwanted changes
2056 * can be detected */
2057 for( i = 0; i < input_len; i++ )
2058 {
2059 input[i] = i & 0xFF;
2060 }
2061
2062 written = read = 0;
2063 for( j = 0; j < ROUNDS; j++ )
2064 {
2065 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
2066 input + written, put[j] ) );
2067 written += put_ret[j];
2068 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
2069 output + read, get[j] ) );
2070 read += get_ret[j];
2071 TEST_ASSERT( read <= written );
2072 if( get_ret[j] > 0 )
2073 {
2074 TEST_ASSERT( memcmp( output + read - get_ret[j],
2075 input + read - get_ret[j], get_ret[j] )
2076 == 0 );
2077 }
2078 }
2079
2080exit:
2081
2082 mbedtls_free( input );
2083 mbedtls_free( output );
2084 mbedtls_test_buffer_free( &buf );
2085}
2086/* END_CASE */
2087
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2088/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2089 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
2090 * correct and works as expected on unconnected sockets.
2091 */
2092
2093/* BEGIN_CASE */
2094void ssl_mock_sanity( )
2095{
2096 enum { MSGLEN = 105 };
2097 unsigned char message[MSGLEN];
2098 unsigned char received[MSGLEN];
2099 mbedtls_mock_socket socket;
2100
2101 mbedtls_mock_socket_init( &socket );
2102 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
2103 mbedtls_mock_socket_close( &socket );
2104 mbedtls_mock_socket_init( &socket );
2105 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
2106 mbedtls_mock_socket_close( &socket );
2107
2108 mbedtls_mock_socket_init( &socket );
2109 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
2110 mbedtls_mock_socket_close( &socket );
2111 mbedtls_mock_socket_init( &socket );
2112 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
2113 mbedtls_mock_socket_close( &socket );
2114
2115exit:
2116
2117 mbedtls_mock_socket_close( &socket );
2118}
2119/* END_CASE */
2120
2121/*
2122 * Test if the implementation of `mbedtls_mock_socket` related functions can
2123 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2124 */
2125
2126/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2127void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2128{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2129 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2130 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2131 unsigned char message[MSGLEN];
2132 unsigned char received[MSGLEN];
2133 mbedtls_mock_socket client;
2134 mbedtls_mock_socket server;
2135 size_t written, read;
2136 int send_ret, recv_ret;
2137 mbedtls_ssl_send_t *send;
2138 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2139 unsigned i;
2140
2141 if( blocking == 0 )
2142 {
2143 send = mbedtls_mock_tcp_send_nb;
2144 recv = mbedtls_mock_tcp_recv_nb;
2145 }
2146 else
2147 {
2148 send = mbedtls_mock_tcp_send_b;
2149 recv = mbedtls_mock_tcp_recv_b;
2150 }
2151
2152 mbedtls_mock_socket_init( &client );
2153 mbedtls_mock_socket_init( &server );
2154
2155 /* Fill up the buffer with structured data so that unwanted changes
2156 * can be detected */
2157 for( i = 0; i < MSGLEN; i++ )
2158 {
2159 message[i] = i & 0xFF;
2160 }
2161
2162 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2163 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2164
2165 /* Send the message to the server */
2166 send_ret = recv_ret = 1;
2167 written = read = 0;
2168 while( send_ret != 0 || recv_ret != 0 )
2169 {
2170 send_ret = send( &client, message + written, MSGLEN - written );
2171
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2172 TEST_ASSERT( send_ret >= 0 );
2173 TEST_ASSERT( send_ret <= BUFLEN );
2174 written += send_ret;
2175
2176 /* If the buffer is full we can test blocking and non-blocking send */
2177 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2178 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2179 int blocking_ret = send( &client, message , 1 );
2180 if ( blocking )
2181 {
2182 TEST_ASSERT( blocking_ret == 0 );
2183 }
2184 else
2185 {
2186 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2187 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2188 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2189
2190 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2191
2192 /* The result depends on whether any data was sent */
2193 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2194 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2195 TEST_ASSERT( recv_ret > 0 );
2196 TEST_ASSERT( recv_ret <= BUFLEN );
2197 read += recv_ret;
2198 }
2199 else if( blocking )
2200 {
2201 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2202 }
2203 else
2204 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2205 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
2206 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2207 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2208
2209 /* If the buffer is empty we can test blocking and non-blocking read */
2210 if ( recv_ret == BUFLEN )
2211 {
2212 int blocking_ret = recv( &server, received, 1 );
2213 if ( blocking )
2214 {
2215 TEST_ASSERT( blocking_ret == 0 );
2216 }
2217 else
2218 {
2219 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2220 }
2221 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2222 }
2223 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2224
2225exit:
2226
2227 mbedtls_mock_socket_close( &client );
2228 mbedtls_mock_socket_close( &server );
2229}
2230/* END_CASE */
2231
2232/*
2233 * Test if the implementation of `mbedtls_mock_socket` related functions can
2234 * send messages in both direction at the same time (with the I/O calls
2235 * interleaving).
2236 */
2237
2238/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2239void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2240{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2241 enum { ROUNDS = 2 };
2242 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2243 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2244 unsigned char message[ROUNDS][MSGLEN];
2245 unsigned char received[ROUNDS][MSGLEN];
2246 mbedtls_mock_socket client;
2247 mbedtls_mock_socket server;
2248 size_t written[ROUNDS];
2249 size_t read[ROUNDS];
2250 int send_ret[ROUNDS];
2251 int recv_ret[ROUNDS];
2252 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2253 mbedtls_ssl_send_t *send;
2254 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2255
2256 if( blocking == 0 )
2257 {
2258 send = mbedtls_mock_tcp_send_nb;
2259 recv = mbedtls_mock_tcp_recv_nb;
2260 }
2261 else
2262 {
2263 send = mbedtls_mock_tcp_send_b;
2264 recv = mbedtls_mock_tcp_recv_b;
2265 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2266
2267 mbedtls_mock_socket_init( &client );
2268 mbedtls_mock_socket_init( &server );
2269
2270 /* Fill up the buffers with structured data so that unwanted changes
2271 * can be detected */
2272 for( i = 0; i < ROUNDS; i++ )
2273 {
2274 for( j = 0; j < MSGLEN; j++ )
2275 {
2276 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
2277 }
2278 }
2279
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2280 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2281 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2282
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2283 /* Send the message from both sides, interleaving. */
2284 progress = 1;
2285 for( i = 0; i < ROUNDS; i++ )
2286 {
2287 written[i] = 0;
2288 read[i] = 0;
2289 }
2290 /* This loop does not stop as long as there was a successful write or read
2291 * of at least one byte on either side. */
2292 while( progress != 0 )
2293 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2294 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2295
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2296 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2297 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2298 /* First sending is from the client */
2299 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2300
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2301 send_ret[i] = send( socket, message[i] + written[i],
2302 MSGLEN - written[i] );
2303 TEST_ASSERT( send_ret[i] >= 0 );
2304 TEST_ASSERT( send_ret[i] <= BUFLEN );
2305 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2306
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2307 /* If the buffer is full we can test blocking and non-blocking
2308 * send */
2309 if ( send_ret[i] == BUFLEN )
2310 {
2311 int blocking_ret = send( socket, message[i] , 1 );
2312 if ( blocking )
2313 {
2314 TEST_ASSERT( blocking_ret == 0 );
2315 }
2316 else
2317 {
2318 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2319 }
2320 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2321 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2322
2323 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2324 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2325 /* First receiving is from the server */
2326 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
2327
2328 recv_ret[i] = recv( socket, received[i] + read[i],
2329 MSGLEN - read[i] );
2330
2331 /* The result depends on whether any data was sent */
2332 if ( send_ret[i] > 0 )
2333 {
2334 TEST_ASSERT( recv_ret[i] > 0 );
2335 TEST_ASSERT( recv_ret[i] <= BUFLEN );
2336 read[i] += recv_ret[i];
2337 }
2338 else if( blocking )
2339 {
2340 TEST_ASSERT( recv_ret[i] == 0 );
2341 }
2342 else
2343 {
2344 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
2345 recv_ret[i] = 0;
2346 }
2347
2348 /* If the buffer is empty we can test blocking and non-blocking
2349 * read */
2350 if ( recv_ret[i] == BUFLEN )
2351 {
2352 int blocking_ret = recv( socket, received[i], 1 );
2353 if ( blocking )
2354 {
2355 TEST_ASSERT( blocking_ret == 0 );
2356 }
2357 else
2358 {
2359 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2360 }
2361 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2362 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2363
2364 progress = 0;
2365 for( i = 0; i < ROUNDS; i++ )
2366 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2367 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2368 }
2369 }
2370
2371 for( i = 0; i < ROUNDS; i++ )
2372 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
2373
2374exit:
2375
2376 mbedtls_mock_socket_close( &client );
2377 mbedtls_mock_socket_close( &server );
2378}
2379/* END_CASE */
2380
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2381/* BEGIN_CASE */
2382void ssl_message_queue_sanity( )
2383{
2384 mbedtls_test_message_queue queue;
2385
2386 /* Trying to push/pull to an empty queue */
2387 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
2388 == MBEDTLS_TEST_ERROR_ARG_NULL );
2389 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
2390 == MBEDTLS_TEST_ERROR_ARG_NULL );
2391
2392 mbedtls_test_message_queue_setup( &queue, 3 );
2393 TEST_ASSERT( queue.capacity == 3 );
2394 TEST_ASSERT( queue.num == 0 );
2395
2396exit:
2397 mbedtls_test_message_queue_free( &queue );
2398}
2399/* END_CASE */
2400
2401/* BEGIN_CASE */
2402void ssl_message_queue_basic( )
2403{
2404 mbedtls_test_message_queue queue;
2405
2406 mbedtls_test_message_queue_setup( &queue, 3 );
2407
2408 /* Sanity test - 3 pushes and 3 pops with sufficient space */
2409 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2410 TEST_ASSERT( queue.capacity == 3 );
2411 TEST_ASSERT( queue.num == 1 );
2412 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2413 TEST_ASSERT( queue.capacity == 3 );
2414 TEST_ASSERT( queue.num == 2 );
2415 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2416 TEST_ASSERT( queue.capacity == 3 );
2417 TEST_ASSERT( queue.num == 3 );
2418
2419 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2420 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2421 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2422
2423exit:
2424 mbedtls_test_message_queue_free( &queue );
2425}
2426/* END_CASE */
2427
2428/* BEGIN_CASE */
2429void ssl_message_queue_overflow_underflow( )
2430{
2431 mbedtls_test_message_queue queue;
2432
2433 mbedtls_test_message_queue_setup( &queue, 3 );
2434
2435 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
2436 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2437 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2438 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2439 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2440 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2441
2442 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2443 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2444 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2445
2446 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2447 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2448
2449exit:
2450 mbedtls_test_message_queue_free( &queue );
2451}
2452/* END_CASE */
2453
2454/* BEGIN_CASE */
2455void ssl_message_queue_interleaved( )
2456{
2457 mbedtls_test_message_queue queue;
2458
2459 mbedtls_test_message_queue_setup( &queue, 3 );
2460
2461 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
2462 * (to wrap around the buffer) */
2463 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2464 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2465
2466 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2467
2468 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2469 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
2470
2471 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2472 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2473
2474 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
2475 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
2476
2477 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
2478
2479 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
2480
2481 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
2482
2483exit:
2484 mbedtls_test_message_queue_free( &queue );
2485}
2486/* END_CASE */
2487
2488/* BEGIN_CASE */
2489void ssl_message_queue_insufficient_buffer( )
2490{
2491 mbedtls_test_message_queue queue;
2492 size_t message_len = 10;
2493 size_t buffer_len = 5;
2494
2495 mbedtls_test_message_queue_setup( &queue, 1 );
2496
2497 /* Popping without a sufficient buffer */
2498 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
2499 == (int) message_len );
2500 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
2501 == (int) buffer_len );
2502exit:
2503 mbedtls_test_message_queue_free( &queue );
2504}
2505/* END_CASE */
2506
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2507/* BEGIN_CASE */
2508void ssl_message_mock_uninitialized( )
2509{
2510 enum { MSGLEN = 10 };
2511 unsigned char message[MSGLEN], received[MSGLEN];
2512 mbedtls_mock_socket client, server;
2513 mbedtls_test_message_queue server_queue, client_queue;
2514 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2515 mbedtls_message_socket_init( &server_context );
2516 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2517
2518 /* Send with a NULL context */
2519 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
2520 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2521
2522 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
2523 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2524
2525 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2526 &server,
2527 &server_context ) == 0 );
2528
2529 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2530 &client,
2531 &client_context ) == 0 );
2532
2533 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
2534 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2535
2536 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2537 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2538
2539 /* Push directly to a queue to later simulate a disconnected behavior */
2540 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
2541 == MSGLEN );
2542
2543 /* Test if there's an error when trying to read from a disconnected
2544 * socket */
2545 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2546 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2547 exit:
2548 mbedtls_message_socket_close( &server_context );
2549 mbedtls_message_socket_close( &client_context );
2550}
2551/* END_CASE */
2552
2553/* BEGIN_CASE */
2554void ssl_message_mock_basic( )
2555{
2556 enum { MSGLEN = 10 };
2557 unsigned char message[MSGLEN], received[MSGLEN];
2558 mbedtls_mock_socket client, server;
2559 unsigned i;
2560 mbedtls_test_message_queue server_queue, client_queue;
2561 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2562 mbedtls_message_socket_init( &server_context );
2563 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2564
2565 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2566 &server,
2567 &server_context ) == 0 );
2568
2569 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2570 &client,
2571 &client_context ) == 0 );
2572
2573 /* Fill up the buffer with structured data so that unwanted changes
2574 * can be detected */
2575 for( i = 0; i < MSGLEN; i++ )
2576 {
2577 message[i] = i & 0xFF;
2578 }
2579 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2580 MSGLEN ) );
2581
2582 /* Send the message to the server */
2583 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2584 MSGLEN ) == MSGLEN );
2585
2586 /* Read from the server */
2587 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2588 == MSGLEN );
2589
2590 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2591 memset( received, 0, MSGLEN );
2592
2593 /* Send the message to the client */
2594 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2595 MSGLEN ) == MSGLEN );
2596
2597 /* Read from the client */
2598 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2599 == MSGLEN );
2600 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2601
2602 exit:
2603 mbedtls_message_socket_close( &server_context );
2604 mbedtls_message_socket_close( &client_context );
2605}
2606/* END_CASE */
2607
2608/* BEGIN_CASE */
2609void ssl_message_mock_queue_overflow_underflow( )
2610{
2611 enum { MSGLEN = 10 };
2612 unsigned char message[MSGLEN], received[MSGLEN];
2613 mbedtls_mock_socket client, server;
2614 unsigned i;
2615 mbedtls_test_message_queue server_queue, client_queue;
2616 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2617 mbedtls_message_socket_init( &server_context );
2618 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2619
2620 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2621 &server,
2622 &server_context ) == 0 );
2623
2624 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2625 &client,
2626 &client_context ) == 0 );
2627
2628 /* Fill up the buffer with structured data so that unwanted changes
2629 * can be detected */
2630 for( i = 0; i < MSGLEN; i++ )
2631 {
2632 message[i] = i & 0xFF;
2633 }
2634 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2635 MSGLEN*2 ) );
2636
2637 /* Send three message to the server, last one with an error */
2638 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2639 MSGLEN - 1 ) == MSGLEN - 1 );
2640
2641 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2642 MSGLEN ) == MSGLEN );
2643
2644 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2645 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2646 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2647
2648 /* Read three messages from the server, last one with an error */
2649 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2650 MSGLEN - 1 ) == MSGLEN - 1 );
2651
2652 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2653 == MSGLEN );
2654
2655 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2656
2657 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2658 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2659
2660 exit:
2661 mbedtls_message_socket_close( &server_context );
2662 mbedtls_message_socket_close( &client_context );
2663}
2664/* END_CASE */
2665
2666/* BEGIN_CASE */
2667void ssl_message_mock_socket_overflow( )
2668{
2669 enum { MSGLEN = 10 };
2670 unsigned char message[MSGLEN], received[MSGLEN];
2671 mbedtls_mock_socket client, server;
2672 unsigned i;
2673 mbedtls_test_message_queue server_queue, client_queue;
2674 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2675 mbedtls_message_socket_init( &server_context );
2676 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2677
2678 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2679 &server,
2680 &server_context ) == 0 );
2681
2682 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2683 &client,
2684 &client_context ) == 0 );
2685
2686 /* Fill up the buffer with structured data so that unwanted changes
2687 * can be detected */
2688 for( i = 0; i < MSGLEN; i++ )
2689 {
2690 message[i] = i & 0xFF;
2691 }
2692 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2693 MSGLEN ) );
2694
2695 /* Send two message to the server, second one with an error */
2696 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2697 MSGLEN ) == MSGLEN );
2698
2699 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2700 MSGLEN )
2701 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2702
2703 /* Read the only message from the server */
2704 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2705 == MSGLEN );
2706
2707 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2708
2709 exit:
2710 mbedtls_message_socket_close( &server_context );
2711 mbedtls_message_socket_close( &client_context );
2712}
2713/* END_CASE */
2714
2715/* BEGIN_CASE */
2716void ssl_message_mock_truncated( )
2717{
2718 enum { MSGLEN = 10 };
2719 unsigned char message[MSGLEN], received[MSGLEN];
2720 mbedtls_mock_socket client, server;
2721 unsigned i;
2722 mbedtls_test_message_queue server_queue, client_queue;
2723 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2724 mbedtls_message_socket_init( &server_context );
2725 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2726
2727 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2728 &server,
2729 &server_context ) == 0 );
2730
2731 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2732 &client,
2733 &client_context ) == 0 );
2734
2735 memset( received, 0, MSGLEN );
2736 /* Fill up the buffer with structured data so that unwanted changes
2737 * can be detected */
2738 for( i = 0; i < MSGLEN; i++ )
2739 {
2740 message[i] = i & 0xFF;
2741 }
2742 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2743 2 * MSGLEN ) );
2744
2745 /* Send two messages to the server, the second one small enough to fit in the
2746 * receiver's buffer. */
2747 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2748 MSGLEN ) == MSGLEN );
2749 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2750 MSGLEN / 2 ) == MSGLEN / 2 );
2751 /* Read a truncated message from the server */
2752 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2753 == MSGLEN/2 );
2754
2755 /* Test that the first half of the message is valid, and second one isn't */
2756 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2757 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2758 != 0 );
2759 memset( received, 0, MSGLEN );
2760
2761 /* Read a full message from the server */
2762 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2763 == MSGLEN / 2 );
2764
2765 /* Test that the first half of the message is valid */
2766 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2767
2768 exit:
2769 mbedtls_message_socket_close( &server_context );
2770 mbedtls_message_socket_close( &client_context );
2771}
2772/* END_CASE */
2773
2774/* BEGIN_CASE */
2775void ssl_message_mock_socket_read_error( )
2776{
2777 enum { MSGLEN = 10 };
2778 unsigned char message[MSGLEN], received[MSGLEN];
2779 mbedtls_mock_socket client, server;
2780 unsigned i;
2781 mbedtls_test_message_queue server_queue, client_queue;
2782 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2783 mbedtls_message_socket_init( &server_context );
2784 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2785
2786 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2787 &server,
2788 &server_context ) == 0 );
2789
2790 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2791 &client,
2792 &client_context ) == 0 );
2793
2794 /* Fill up the buffer with structured data so that unwanted changes
2795 * can be detected */
2796 for( i = 0; i < MSGLEN; i++ )
2797 {
2798 message[i] = i & 0xFF;
2799 }
2800 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2801 MSGLEN ) );
2802
2803 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2804 MSGLEN ) == MSGLEN );
2805
2806 /* Force a read error by disconnecting the socket by hand */
2807 server.status = 0;
2808 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2809 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2810 /* Return to a valid state */
2811 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2812
2813 memset( received, 0, sizeof( received ) );
2814
2815 /* Test that even though the server tried to read once disconnected, the
2816 * continuity is preserved */
2817 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2818 == MSGLEN );
2819
2820 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2821
2822 exit:
2823 mbedtls_message_socket_close( &server_context );
2824 mbedtls_message_socket_close( &client_context );
2825}
2826/* END_CASE */
2827
2828/* BEGIN_CASE */
2829void ssl_message_mock_interleaved_one_way( )
2830{
2831 enum { MSGLEN = 10 };
2832 unsigned char message[MSGLEN], received[MSGLEN];
2833 mbedtls_mock_socket client, server;
2834 unsigned i;
2835 mbedtls_test_message_queue server_queue, client_queue;
2836 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2837 mbedtls_message_socket_init( &server_context );
2838 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2839
2840 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2841 &server,
2842 &server_context ) == 0 );
2843
2844 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2845 &client,
2846 &client_context ) == 0 );
2847
2848 /* Fill up the buffer with structured data so that unwanted changes
2849 * can be detected */
2850 for( i = 0; i < MSGLEN; i++ )
2851 {
2852 message[i] = i & 0xFF;
2853 }
2854 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2855 MSGLEN*3 ) );
2856
2857 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
2858 * (to wrap around the buffer) */
2859 for( i = 0; i < 2; i++ )
2860 {
2861 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2862 MSGLEN ) == MSGLEN );
2863
2864 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2865 MSGLEN ) == MSGLEN );
2866
2867 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2868 MSGLEN ) == MSGLEN );
2869 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2870 memset( received, 0, sizeof( received ) );
2871 }
2872
2873 for( i = 0; i < 2; i++ )
2874 {
2875 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2876 MSGLEN ) == MSGLEN );
2877
2878 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2879 }
2880 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2881 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2882 exit:
2883 mbedtls_message_socket_close( &server_context );
2884 mbedtls_message_socket_close( &client_context );
2885}
2886/* END_CASE */
2887
2888/* BEGIN_CASE */
2889void ssl_message_mock_interleaved_two_ways( )
2890{
2891 enum { MSGLEN = 10 };
2892 unsigned char message[MSGLEN], received[MSGLEN];
2893 mbedtls_mock_socket client, server;
2894 unsigned i;
2895 mbedtls_test_message_queue server_queue, client_queue;
2896 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame^]2897 mbedtls_message_socket_init( &server_context );
2898 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2899
2900 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2901 &server,
2902 &server_context ) == 0 );
2903
2904 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2905 &client,
2906 &client_context ) == 0 );
2907
2908 /* Fill up the buffer with structured data so that unwanted changes
2909 * can be detected */
2910 for( i = 0; i < MSGLEN; i++ )
2911 {
2912 message[i] = i & 0xFF;
2913 }
2914 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2915 MSGLEN*3 ) );
2916
2917 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
2918 * (to wrap around the buffer) both ways. */
2919 for( i = 0; i < 2; i++ )
2920 {
2921 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2922 MSGLEN ) == MSGLEN );
2923
2924 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2925 MSGLEN ) == MSGLEN );
2926
2927 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2928 MSGLEN ) == MSGLEN );
2929
2930 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2931 MSGLEN ) == MSGLEN );
2932
2933 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2934 MSGLEN ) == MSGLEN );
2935
2936 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2937
2938 memset( received, 0, sizeof( received ) );
2939
2940 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2941 MSGLEN ) == MSGLEN );
2942
2943 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2944
2945 memset( received, 0, sizeof( received ) );
2946 }
2947
2948 for( i = 0; i < 2; i++ )
2949 {
2950 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2951 MSGLEN ) == MSGLEN );
2952
2953 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2954 memset( received, 0, sizeof( received ) );
2955
2956 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2957 MSGLEN ) == MSGLEN );
2958
2959 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2960 memset( received, 0, sizeof( received ) );
2961 }
2962
2963 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2964 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2965
2966 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2967 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2968 exit:
2969 mbedtls_message_socket_close( &server_context );
2970 mbedtls_message_socket_close( &client_context );
2971}
2972/* END_CASE */
2973
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2974/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]2975void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2976{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2977 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2978 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2979 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2980
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2981 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2982 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2983
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]2984 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
2985 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]2986 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2987 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2988 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2989
2990 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2991 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2992 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2993 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2994 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2995 }
2996
2997 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2998 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2999 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3000
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3001 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3002 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3003}
3004/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]3005
3006/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
3007void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
3008{
3009 mbedtls_ssl_context ssl;
3010 mbedtls_ssl_init( &ssl );
3011
3012 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
3013 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
3014
3015 mbedtls_ssl_free( &ssl );
3016}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]3017/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3018
3019/* BEGIN_CASE */
3020void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3021 int etm, int tag_mode, int ver,
3022 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3023{
3024 /*
3025 * Test several record encryptions and decryptions
3026 * with plenty of space before and after the data
3027 * within the record buffer.
3028 */
3029
3030 int ret;
3031 int num_records = 16;
3032 mbedtls_ssl_context ssl; /* ONLY for debugging */
3033
3034 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3035 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3036 size_t const buflen = 512;
3037 mbedtls_record rec, rec_backup;
3038
3039 mbedtls_ssl_init( &ssl );
3040 mbedtls_ssl_transform_init( &t0 );
3041 mbedtls_ssl_transform_init( &t1 );
3042 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3043 etm, tag_mode, ver,
3044 (size_t) cid0_len,
3045 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3046
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3047 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3048
3049 while( num_records-- > 0 )
3050 {
3051 mbedtls_ssl_transform *t_dec, *t_enc;
3052 /* Take turns in who's sending and who's receiving. */
3053 if( num_records % 3 == 0 )
3054 {
3055 t_dec = &t0;
3056 t_enc = &t1;
3057 }
3058 else
3059 {
3060 t_dec = &t1;
3061 t_enc = &t0;
3062 }
3063
3064 /*
3065 * The record header affects the transformation in two ways:
3066 * 1) It determines the AEAD additional data
3067 * 2) The record counter sometimes determines the IV.
3068 *
3069 * Apart from that, the fields don't have influence.
3070 * In particular, it is currently not the responsibility
3071 * of ssl_encrypt/decrypt_buf to check if the transform
3072 * version matches the record version, or that the
3073 * type is sensible.
3074 */
3075
3076 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
3077 rec.type = 42;
3078 rec.ver[0] = num_records;
3079 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3080#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3081 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3082#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3083
3084 rec.buf = buf;
3085 rec.buf_len = buflen;
3086 rec.data_offset = 16;
3087 /* Make sure to vary the length to exercise different
3088 * paddings. */
3089 rec.data_len = 1 + num_records;
3090
3091 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3092
3093 /* Make a copy for later comparison */
3094 rec_backup = rec;
3095
3096 /* Encrypt record */
3097 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
3098 rnd_std_rand, NULL );
3099 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3100 if( ret != 0 )
3101 {
3102 continue;
3103 }
3104
3105 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3106 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
3107 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3108
3109 /* Compare results */
3110 TEST_ASSERT( rec.type == rec_backup.type );
3111 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3112 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3113 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3114 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3115 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3116 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3117 rec_backup.buf + rec_backup.data_offset,
3118 rec.data_len ) == 0 );
3119 }
3120
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3121exit:
3122
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3123 /* Cleanup */
3124 mbedtls_ssl_free( &ssl );
3125 mbedtls_ssl_transform_free( &t0 );
3126 mbedtls_ssl_transform_free( &t1 );
3127
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3128 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3129}
3130/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3131
3132/* BEGIN_CASE */
3133void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3134 int etm, int tag_mode, int ver,
3135 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3136{
3137 /*
3138 * Test pairs of encryption and decryption with an increasing
3139 * amount of space in the record buffer - in more detail:
3140 * 1) Try to encrypt with 0, 1, 2, ... bytes available
3141 * in front of the plaintext, and expect the encryption
3142 * to succeed starting from some offset. Always keep
3143 * enough space in the end of the buffer.
3144 * 2) Try to encrypt with 0, 1, 2, ... bytes available
3145 * at the end of the plaintext, and expect the encryption
3146 * to succeed starting from some offset. Always keep
3147 * enough space at the beginning of the buffer.
3148 * 3) Try to encrypt with 0, 1, 2, ... bytes available
3149 * both at the front and end of the plaintext,
3150 * and expect the encryption to succeed starting from
3151 * some offset.
3152 *
3153 * If encryption succeeds, check that decryption succeeds
3154 * and yields the original record.
3155 */
3156
3157 mbedtls_ssl_context ssl; /* ONLY for debugging */
3158
3159 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3160 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3161 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3162 mbedtls_record rec, rec_backup;
3163
3164 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3165 int mode; /* Mode 1, 2 or 3 as explained above */
3166 size_t offset; /* Available space at beginning/end/both */
3167 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3168
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3169 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
3170 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3171
3172 int seen_success; /* Indicates if in the current mode we've
3173 * already seen a successful test. */
3174
3175 mbedtls_ssl_init( &ssl );
3176 mbedtls_ssl_transform_init( &t0 );
3177 mbedtls_ssl_transform_init( &t1 );
3178 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3179 etm, tag_mode, ver,
3180 (size_t) cid0_len,
3181 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3182
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3183 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3184
3185 for( mode=1; mode <= 3; mode++ )
3186 {
3187 seen_success = 0;
3188 for( offset=0; offset <= threshold; offset++ )
3189 {
3190 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]3191 t_dec = &t0;
3192 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3193
3194 memset( rec.ctr, offset, sizeof( rec.ctr ) );
3195 rec.type = 42;
3196 rec.ver[0] = offset;
3197 rec.ver[1] = offset;
3198 rec.buf = buf;
3199 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3200#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3201 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3202#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3203
3204 switch( mode )
3205 {
3206 case 1: /* Space in the beginning */
3207 rec.data_offset = offset;
3208 rec.data_len = buflen - offset - default_post_padding;
3209 break;
3210
3211 case 2: /* Space in the end */
3212 rec.data_offset = default_pre_padding;
3213 rec.data_len = buflen - default_pre_padding - offset;
3214 break;
3215
3216 case 3: /* Space in the beginning and end */
3217 rec.data_offset = offset;
3218 rec.data_len = buflen - 2 * offset;
3219 break;
3220
3221 default:
3222 TEST_ASSERT( 0 );
3223 break;
3224 }
3225
3226 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3227
3228 /* Make a copy for later comparison */
3229 rec_backup = rec;
3230
3231 /* Encrypt record */
3232 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
3233
3234 if( ( mode == 1 || mode == 2 ) && seen_success )
3235 {
3236 TEST_ASSERT( ret == 0 );
3237 }
3238 else
3239 {
3240 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3241 if( ret == 0 )
3242 seen_success = 1;
3243 }
3244
3245 if( ret != 0 )
3246 continue;
3247
3248 /* Decrypt record with t_dec */
3249 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
3250
3251 /* Compare results */
3252 TEST_ASSERT( rec.type == rec_backup.type );
3253 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3254 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3255 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3256 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3257 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3258 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3259 rec_backup.buf + rec_backup.data_offset,
3260 rec.data_len ) == 0 );
3261 }
3262
3263 TEST_ASSERT( seen_success == 1 );
3264 }
3265
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3266exit:
3267
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3268 /* Cleanup */
3269 mbedtls_ssl_free( &ssl );
3270 mbedtls_ssl_transform_free( &t0 );
3271 mbedtls_ssl_transform_free( &t1 );
3272
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3273 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3274}
3275/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3276
3277/* BEGIN_CASE */
3278void ssl_tls_prf( int type, data_t * secret, data_t * random,
3279 char *label, data_t *result_hex_str, int exp_ret )
3280{
3281 unsigned char *output;
3282
3283 output = mbedtls_calloc( 1, result_hex_str->len );
3284 if( output == NULL )
3285 goto exit;
3286
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]3287#if defined(MBEDTLS_USE_PSA_CRYPTO)
3288 TEST_ASSERT( psa_crypto_init() == 0 );
3289#endif
3290
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3291 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
3292 label, random->x, random->len,
3293 output, result_hex_str->len ) == exp_ret );
3294
3295 if( exp_ret == 0 )
3296 {
3297 TEST_ASSERT( hexcmp( output, result_hex_str->x,
3298 result_hex_str->len, result_hex_str->len ) == 0 );
3299 }
3300exit:
3301
3302 mbedtls_free( output );
3303}
3304/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3305
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3306/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3307void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3308{
3309 mbedtls_ssl_session original, restored;
3310 unsigned char *buf = NULL;
3311 size_t len;
3312
3313 /*
3314 * Test that a save-load pair is the identity
3315 */
3316
3317 mbedtls_ssl_session_init( &original );
3318 mbedtls_ssl_session_init( &restored );
3319
3320 /* Prepare a dummy session to work on */
3321 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
3322
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3323 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3324 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
3325 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3326 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
3327 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
3328 == 0 );
3329
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3330 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3331 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
3332
3333 /*
3334 * Make sure both session structures are identical
3335 */
3336#if defined(MBEDTLS_HAVE_TIME)
3337 TEST_ASSERT( original.start == restored.start );
3338#endif
3339 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
3340 TEST_ASSERT( original.compression == restored.compression );
3341 TEST_ASSERT( original.id_len == restored.id_len );
3342 TEST_ASSERT( memcmp( original.id,
3343 restored.id, sizeof( original.id ) ) == 0 );
3344 TEST_ASSERT( memcmp( original.master,
3345 restored.master, sizeof( original.master ) ) == 0 );
3346
3347#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]3348#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3349 TEST_ASSERT( ( original.peer_cert == NULL ) ==
3350 ( restored.peer_cert == NULL ) );
3351 if( original.peer_cert != NULL )
3352 {
3353 TEST_ASSERT( original.peer_cert->raw.len ==
3354 restored.peer_cert->raw.len );
3355 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
3356 restored.peer_cert->raw.p,
3357 original.peer_cert->raw.len ) == 0 );
3358 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]3359#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
3360 TEST_ASSERT( original.peer_cert_digest_type ==
3361 restored.peer_cert_digest_type );
3362 TEST_ASSERT( original.peer_cert_digest_len ==
3363 restored.peer_cert_digest_len );
3364 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
3365 ( restored.peer_cert_digest == NULL ) );
3366 if( original.peer_cert_digest != NULL )
3367 {
3368 TEST_ASSERT( memcmp( original.peer_cert_digest,
3369 restored.peer_cert_digest,
3370 original.peer_cert_digest_len ) == 0 );
3371 }
3372#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
3373#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3374 TEST_ASSERT( original.verify_result == restored.verify_result );
3375
3376#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
3377 TEST_ASSERT( original.ticket_len == restored.ticket_len );
3378 if( original.ticket_len != 0 )
3379 {
3380 TEST_ASSERT( original.ticket != NULL );
3381 TEST_ASSERT( restored.ticket != NULL );
3382 TEST_ASSERT( memcmp( original.ticket,
3383 restored.ticket, original.ticket_len ) == 0 );
3384 }
3385 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
3386#endif
3387
3388#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3389 TEST_ASSERT( original.mfl_code == restored.mfl_code );
3390#endif
3391
3392#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
3393 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
3394#endif
3395
3396#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
3397 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
3398#endif
3399
3400exit:
3401 mbedtls_ssl_session_free( &original );
3402 mbedtls_ssl_session_free( &restored );
3403 mbedtls_free( buf );
3404}
3405/* END_CASE */
3406
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]3407/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3408void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3409{
3410 mbedtls_ssl_session session;
3411 unsigned char *buf1 = NULL, *buf2 = NULL;
3412 size_t len0, len1, len2;
3413
3414 /*
3415 * Test that a load-save pair is the identity
3416 */
3417
3418 mbedtls_ssl_session_init( &session );
3419
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]3420 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3421 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]3422
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3423 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3424 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
3425 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3426
3427 /* Allocate first buffer */
3428 buf1 = mbedtls_calloc( 1, len0 );
3429 TEST_ASSERT( buf1 != NULL );
3430
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3431 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3432 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
3433 == 0 );
3434 TEST_ASSERT( len0 == len1 );
3435 mbedtls_ssl_session_free( &session );
3436
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3437 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]3438 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3439
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3440 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3441 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]3442 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3443 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
3444 == 0 );
3445
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3446 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3447 TEST_ASSERT( len1 == len2 );
3448 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
3449
3450exit:
3451 mbedtls_ssl_session_free( &session );
3452 mbedtls_free( buf1 );
3453 mbedtls_free( buf2 );
3454}
3455/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]3456
3457/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3458void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]3459{
3460 mbedtls_ssl_session session;
3461 unsigned char *buf = NULL;
3462 size_t good_len, bad_len, test_len;
3463
3464 /*
3465 * Test that session_save() fails cleanly on small buffers
3466 */
3467
3468 mbedtls_ssl_session_init( &session );
3469
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3470 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3471 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]3472 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
3473 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3474
3475 /* Try all possible bad lengths */
3476 for( bad_len = 1; bad_len < good_len; bad_len++ )
3477 {
3478 /* Allocate exact size so that asan/valgrind can detect any overwrite */
3479 mbedtls_free( buf );
3480 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
3481 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
3482 &test_len )
3483 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3484 TEST_ASSERT( test_len == good_len );
3485 }
3486
3487exit:
3488 mbedtls_ssl_session_free( &session );
3489 mbedtls_free( buf );
3490}
3491/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]3492
3493/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3494void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]3495{
3496 mbedtls_ssl_session session;
3497 unsigned char *good_buf = NULL, *bad_buf = NULL;
3498 size_t good_len, bad_len;
3499
3500 /*
3501 * Test that session_load() fails cleanly on small buffers
3502 */
3503
3504 mbedtls_ssl_session_init( &session );
3505
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3506 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3507 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]3508 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
3509 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3510 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
3511 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
3512 &good_len ) == 0 );
3513 mbedtls_ssl_session_free( &session );
3514
3515 /* Try all possible bad lengths */
3516 for( bad_len = 0; bad_len < good_len; bad_len++ )
3517 {
3518 /* Allocate exact size so that asan/valgrind can detect any overread */
3519 mbedtls_free( bad_buf );
3520 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
3521 TEST_ASSERT( bad_buf != NULL );
3522 memcpy( bad_buf, good_buf, bad_len );
3523
3524 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
3525 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
3526 }
3527
3528exit:
3529 mbedtls_ssl_session_free( &session );
3530 mbedtls_free( good_buf );
3531 mbedtls_free( bad_buf );
3532}
3533/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3534
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3535/* BEGIN_CASE */
3536void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3537 int corrupt_minor,
3538 int corrupt_patch,
3539 int corrupt_config )
3540{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3541 unsigned char serialized_session[ 2048 ];
3542 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3543 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3544 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3545 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
3546 corrupt_minor == 1,
3547 corrupt_patch == 1,
3548 corrupt_config == 1,
3549 corrupt_config == 1 };
3550
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3551 mbedtls_ssl_session_init( &session );
3552
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3553 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3554 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3555 serialized_session,
3556 sizeof( serialized_session ),
3557 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3558
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3559 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3560
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3561 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3562 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3563 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3564 serialized_session,
3565 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3566 mbedtls_ssl_session_free( &session );
3567
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3568 /* Go through the bytes in the serialized session header and
3569 * corrupt them bit-by-bit. */
3570 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3571 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3572 int cur_bit;
3573 unsigned char * const byte = &serialized_session[ cur_byte ];
3574
3575 if( should_corrupt_byte[ cur_byte ] == 0 )
3576 continue;
3577
3578 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
3579 {
3580 unsigned char const corrupted_bit = 0x1u << cur_bit;
3581 /* Modify a single bit in the serialized session. */
3582 *byte ^= corrupted_bit;
3583
3584 /* Attempt to deserialize */
3585 TEST_ASSERT( mbedtls_ssl_session_load( &session,
3586 serialized_session,
3587 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]3588 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3589
3590 /* Undo the change */
3591 *byte ^= corrupted_bit;
3592 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3593 }
3594
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3595}
3596/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3597
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3598/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3599void mbedtls_endpoint_sanity( int endpoint_type )
3600{
3601 enum { BUFFSIZE = 1024 };
3602 mbedtls_endpoint ep;
3603 int ret = -1;
3604
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3605 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
3606 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3607 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3608
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3609 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3610 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3611
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3612 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
3613 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3614 TEST_ASSERT( ret == 0 );
3615
3616exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3617 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3618}
3619/* END_CASE */
3620
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3621/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3622void move_handshake_to_state(int endpoint_type, int state, int need_pass)
3623{
3624 enum { BUFFSIZE = 1024 };
3625 mbedtls_endpoint base_ep, second_ep;
3626 int ret = -1;
3627
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3628 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
3629 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3630 TEST_ASSERT( ret == 0 );
3631
3632 ret = mbedtls_endpoint_init( &second_ep,
3633 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3634 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3635 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3636 TEST_ASSERT( ret == 0 );
3637
3638 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
3639 &(second_ep.socket),
3640 BUFFSIZE );
3641 TEST_ASSERT( ret == 0 );
3642
3643 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
3644 &(second_ep.ssl),
3645 state );
3646 if( need_pass )
3647 {
3648 TEST_ASSERT( ret == 0 );
3649 TEST_ASSERT( base_ep.ssl.state == state );
3650 }
3651 else
3652 {
3653 TEST_ASSERT( ret != 0 );
3654 TEST_ASSERT( base_ep.ssl.state != state );
3655 }
3656
3657exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3658 mbedtls_endpoint_free( &base_ep, NULL );
3659 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3660}
3661/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3662
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3663/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
3664void handshake_version( int version, int dtls )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3665{
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3666 handshake_test_options options;
3667 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3668
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3669 options.version = version;
3670 options.dtls = dtls;
3671 /* Note - the case below will have to updated, since the test sends no data
3672 * due to a 1n-1 split against BEAST, that was not expected when preparing
3673 * the fragment counting code. */
3674 if( version == MBEDTLS_SSL_MINOR_VERSION_0 ||
3675 version == MBEDTLS_SSL_MINOR_VERSION_1 )
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3676 {
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3677 options.cli_msg_len = 0;
3678 options.srv_msg_len = 0;
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3679 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3680 perform_handshake( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3681
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3682 /* The goto below is used to avoid an "unused label" warning.*/
3683 goto exit;
3684}
3685/* END_CASE */
Andrzej Kurek9e9efdc2020-02-26 05:25:23 -0500[diff] [blame]3686
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3687/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
3688void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
3689{
3690 handshake_test_options options;
3691 init_handshake_options( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3692
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3693 options.cipher = cipher;
3694 options.dtls = dtls;
3695 options.psk_str = psk_str;
3696 options.pk_alg = pk_alg;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3697
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3698 perform_handshake( &options );
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]3699
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3700 /* The goto below is used to avoid an "unused label" warning.*/
3701 goto exit;
3702}
3703/* END_CASE */
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]3704
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3705/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
3706void handshake_cipher( char* cipher, int pk_alg, int dtls )
3707{
3708 test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3709
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3710 /* The goto below is used to avoid an "unused label" warning.*/
3711 goto exit;
3712}
3713/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3714
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3715/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
3716void app_data( int mfl, int cli_msg_len, int srv_msg_len,
3717 int expected_cli_fragments,
3718 int expected_srv_fragments, int dtls )
3719{
3720 handshake_test_options options;
3721 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3722
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3723 options.mfl = mfl;
3724 options.cli_msg_len = cli_msg_len;
3725 options.srv_msg_len = srv_msg_len;
3726 options.expected_cli_fragments = expected_cli_fragments;
3727 options.expected_srv_fragments = expected_srv_fragments;
3728 options.dtls = dtls;
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3729
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3730 perform_handshake( &options );
3731 /* The goto below is used to avoid an "unused label" warning.*/
3732 goto exit;
3733}
3734/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3735
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3736/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
3737void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
3738 int expected_cli_fragments,
3739 int expected_srv_fragments )
3740{
3741 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
3742 expected_srv_fragments, 0 );
3743 /* The goto below is used to avoid an "unused label" warning.*/
3744 goto exit;
3745}
3746/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3747
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3748/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
3749void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
3750 int expected_cli_fragments,
3751 int expected_srv_fragments )
3752{
3753 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
3754 expected_srv_fragments, 1 );
3755 /* The goto below is used to avoid an "unused label" warning.*/
3756 goto exit;
3757}
3758/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3759
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3760/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION */
3761void handshake_serialization( )
3762{
3763 handshake_test_options options;
3764 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3765
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3766 options.serialize = 1;
3767 options.dtls = 1;
3768 perform_handshake( &options );
3769 /* The goto below is used to avoid an "unused label" warning.*/
3770 goto exit;
3771}
3772/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3773
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]3774/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
3775void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
3776{
3777 handshake_test_options options;
3778 log_pattern srv_pattern, cli_pattern;
3779
3780 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
3781 srv_pattern.counter = 0;
3782 cli_pattern.counter = 0;
3783
3784 init_handshake_options( &options );
3785 options.dtls = 1;
3786 options.mfl = mfl;
3787 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
3788 options.srv_log_obj = &srv_pattern;
3789 options.cli_log_obj = &cli_pattern;
3790 options.srv_log_fun = log_analyzer;
3791 options.cli_log_fun = log_analyzer;
3792
3793 perform_handshake( &options );
3794
3795 /* Test if the server received a fragmented handshake */
3796 if( expected_srv_hs_fragmentation )
3797 {
3798 TEST_ASSERT( srv_pattern.counter >= 1 );
3799 }
3800 /* Test if the client received a fragmented handshake */
3801 if( expected_cli_hs_fragmentation )
3802 {
3803 TEST_ASSERT( cli_pattern.counter >= 1 );
3804 }
3805}
3806/* END_CASE */
3807
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3808/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */
3809void renegotiation( int legacy_renegotiation )
3810{
3811 handshake_test_options options;
3812 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3813
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3814 options.renegotiate = 1;
3815 options.legacy_renegotiation = legacy_renegotiation;
3816 options.dtls = 1;
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]3817
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]3818 perform_handshake( &options );
3819 /* The goto below is used to avoid an "unused label" warning.*/
3820 goto exit;
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3821}
3822/* END_CASE */