TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e6afd919dd86fb61e6b2080936fb0fb263a2e502 / . / tests / src / ssl_helpers.c
blob: 150f6e84de8b3656a3d85d12573e1180fdc67f4a [file] [log] [blame]
Yanray Wang47907a42022-10-24 14:42:01 +0800[diff] [blame]1/** \file ssl_helpers.c
2 *
3 * \brief Helper functions to set up a TLS connection.
4 */
5
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 */
22
23#include <test/ssl_helpers.h>
Yanray Wange6afd912022-10-27 12:11:18 +0800[diff] [blame^]24
25#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
26static int rng_seed = 0xBEEF;
27static int rng_get(void *p_rng, unsigned char *output, size_t output_len)
28{
29 (void) p_rng;
30 for (size_t i = 0; i < output_len; i++) {
31 output[i] = rand();
32 }
33
34 return 0;
35}
36#endif
37
38/*
39 * This function can be passed to mbedtls to receive output logs from it. In
40 * this case, it will count the instances of a mbedtls_test_ssl_log_pattern
41 * in the received logged messages.
42 */
43void mbedtls_test_ssl_log_analyzer(void *ctx, int level,
44 const char *file, int line,
45 const char *str)
46{
47 mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx;
48
49 (void) level;
50 (void) line;
51 (void) file;
52
53 if (NULL != p &&
54 NULL != p->pattern &&
55 NULL != strstr(str, p->pattern)) {
56 p->counter++;
57 }
58}
59
60void mbedtls_test_init_handshake_options(
61 mbedtls_test_handshake_test_options *opts)
62{
63#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
64 srand(rng_seed);
65 rng_seed += 0xD0;
66#endif
67 opts->cipher = "";
68 opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
69 opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
70 opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
71 opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
72 opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
73 opts->expected_handshake_result = 0;
74 opts->expected_ciphersuite = 0;
75 opts->pk_alg = MBEDTLS_PK_RSA;
76 opts->opaque_alg = 0;
77 opts->opaque_alg2 = 0;
78 opts->opaque_usage = 0;
79 opts->psk_str = NULL;
80 opts->dtls = 0;
81 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
82 opts->serialize = 0;
83 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
84 opts->cli_msg_len = 100;
85 opts->srv_msg_len = 100;
86 opts->expected_cli_fragments = 1;
87 opts->expected_srv_fragments = 1;
88 opts->renegotiate = 0;
89 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
90 opts->srv_log_obj = NULL;
91 opts->srv_log_obj = NULL;
92 opts->srv_log_fun = NULL;
93 opts->cli_log_fun = NULL;
94 opts->resize_buffers = 1;
95#if defined(MBEDTLS_SSL_CACHE_C)
96 opts->cache = NULL;
97 ASSERT_ALLOC(opts->cache, 1);
98 mbedtls_ssl_cache_init(opts->cache);
99exit:
100 return;
101#endif
102}
103
104void mbedtls_test_free_handshake_options(
105 mbedtls_test_handshake_test_options *opts)
106{
107#if defined(MBEDTLS_SSL_CACHE_C)
108 mbedtls_ssl_cache_free(opts->cache);
109 mbedtls_free(opts->cache);
110#else
111 (void) opts;
112#endif
113}
114
115#if defined(MBEDTLS_TEST_HOOKS)
116static void set_chk_buf_ptr_args(
117 mbedtls_ssl_chk_buf_ptr_args *args,
118 unsigned char *cur, unsigned char *end, size_t need)
119{
120 args->cur = cur;
121 args->end = end;
122 args->need = need;
123}
124
125static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args)
126{
127 memset(args, 0, sizeof(*args));
128}
129#endif /* MBEDTLS_TEST_HOOKS */
130
131/*
132 * Buffer structure for custom I/O callbacks.
133 */
134
135/*
136 * Initialises \p buf. After calling this function it is safe to call
137 * `mbedtls_test_ssl_buffer_free()` on \p buf.
138 */
139void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf)
140{
141 memset(buf, 0, sizeof(*buf));
142}
143
144/*
145 * Sets up \p buf. After calling this function it is safe to call
146 * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()`
147 * on \p buf.
148 */
149int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf,
150 size_t capacity)
151{
152 buf->buffer = (unsigned char *) mbedtls_calloc(capacity,
153 sizeof(unsigned char));
154 if (NULL == buf->buffer) {
155 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
156 }
157 buf->capacity = capacity;
158
159 return 0;
160}
161
162void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf)
163{
164 if (buf->buffer != NULL) {
165 mbedtls_free(buf->buffer);
166 }
167
168 memset(buf, 0, sizeof(*buf));
169}
170
171/*
172 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
173 *
174 * \p buf must have been initialized and set up by calling
175 * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`.
176 *
177 * \retval \p input_len, if the data fits.
178 * \retval 0 <= value < \p input_len, if the data does not fit.
179 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
180 * zero and \p input is NULL.
181 */
182int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf,
183 const unsigned char *input, size_t input_len)
184{
185 size_t overflow = 0;
186
187 if ((buf == NULL) || (buf->buffer == NULL)) {
188 return -1;
189 }
190
191 /* Reduce input_len to a number that fits in the buffer. */
192 if ((buf->content_length + input_len) > buf->capacity) {
193 input_len = buf->capacity - buf->content_length;
194 }
195
196 if (input == NULL) {
197 return (input_len == 0) ? 0 : -1;
198 }
199
200 /* Check if the buffer has not come full circle and free space is not in
201 * the middle */
202 if (buf->start + buf->content_length < buf->capacity) {
203
204 /* Calculate the number of bytes that need to be placed at lower memory
205 * address */
206 if (buf->start + buf->content_length + input_len
207 > buf->capacity) {
208 overflow = (buf->start + buf->content_length + input_len)
209 % buf->capacity;
210 }
211
212 memcpy(buf->buffer + buf->start + buf->content_length, input,
213 input_len - overflow);
214 memcpy(buf->buffer, input + input_len - overflow, overflow);
215
216 } else {
217 /* The buffer has come full circle and free space is in the middle */
218 memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity,
219 input, input_len);
220 }
221
222 buf->content_length += input_len;
223 return input_len;
224}
225
226/*
227 * Gets \p output_len bytes from the ring buffer \p buf into the
228 * \p output buffer. The output buffer can be NULL, in this case a part of the
229 * ring buffer will be dropped, if the requested length is available.
230 *
231 * \p buf must have been initialized and set up by calling
232 * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`.
233 *
234 * \retval \p output_len, if the data is available.
235 * \retval 0 <= value < \p output_len, if the data is not available.
236 * \retval -1, if \buf is NULL or it hasn't been set up.
237 */
238int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf,
239 unsigned char *output, size_t output_len)
240{
241 size_t overflow = 0;
242
243 if ((buf == NULL) || (buf->buffer == NULL)) {
244 return -1;
245 }
246
247 if (output == NULL && output_len == 0) {
248 return 0;
249 }
250
251 if (buf->content_length < output_len) {
252 output_len = buf->content_length;
253 }
254
255 /* Calculate the number of bytes that need to be drawn from lower memory
256 * address */
257 if (buf->start + output_len > buf->capacity) {
258 overflow = (buf->start + output_len) % buf->capacity;
259 }
260
261 if (output != NULL) {
262 memcpy(output, buf->buffer + buf->start, output_len - overflow);
263 memcpy(output + output_len - overflow, buf->buffer, overflow);
264 }
265
266 buf->content_length -= output_len;
267 buf->start = (buf->start + output_len) % buf->capacity;
268
269 return output_len;
270}
271
272/*
273 * Errors used in the message transport mock tests
274 */
275 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
276 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
277
278/*
279 * Setup and free functions for the message metadata queue.
280 *
281 * \p capacity describes the number of message metadata chunks that can be held
282 * within the queue.
283 *
284 * \retval 0, if a metadata queue of a given length can be allocated.
285 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
286 */
287int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue,
288 size_t capacity)
289{
290 queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t));
291 if (NULL == queue->messages) {
292 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
293 }
294
295 queue->capacity = capacity;
296 queue->pos = 0;
297 queue->num = 0;
298
299 return 0;
300}
301
302void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue)
303{
304 if (queue == NULL) {
305 return;
306 }
307
308 if (queue->messages != NULL) {
309 mbedtls_free(queue->messages);
310 }
311
312 memset(queue, 0, sizeof(*queue));
313}
314
315/*
316 * Push message length information onto the message metadata queue.
317 * This will become the last element to leave it (fifo).
318 *
319 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
320 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
321 * \retval \p len, if the push was successful.
322 */
323int mbedtls_test_ssl_message_queue_push_info(
324 mbedtls_test_ssl_message_queue *queue, size_t len)
325{
326 int place;
327 if (queue == NULL) {
328 return MBEDTLS_TEST_ERROR_ARG_NULL;
329 }
330
331 if (queue->num >= queue->capacity) {
332 return MBEDTLS_ERR_SSL_WANT_WRITE;
333 }
334
335 place = (queue->pos + queue->num) % queue->capacity;
336 queue->messages[place] = len;
337 queue->num++;
338 return len;
339}
340
341/*
342 * Pop information about the next message length from the queue. This will be
343 * the oldest inserted message length(fifo). \p msg_len can be null, in which
344 * case the data will be popped from the queue but not copied anywhere.
345 *
346 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
347 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
348 * \retval message length, if the pop was successful, up to the given
349 \p buf_len.
350 */
351int mbedtls_test_ssl_message_queue_pop_info(
352 mbedtls_test_ssl_message_queue *queue, size_t buf_len)
353{
354 size_t message_length;
355 if (queue == NULL) {
356 return MBEDTLS_TEST_ERROR_ARG_NULL;
357 }
358 if (queue->num == 0) {
359 return MBEDTLS_ERR_SSL_WANT_READ;
360 }
361
362 message_length = queue->messages[queue->pos];
363 queue->messages[queue->pos] = 0;
364 queue->num--;
365 queue->pos++;
366 queue->pos %= queue->capacity;
367 if (queue->pos < 0) {
368 queue->pos += queue->capacity;
369 }
370
371 return (message_length > buf_len) ? buf_len : message_length;
372}
373
374/*
375 * Take a peek on the info about the next message length from the queue.
376 * This will be the oldest inserted message length(fifo).
377 *
378 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
379 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
380 * \retval 0, if the peek was successful.
381 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
382 * too small to fit the message. In this case the \p msg_len will be
383 * set to the full message length so that the
384 * caller knows what portion of the message can be dropped.
385 */
386int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue,
387 size_t buf_len, size_t *msg_len)
388{
389 if (queue == NULL || msg_len == NULL) {
390 return MBEDTLS_TEST_ERROR_ARG_NULL;
391 }
392 if (queue->num == 0) {
393 return MBEDTLS_ERR_SSL_WANT_READ;
394 }
395
396 *msg_len = queue->messages[queue->pos];
397 return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
398}
399
400/*
401 * Setup and teardown functions for mock sockets.
402 */
403void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket)
404{
405 memset(socket, 0, sizeof(*socket));
406}
407
408/*
409 * Closes the socket \p socket.
410 *
411 * \p socket must have been previously initialized by calling
412 * mbedtls_mock_socket_init().
413 *
414 * This function frees all allocated resources and both sockets are aware of the
415 * new connection state.
416 *
417 * That is, this function does not simulate half-open TCP connections and the
418 * phenomenon that when closing a UDP connection the peer is not aware of the
419 * connection having been closed.
420 */
421void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket)
422{
423 if (socket == NULL) {
424 return;
425 }
426
427 if (socket->input != NULL) {
428 mbedtls_test_ssl_buffer_free(socket->input);
429 mbedtls_free(socket->input);
430 }
431
432 if (socket->output != NULL) {
433 mbedtls_test_ssl_buffer_free(socket->output);
434 mbedtls_free(socket->output);
435 }
436
437 if (socket->peer != NULL) {
438 memset(socket->peer, 0, sizeof(*socket->peer));
439 }
440
441 memset(socket, 0, sizeof(*socket));
442}
443
444/*
445 * Establishes a connection between \p peer1 and \p peer2.
446 *
447 * \p peer1 and \p peer2 must have been previously initialized by calling
448 * mbedtls_mock_socket_init().
449 *
450 * The capacities of the internal buffers are set to \p bufsize. Setting this to
451 * the correct value allows for simulation of MTU, sanity testing the mock
452 * implementation and mocking TCP connections with lower memory cost.
453 */
454int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1,
455 mbedtls_test_mock_socket *peer2,
456 size_t bufsize)
457{
458 int ret = -1;
459
460 peer1->output =
461 (mbedtls_test_ssl_buffer *) mbedtls_calloc(
462 1, sizeof(mbedtls_test_ssl_buffer));
463 if (peer1->output == NULL) {
464 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
465 goto exit;
466 }
467 mbedtls_test_ssl_buffer_init(peer1->output);
468 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) {
469 goto exit;
470 }
471
472 peer2->output =
473 (mbedtls_test_ssl_buffer *) mbedtls_calloc(
474 1, sizeof(mbedtls_test_ssl_buffer));
475 if (peer2->output == NULL) {
476 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
477 goto exit;
478 }
479 mbedtls_test_ssl_buffer_init(peer2->output);
480 if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) {
481 goto exit;
482 }
483
484 peer1->peer = peer2;
485 peer2->peer = peer1;
486 peer1->input = peer2->output;
487 peer2->input = peer1->output;
488
489 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
490 ret = 0;
491
492exit:
493
494 if (ret != 0) {
495 mbedtls_test_mock_socket_close(peer1);
496 mbedtls_test_mock_socket_close(peer2);
497 }
498
499 return ret;
500}
501
502/*
503 * Callbacks for simulating blocking I/O over connection-oriented transport.
504 */
505
506int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf,
507 size_t len)
508{
509 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
510
511 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
512 return -1;
513 }
514
515 return mbedtls_test_ssl_buffer_put(socket->output, buf, len);
516}
517
518int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len)
519{
520 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
521
522 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
523 return -1;
524 }
525
526 return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
527}
528
529/*
530 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
531 */
532
533int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf,
534 size_t len)
535{
536 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
537
538 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
539 return -1;
540 }
541
542 if (socket->output->capacity == socket->output->content_length) {
543 return MBEDTLS_ERR_SSL_WANT_WRITE;
544 }
545
546 return mbedtls_test_ssl_buffer_put(socket->output, buf, len);
547}
548
549int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len)
550{
551 mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
552
553 if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
554 return -1;
555 }
556
557 if (socket->input->content_length == 0) {
558 return MBEDTLS_ERR_SSL_WANT_READ;
559 }
560
561 return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
562}
563
564void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx)
565{
566 ctx->queue_input = NULL;
567 ctx->queue_output = NULL;
568 ctx->socket = NULL;
569}
570
571/*
572 * Setup a given message socket context including initialization of
573 * input/output queues to a chosen capacity of messages. Also set the
574 * corresponding mock socket.
575 *
576 * \retval 0, if everything succeeds.
577 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
578 * queue failed.
579 */
580int mbedtls_test_message_socket_setup(
581 mbedtls_test_ssl_message_queue *queue_input,
582 mbedtls_test_ssl_message_queue *queue_output,
583 size_t queue_capacity,
584 mbedtls_test_mock_socket *socket,
585 mbedtls_test_message_socket_context *ctx)
586{
587 int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity);
588 if (ret != 0) {
589 return ret;
590 }
591 ctx->queue_input = queue_input;
592 ctx->queue_output = queue_output;
593 ctx->socket = socket;
594 mbedtls_mock_socket_init(socket);
595
596 return 0;
597}
598
599/*
600 * Close a given message socket context, along with the socket itself. Free the
601 * memory allocated by the input queue.
602 */
603void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx)
604{
605 if (ctx == NULL) {
606 return;
607 }
608
609 mbedtls_test_ssl_message_queue_free(ctx->queue_input);
610 mbedtls_test_mock_socket_close(ctx->socket);
611 memset(ctx, 0, sizeof(*ctx));
612}
613
614/*
615 * Send one message through a given message socket context.
616 *
617 * \retval \p len, if everything succeeds.
618 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
619 * elements or the context itself is null.
620 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if
621 * mbedtls_test_mock_tcp_send_b failed.
622 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
623 *
624 * This function will also return any error from
625 * mbedtls_test_ssl_message_queue_push_info.
626 */
627int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf,
628 size_t len)
629{
630 mbedtls_test_ssl_message_queue *queue;
631 mbedtls_test_mock_socket *socket;
632 mbedtls_test_message_socket_context *context =
633 (mbedtls_test_message_socket_context *) ctx;
634
635 if (context == NULL || context->socket == NULL
636 || context->queue_output == NULL) {
637 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
638 }
639
640 queue = context->queue_output;
641 socket = context->socket;
642
643 if (queue->num >= queue->capacity) {
644 return MBEDTLS_ERR_SSL_WANT_WRITE;
645 }
646
647 if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) {
648 return MBEDTLS_TEST_ERROR_SEND_FAILED;
649 }
650
651 return mbedtls_test_ssl_message_queue_push_info(queue, len);
652}
653
654/*
655 * Receive one message from a given message socket context and return message
656 * length or an error.
657 *
658 * \retval message length, if everything succeeds.
659 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
660 * elements or the context itself is null.
661 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if
662 * mbedtls_test_mock_tcp_recv_b failed.
663 *
664 * This function will also return any error other than
665 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from
666 * mbedtls_test_message_queue_peek_info.
667 */
668int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf,
669 size_t buf_len)
670{
671 mbedtls_test_ssl_message_queue *queue;
672 mbedtls_test_mock_socket *socket;
673 mbedtls_test_message_socket_context *context =
674 (mbedtls_test_message_socket_context *) ctx;
675 size_t drop_len = 0;
676 size_t msg_len;
677 int ret;
678
679 if (context == NULL || context->socket == NULL
680 || context->queue_input == NULL) {
681 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
682 }
683
684 queue = context->queue_input;
685 socket = context->socket;
686
687 /* Peek first, so that in case of a socket error the data remains in
688 * the queue. */
689 ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len);
690 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
691 /* Calculate how much to drop */
692 drop_len = msg_len - buf_len;
693
694 /* Set the requested message len to be buffer length */
695 msg_len = buf_len;
696 } else if (ret != 0) {
697 return ret;
698 }
699
700 if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) {
701 return MBEDTLS_TEST_ERROR_RECV_FAILED;
702 }
703
704 if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
705 /* Drop the remaining part of the message */
706 if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len)
707 != (int) drop_len) {
708 /* Inconsistent state - part of the message was read,
709 * and a part couldn't. Not much we can do here, but it should not
710 * happen in test environment, unless forced manually. */
711 }
712 }
713 mbedtls_test_ssl_message_queue_pop_info(queue, buf_len);
714
715 return msg_len;
716}
717
718#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
719
720/*
721 * Deinitializes certificates from endpoint represented by \p ep.
722 */
723void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
724{
725 mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
726 if (cert != NULL) {
727 if (cert->ca_cert != NULL) {
728 mbedtls_x509_crt_free(cert->ca_cert);
729 mbedtls_free(cert->ca_cert);
730 cert->ca_cert = NULL;
731 }
732 if (cert->cert != NULL) {
733 mbedtls_x509_crt_free(cert->cert);
734 mbedtls_free(cert->cert);
735 cert->cert = NULL;
736 }
737 if (cert->pkey != NULL) {
738#if defined(MBEDTLS_USE_PSA_CRYPTO)
739 if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
740 mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
741 psa_destroy_key(*key_slot);
742 }
743#endif
744 mbedtls_pk_free(cert->pkey);
745 mbedtls_free(cert->pkey);
746 cert->pkey = NULL;
747 }
748 }
749}
750
751/*
752 * Initializes \p ep_cert structure and assigns it to endpoint
753 * represented by \p ep.
754 *
755 * \retval 0 on success, otherwise error code.
756 */
757int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
758 int pk_alg,
759 int opaque_alg, int opaque_alg2,
760 int opaque_usage)
761{
762 int i = 0;
763 int ret = -1;
764 mbedtls_test_ssl_endpoint_certificate *cert = NULL;
765#if defined(MBEDTLS_USE_PSA_CRYPTO)
766 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
767#endif
768
769 if (ep == NULL) {
770 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
771 }
772
773 cert = &(ep->cert);
774 ASSERT_ALLOC(cert->ca_cert, 1);
775 ASSERT_ALLOC(cert->cert, 1);
776 ASSERT_ALLOC(cert->pkey, 1);
777
778 mbedtls_x509_crt_init(cert->ca_cert);
779 mbedtls_x509_crt_init(cert->cert);
780 mbedtls_pk_init(cert->pkey);
781
782 /* Load the trusted CA */
783
784 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
785 ret = mbedtls_x509_crt_parse_der(
786 cert->ca_cert,
787 (const unsigned char *) mbedtls_test_cas_der[i],
788 mbedtls_test_cas_der_len[i]);
789 TEST_ASSERT(ret == 0);
790 }
791
792 /* Load own certificate and private key */
793
794 if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
795 if (pk_alg == MBEDTLS_PK_RSA) {
796 ret = mbedtls_x509_crt_parse(
797 cert->cert,
798 (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
799 mbedtls_test_srv_crt_rsa_sha256_der_len);
800 TEST_ASSERT(ret == 0);
801
802 ret = mbedtls_pk_parse_key(
803 cert->pkey,
804 (const unsigned char *) mbedtls_test_srv_key_rsa_der,
805 mbedtls_test_srv_key_rsa_der_len, NULL, 0,
806 mbedtls_test_rnd_std_rand, NULL);
807 TEST_ASSERT(ret == 0);
808 } else {
809 ret = mbedtls_x509_crt_parse(
810 cert->cert,
811 (const unsigned char *) mbedtls_test_srv_crt_ec_der,
812 mbedtls_test_srv_crt_ec_der_len);
813 TEST_ASSERT(ret == 0);
814
815 ret = mbedtls_pk_parse_key(
816 cert->pkey,
817 (const unsigned char *) mbedtls_test_srv_key_ec_der,
818 mbedtls_test_srv_key_ec_der_len, NULL, 0,
819 mbedtls_test_rnd_std_rand, NULL);
820 TEST_ASSERT(ret == 0);
821 }
822 } else {
823 if (pk_alg == MBEDTLS_PK_RSA) {
824 ret = mbedtls_x509_crt_parse(
825 cert->cert,
826 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
827 mbedtls_test_cli_crt_rsa_der_len);
828 TEST_ASSERT(ret == 0);
829
830 ret = mbedtls_pk_parse_key(
831 cert->pkey,
832 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
833 mbedtls_test_cli_key_rsa_der_len, NULL, 0,
834 mbedtls_test_rnd_std_rand, NULL);
835 TEST_ASSERT(ret == 0);
836 } else {
837 ret = mbedtls_x509_crt_parse(
838 cert->cert,
839 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
840 mbedtls_test_cli_crt_ec_len);
841 TEST_ASSERT(ret == 0);
842
843 ret = mbedtls_pk_parse_key(
844 cert->pkey,
845 (const unsigned char *) mbedtls_test_cli_key_ec_der,
846 mbedtls_test_cli_key_ec_der_len, NULL, 0,
847 mbedtls_test_rnd_std_rand, NULL);
848 TEST_ASSERT(ret == 0);
849 }
850 }
851
852#if defined(MBEDTLS_USE_PSA_CRYPTO)
853 if (opaque_alg != 0) {
854 TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot,
855 opaque_alg, opaque_usage,
856 opaque_alg2), 0);
857 }
858#else
859 (void) opaque_alg;
860 (void) opaque_alg2;
861 (void) opaque_usage;
862#endif
863
864 mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
865
866 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
867 cert->pkey);
868 TEST_ASSERT(ret == 0);
869 TEST_ASSERT(ep->conf.key_cert != NULL);
870
871 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL);
872 TEST_ASSERT(ret == 0);
873 TEST_ASSERT(ep->conf.key_cert == NULL);
874
875 ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
876 cert->pkey);
877 TEST_ASSERT(ret == 0);
878
879exit:
880 if (ret != 0) {
881 mbedtls_endpoint_certificate_free(ep);
882 }
883
884 return ret;
885}
886
887/*
888 * Initializes \p ep structure. It is important to call
889 * `mbedtls_test_ssl_endpoint_free()` after calling this function
890 * even if it fails.
891 *
892 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
893 * MBEDTLS_SSL_IS_CLIENT.
894 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
895 * MBEDTLS_PK_ECDSA are supported.
896 * \p dtls_context - in case of DTLS - this is the context handling metadata.
897 * \p input_queue - used only in case of DTLS.
898 * \p output_queue - used only in case of DTLS.
899 *
900 * \retval 0 on success, otherwise error code.
901 */
902int mbedtls_test_ssl_endpoint_init(
903 mbedtls_test_ssl_endpoint *ep, int endpoint_type,
904 mbedtls_test_handshake_test_options *options,
905 mbedtls_test_message_socket_context *dtls_context,
906 mbedtls_test_ssl_message_queue *input_queue,
907 mbedtls_test_ssl_message_queue *output_queue,
908 uint16_t *group_list)
909{
910 int ret = -1;
911 uintptr_t user_data_n;
912
913 if (dtls_context != NULL &&
914 (input_queue == NULL || output_queue == NULL)) {
915 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
916
917 }
918
919 if (ep == NULL) {
920 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
921 }
922
923 memset(ep, 0, sizeof(*ep));
924
925 ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client";
926
927 mbedtls_ssl_init(&(ep->ssl));
928 mbedtls_ssl_config_init(&(ep->conf));
929 mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL);
930
931 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
932 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
933 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL);
934 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0);
935
936 (void) mbedtls_test_rnd_std_rand(NULL,
937 (void *) &user_data_n,
938 sizeof(user_data_n));
939 mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n);
940 mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n);
941
942 if (dtls_context != NULL) {
943 TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue,
944 100, &(ep->socket),
945 dtls_context) == 0);
946 } else {
947 mbedtls_mock_socket_init(&(ep->socket));
948 }
949
950 /* Non-blocking callbacks without timeout */
951 if (dtls_context != NULL) {
952 mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
953 mbedtls_test_mock_tcp_send_msg,
954 mbedtls_test_mock_tcp_recv_msg,
955 NULL);
956 } else {
957 mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
958 mbedtls_test_mock_tcp_send_nb,
959 mbedtls_test_mock_tcp_recv_nb,
960 NULL);
961 }
962
963 ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
964 (dtls_context != NULL) ?
965 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
966 MBEDTLS_SSL_TRANSPORT_STREAM,
967 MBEDTLS_SSL_PRESET_DEFAULT);
968 TEST_ASSERT(ret == 0);
969
970 if (group_list != NULL) {
971 mbedtls_ssl_conf_groups(&(ep->conf), group_list);
972 }
973
974 mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
975
976#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C)
977 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) {
978 mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache,
979 mbedtls_ssl_cache_get,
980 mbedtls_ssl_cache_set);
981 }
982#endif
983
984 ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
985 TEST_ASSERT(ret == 0);
986
987#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
988 if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
989 mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
990 }
991#endif
992
993 ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg,
994 options->opaque_alg,
995 options->opaque_alg2,
996 options->opaque_usage);
997 TEST_ASSERT(ret == 0);
998
999 TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n);
1000 mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep);
1001 TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n);
1002 mbedtls_ssl_set_user_data_p(&ep->ssl, ep);
1003
1004exit:
1005 return ret;
1006}
1007
1008/*
1009 * Deinitializes endpoint represented by \p ep.
1010 */
1011void mbedtls_test_ssl_endpoint_free(
1012 mbedtls_test_ssl_endpoint *ep,
1013 mbedtls_test_message_socket_context *context)
1014{
1015 mbedtls_endpoint_certificate_free(ep);
1016
1017 mbedtls_ssl_free(&(ep->ssl));
1018 mbedtls_ssl_config_free(&(ep->conf));
1019
1020 if (context != NULL) {
1021 mbedtls_test_message_socket_close(context);
1022 } else {
1023 mbedtls_test_mock_socket_close(&(ep->socket));
1024 }
1025}
1026
1027/*
1028 * This function moves ssl handshake from \p ssl to prescribed \p state.
1029 * /p second_ssl is used as second endpoint and their sockets have to be
1030 * connected before calling this function.
1031 *
1032 * \retval 0 on success, otherwise error code.
1033 */
1034int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
1035 mbedtls_ssl_context *second_ssl,
1036 int state)
1037{
1038 enum { BUFFSIZE = 1024 };
1039 int max_steps = 1000;
1040 int ret = 0;
1041
1042 if (ssl == NULL || second_ssl == NULL) {
1043 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
1044 }
1045
1046 /* Perform communication via connected sockets */
1047 while ((ssl->state != state) && (--max_steps >= 0)) {
1048 /* If /p second_ssl ends the handshake procedure before /p ssl then
1049 * there is no need to call the next step */
1050 if (!mbedtls_ssl_is_handshake_over(second_ssl)) {
1051 ret = mbedtls_ssl_handshake_step(second_ssl);
1052 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1053 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
1054 return ret;
1055 }
1056 }
1057
1058 /* We only care about the \p ssl state and returns, so we call it last,
1059 * to leave the iteration as soon as the state is as expected. */
1060 ret = mbedtls_ssl_handshake_step(ssl);
1061 if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1062 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
1063 return ret;
1064 }
1065 }
1066
1067 return (max_steps >= 0) ? ret : -1;
1068}
1069
1070#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1071
1072/*
1073 * Write application data. Increase write counter if necessary.
1074 */
1075int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf,
1076 int buf_len, int *written,
1077 const int expected_fragments)
1078{
1079 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
1080 * a valid no-op for TLS connections. */
1081 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1082 TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
1083 }
1084
1085 int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
1086 if (ret > 0) {
1087 *written += ret;
1088 }
1089
1090 if (expected_fragments == 0) {
1091 /* Used for DTLS and the message size larger than MFL. In that case
1092 * the message can not be fragmented and the library should return
1093 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
1094 * to prevent a dead loop inside mbedtls_exchange_data(). */
1095 return ret;
1096 } else if (expected_fragments == 1) {
1097 /* Used for TLS/DTLS and the message size lower than MFL */
1098 TEST_ASSERT(ret == buf_len ||
1099 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1100 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
1101 } else {
1102 /* Used for TLS and the message size larger than MFL */
1103 TEST_ASSERT(expected_fragments > 1);
1104 TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
1105 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1106 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
1107 }
1108
1109 return 0;
1110
1111exit:
1112 /* Some of the tests failed */
1113 return -1;
1114}
1115
1116/*
1117 * Read application data and increase read counter and fragments counter
1118 * if necessary.
1119 */
1120int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf,
1121 int buf_len, int *read,
1122 int *fragments, const int expected_fragments)
1123{
1124 /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
1125 * a valid no-op for TLS connections. */
1126 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1127 TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
1128 }
1129
1130 int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
1131 if (ret > 0) {
1132 (*fragments)++;
1133 *read += ret;
1134 }
1135
1136 if (expected_fragments == 0) {
1137 TEST_ASSERT(ret == 0);
1138 } else if (expected_fragments == 1) {
1139 TEST_ASSERT(ret == buf_len ||
1140 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1141 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
1142 } else {
1143 TEST_ASSERT(expected_fragments > 1);
1144 TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
1145 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1146 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
1147 }
1148
1149 return 0;
1150
1151exit:
1152 /* Some of the tests failed */
1153 return -1;
1154}
1155
1156/*
1157 * Helper function setting up inverse record transformations
1158 * using given cipher, hash, EtM mode, authentication tag length,
1159 * and version.
1160 */
1161
1162#define CHK(x) \
1163 do \
1164 { \
1165 if (!(x)) \
1166 { \
1167 ret = -1; \
1168 goto cleanup; \
1169 } \
1170 } while (0)
1171
1172void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
1173 int *forced_ciphersuite)
1174{
1175 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1176 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
1177 forced_ciphersuite[1] = 0;
1178
1179 ciphersuite_info =
1180 mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
1181
1182 TEST_ASSERT(ciphersuite_info != NULL);
1183 TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version);
1184 TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version);
1185
1186 if (conf->max_tls_version > ciphersuite_info->max_tls_version) {
1187 conf->max_tls_version = ciphersuite_info->max_tls_version;
1188 }
1189 if (conf->min_tls_version < ciphersuite_info->min_tls_version) {
1190 conf->min_tls_version = ciphersuite_info->min_tls_version;
1191 }
1192
1193 mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
1194
1195exit:
1196 return;
1197}
1198
1199int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
1200 const unsigned char *name, size_t name_len)
1201{
1202 (void) p_info;
1203 (void) ssl;
1204 (void) name;
1205 (void) name_len;
1206
1207 return 0;
1208}
1209
1210#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1211#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1212#else
1213#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1214#endif
1215
1216#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
1217 defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
1218int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
1219 const unsigned char *iv,
1220 size_t iv_len,
1221 const unsigned char *input,
1222 size_t ilen,
1223 unsigned char *output,
1224 size_t *olen)
1225{
1226#if defined(MBEDTLS_USE_PSA_CRYPTO)
1227 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1228 psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
1229 size_t part_len;
1230
1231 status = psa_cipher_encrypt_setup(&cipher_op,
1232 transform->psa_key_enc,
1233 transform->psa_alg);
1234
1235 if (status != PSA_SUCCESS) {
1236 return PSA_TO_MBEDTLS_ERR(status);
1237 }
1238
1239 status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
1240
1241 if (status != PSA_SUCCESS) {
1242 return PSA_TO_MBEDTLS_ERR(status);
1243 }
1244
1245 status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen);
1246
1247 if (status != PSA_SUCCESS) {
1248 return PSA_TO_MBEDTLS_ERR(status);
1249 }
1250
1251 status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen,
1252 &part_len);
1253
1254 if (status != PSA_SUCCESS) {
1255 return PSA_TO_MBEDTLS_ERR(status);
1256 }
1257
1258 *olen += part_len;
1259 return 0;
1260#else
1261 return mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
1262 iv, iv_len, input, ilen, output, olen);
1263#endif /* MBEDTLS_USE_PSA_CRYPTO */
1264}
1265#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC &&
1266 MBEDTLS_AES_C */
1267
1268int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
1269 mbedtls_ssl_transform *t_out,
1270 int cipher_type, int hash_id,
1271 int etm, int tag_mode,
1272 mbedtls_ssl_protocol_version tls_version,
1273 size_t cid0_len,
1274 size_t cid1_len)
1275{
1276 mbedtls_cipher_info_t const *cipher_info;
1277 int ret = 0;
1278
1279#if defined(MBEDTLS_USE_PSA_CRYPTO)
1280 psa_key_type_t key_type;
1281 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1282 psa_algorithm_t alg;
1283 size_t key_bits;
1284 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1285#endif
1286
1287 size_t keylen, maclen, ivlen;
1288 unsigned char *key0 = NULL, *key1 = NULL;
1289 unsigned char *md0 = NULL, *md1 = NULL;
1290 unsigned char iv_enc[16], iv_dec[16];
1291
1292#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1293 unsigned char cid0[SSL_CID_LEN_MIN];
1294 unsigned char cid1[SSL_CID_LEN_MIN];
1295
1296 mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0));
1297 mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1));
1298#else
1299 ((void) cid0_len);
1300 ((void) cid1_len);
1301#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1302
1303 maclen = 0;
1304
1305 /* Pick cipher */
1306 cipher_info = mbedtls_cipher_info_from_type(cipher_type);
1307 CHK(cipher_info != NULL);
1308 CHK(cipher_info->iv_size <= 16);
1309 CHK(cipher_info->key_bitlen % 8 == 0);
1310
1311 /* Pick keys */
1312 keylen = cipher_info->key_bitlen / 8;
1313 /* Allocate `keylen + 1` bytes to ensure that we get
1314 * a non-NULL pointers from `mbedtls_calloc` even if
1315 * `keylen == 0` in the case of the NULL cipher. */
1316 CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL);
1317 CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL);
1318 memset(key0, 0x1, keylen);
1319 memset(key1, 0x2, keylen);
1320
1321#if !defined(MBEDTLS_USE_PSA_CRYPTO)
1322 /* Setup cipher contexts */
1323 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
1324 CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
1325 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
1326 CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
1327
1328#if defined(MBEDTLS_CIPHER_MODE_CBC)
1329 if (cipher_info->mode == MBEDTLS_MODE_CBC) {
1330 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
1331 MBEDTLS_PADDING_NONE) == 0);
1332 CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
1333 MBEDTLS_PADDING_NONE) == 0);
1334 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
1335 MBEDTLS_PADDING_NONE) == 0);
1336 CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
1337 MBEDTLS_PADDING_NONE) == 0);
1338 }
1339#endif /* MBEDTLS_CIPHER_MODE_CBC */
1340
1341 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
1342 keylen << 3, MBEDTLS_ENCRYPT) == 0);
1343 CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
1344 keylen << 3, MBEDTLS_DECRYPT) == 0);
1345 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
1346 keylen << 3, MBEDTLS_ENCRYPT) == 0);
1347 CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
1348 keylen << 3, MBEDTLS_DECRYPT) == 0);
1349#endif
1350
1351 /* Setup MAC contexts */
1352#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
1353 if (cipher_info->mode == MBEDTLS_MODE_CBC ||
1354 cipher_info->mode == MBEDTLS_MODE_STREAM) {
1355#if !defined(MBEDTLS_USE_PSA_CRYPTO)
1356 mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id);
1357 CHK(md_info != NULL);
1358#endif
1359 maclen = mbedtls_hash_info_get_size(hash_id);
1360 CHK(maclen != 0);
1361 /* Pick hash keys */
1362 CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
1363 CHK((md1 = mbedtls_calloc(1, maclen)) != NULL);
1364 memset(md0, 0x5, maclen);
1365 memset(md1, 0x6, maclen);
1366
1367#if defined(MBEDTLS_USE_PSA_CRYPTO)
1368 alg = mbedtls_hash_info_psa_from_md(hash_id);
1369
1370 CHK(alg != 0);
1371
1372 t_out->psa_mac_alg = PSA_ALG_HMAC(alg);
1373 t_in->psa_mac_alg = PSA_ALG_HMAC(alg);
1374 t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
1375 t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
1376 t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
1377 t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
1378
1379 psa_reset_key_attributes(&attributes);
1380 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
1381 psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg));
1382 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
1383
1384 CHK(psa_import_key(&attributes,
1385 md0, maclen,
1386 &t_in->psa_mac_enc) == PSA_SUCCESS);
1387
1388 CHK(psa_import_key(&attributes,
1389 md1, maclen,
1390 &t_out->psa_mac_enc) == PSA_SUCCESS);
1391
1392 if (cipher_info->mode == MBEDTLS_MODE_STREAM ||
1393 etm == MBEDTLS_SSL_ETM_DISABLED) {
1394 /* mbedtls_ct_hmac() requires the key to be exportable */
1395 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
1396 PSA_KEY_USAGE_VERIFY_HASH);
1397 } else {
1398 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
1399 }
1400
1401 CHK(psa_import_key(&attributes,
1402 md1, maclen,
1403 &t_in->psa_mac_dec) == PSA_SUCCESS);
1404
1405 CHK(psa_import_key(&attributes,
1406 md0, maclen,
1407 &t_out->psa_mac_dec) == PSA_SUCCESS);
1408#else
1409 CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
1410 CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
1411 CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
1412 CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
1413
1414 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
1415 md0, maclen) == 0);
1416 CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
1417 md1, maclen) == 0);
1418 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
1419 md1, maclen) == 0);
1420 CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
1421 md0, maclen) == 0);
1422#endif
1423 }
1424#else
1425 ((void) hash_id);
1426#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
1427
1428
1429 /* Pick IV's (regardless of whether they
1430 * are being used by the transform). */
1431 ivlen = cipher_info->iv_size;
1432 memset(iv_enc, 0x3, sizeof(iv_enc));
1433 memset(iv_dec, 0x4, sizeof(iv_dec));
1434
1435 /*
1436 * Setup transforms
1437 */
1438
1439#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1440 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
1441 t_out->encrypt_then_mac = etm;
1442 t_in->encrypt_then_mac = etm;
1443#else
1444 ((void) etm);
1445#endif
1446
1447 t_out->tls_version = tls_version;
1448 t_in->tls_version = tls_version;
1449 t_out->ivlen = ivlen;
1450 t_in->ivlen = ivlen;
1451
1452 switch (cipher_info->mode) {
1453 case MBEDTLS_MODE_GCM:
1454 case MBEDTLS_MODE_CCM:
1455#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1456 if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
1457 t_out->fixed_ivlen = 12;
1458 t_in->fixed_ivlen = 12;
1459 } else
1460#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1461 {
1462 t_out->fixed_ivlen = 4;
1463 t_in->fixed_ivlen = 4;
1464 }
1465 t_out->maclen = 0;
1466 t_in->maclen = 0;
1467 switch (tag_mode) {
1468 case 0: /* Full tag */
1469 t_out->taglen = 16;
1470 t_in->taglen = 16;
1471 break;
1472 case 1: /* Partial tag */
1473 t_out->taglen = 8;
1474 t_in->taglen = 8;
1475 break;
1476 default:
1477 ret = 1;
1478 goto cleanup;
1479 }
1480 break;
1481
1482 case MBEDTLS_MODE_CHACHAPOLY:
1483 t_out->fixed_ivlen = 12;
1484 t_in->fixed_ivlen = 12;
1485 t_out->maclen = 0;
1486 t_in->maclen = 0;
1487 switch (tag_mode) {
1488 case 0: /* Full tag */
1489 t_out->taglen = 16;
1490 t_in->taglen = 16;
1491 break;
1492 case 1: /* Partial tag */
1493 t_out->taglen = 8;
1494 t_in->taglen = 8;
1495 break;
1496 default:
1497 ret = 1;
1498 goto cleanup;
1499 }
1500 break;
1501
1502 case MBEDTLS_MODE_STREAM:
1503 case MBEDTLS_MODE_CBC:
1504 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1505 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1506 t_out->taglen = 0;
1507 t_in->taglen = 0;
1508 switch (tag_mode) {
1509 case 0: /* Full tag */
1510 t_out->maclen = maclen;
1511 t_in->maclen = maclen;
1512 break;
1513 default:
1514 ret = 1;
1515 goto cleanup;
1516 }
1517 break;
1518 default:
1519 ret = 1;
1520 goto cleanup;
1521 break;
1522 }
1523
1524 /* Setup IV's */
1525
1526 memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec));
1527 memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc));
1528 memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc));
1529 memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec));
1530
1531#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1532 /* Add CID */
1533 memcpy(&t_in->in_cid, cid0, cid0_len);
1534 memcpy(&t_in->out_cid, cid1, cid1_len);
1535 t_in->in_cid_len = cid0_len;
1536 t_in->out_cid_len = cid1_len;
1537 memcpy(&t_out->in_cid, cid1, cid1_len);
1538 memcpy(&t_out->out_cid, cid0, cid0_len);
1539 t_out->in_cid_len = cid1_len;
1540 t_out->out_cid_len = cid0_len;
1541#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1542
1543#if defined(MBEDTLS_USE_PSA_CRYPTO)
1544 status = mbedtls_ssl_cipher_to_psa(cipher_type,
1545 t_in->taglen,
1546 &alg,
1547 &key_type,
1548 &key_bits);
1549
1550 if (status != PSA_SUCCESS) {
1551 ret = PSA_TO_MBEDTLS_ERR(status);
1552 goto cleanup;
1553 }
1554
1555 t_in->psa_alg = alg;
1556 t_out->psa_alg = alg;
1557
1558 if (alg != MBEDTLS_SSL_NULL_CIPHER) {
1559 psa_reset_key_attributes(&attributes);
1560 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
1561 psa_set_key_algorithm(&attributes, alg);
1562 psa_set_key_type(&attributes, key_type);
1563
1564 status = psa_import_key(&attributes,
1565 key0,
1566 PSA_BITS_TO_BYTES(key_bits),
1567 &t_in->psa_key_enc);
1568
1569 if (status != PSA_SUCCESS) {
1570 ret = PSA_TO_MBEDTLS_ERR(status);
1571 goto cleanup;
1572 }
1573
1574 status = psa_import_key(&attributes,
1575 key1,
1576 PSA_BITS_TO_BYTES(key_bits),
1577 &t_out->psa_key_enc);
1578
1579 if (status != PSA_SUCCESS) {
1580 ret = PSA_TO_MBEDTLS_ERR(status);
1581 goto cleanup;
1582 }
1583
1584 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
1585
1586 status = psa_import_key(&attributes,
1587 key1,
1588 PSA_BITS_TO_BYTES(key_bits),
1589 &t_in->psa_key_dec);
1590
1591 if (status != PSA_SUCCESS) {
1592 ret = PSA_TO_MBEDTLS_ERR(status);
1593 goto cleanup;
1594 }
1595
1596 status = psa_import_key(&attributes,
1597 key0,
1598 PSA_BITS_TO_BYTES(key_bits),
1599 &t_out->psa_key_dec);
1600
1601 if (status != PSA_SUCCESS) {
1602 ret = PSA_TO_MBEDTLS_ERR(status);
1603 goto cleanup;
1604 }
1605 }
1606#endif /* MBEDTLS_USE_PSA_CRYPTO */
1607
1608cleanup:
1609
1610 mbedtls_free(key0);
1611 mbedtls_free(key1);
1612
1613 mbedtls_free(md0);
1614 mbedtls_free(md1);
1615
1616 return ret;
1617}
1618
1619/*
1620 * Populate a session structure for serialization tests.
1621 * Choose dummy values, mostly non-0 to distinguish from the init default.
1622 */
1623int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
1624 int ticket_len,
1625 const char *crt_file)
1626{
1627#if defined(MBEDTLS_HAVE_TIME)
1628 session->start = mbedtls_time(NULL) - 42;
1629#endif
1630 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
1631 session->ciphersuite = 0xabcd;
1632 session->id_len = sizeof(session->id);
1633 memset(session->id, 66, session->id_len);
1634 memset(session->master, 17, sizeof(session->master));
1635
1636#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
1637 if (crt_file != NULL && strlen(crt_file) != 0) {
1638 mbedtls_x509_crt tmp_crt;
1639 int ret;
1640
1641 mbedtls_x509_crt_init(&tmp_crt);
1642 ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file);
1643 if (ret != 0) {
1644 return ret;
1645 }
1646
1647#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1648 /* Move temporary CRT. */
1649 session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert));
1650 if (session->peer_cert == NULL) {
1651 return -1;
1652 }
1653 *session->peer_cert = tmp_crt;
1654 memset(&tmp_crt, 0, sizeof(tmp_crt));
1655#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1656 /* Calculate digest of temporary CRT. */
1657 session->peer_cert_digest =
1658 mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
1659 if (session->peer_cert_digest == NULL) {
1660 return -1;
1661 }
1662
1663#if defined(MBEDTLS_USE_PSA_CRYPTO)
1664 psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(
1665 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
1666 size_t hash_size = 0;
1667 psa_status_t status = psa_hash_compute(
1668 psa_alg, tmp_crt.raw.p,
1669 tmp_crt.raw.len,
1670 session->peer_cert_digest,
1671 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
1672 &hash_size);
1673 ret = PSA_TO_MBEDTLS_ERR(status);
1674#else
1675 ret = mbedtls_md(mbedtls_md_info_from_type(
1676 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
1677 tmp_crt.raw.p, tmp_crt.raw.len,
1678 session->peer_cert_digest);
1679#endif /* MBEDTLS_USE_PSA_CRYPTO */
1680 if (ret != 0) {
1681 return ret;
1682 }
1683 session->peer_cert_digest_type =
1684 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1685 session->peer_cert_digest_len =
1686 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1687#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1688
1689 mbedtls_x509_crt_free(&tmp_crt);
1690 }
1691#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
1692 (void) crt_file;
1693#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
1694 session->verify_result = 0xdeadbeef;
1695
1696#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1697 if (ticket_len != 0) {
1698 session->ticket = mbedtls_calloc(1, ticket_len);
1699 if (session->ticket == NULL) {
1700 return -1;
1701 }
1702 memset(session->ticket, 33, ticket_len);
1703 }
1704 session->ticket_len = ticket_len;
1705 session->ticket_lifetime = 86401;
1706#else
1707 (void) ticket_len;
1708#endif
1709
1710#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1711 session->mfl_code = 1;
1712#endif
1713#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1714 session->encrypt_then_mac = 1;
1715#endif
1716
1717 return 0;
1718}
1719
1720#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1721int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
1722 int ticket_len,
1723 int endpoint_type)
1724{
1725 ((void) ticket_len);
1726 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
1727 session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ?
1728 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER;
1729 session->ciphersuite = 0xabcd;
1730 session->ticket_age_add = 0x87654321;
1731 session->ticket_flags = 0x7;
1732
1733 session->resumption_key_len = 32;
1734 memset(session->resumption_key, 0x99, sizeof(session->resumption_key));
1735
1736#if defined(MBEDTLS_HAVE_TIME)
1737 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
1738 session->start = mbedtls_time(NULL) - 42;
1739 }
1740#endif
1741
1742#if defined(MBEDTLS_SSL_CLI_C)
1743 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
1744#if defined(MBEDTLS_HAVE_TIME)
1745 session->ticket_received = mbedtls_time(NULL) - 40;
1746#endif
1747 session->ticket_lifetime = 0xfedcba98;
1748
1749 session->ticket_len = ticket_len;
1750 if (ticket_len != 0) {
1751 session->ticket = mbedtls_calloc(1, ticket_len);
1752 if (session->ticket == NULL) {
1753 return -1;
1754 }
1755 memset(session->ticket, 33, ticket_len);
1756 }
1757 }
1758#endif /* MBEDTLS_SSL_CLI_C */
1759
1760 return 0;
1761}
1762#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1763
1764/*
1765 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1766 * message was sent in the correct number of fragments.
1767 *
1768 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1769 * of them must be initialized and connected
1770 * beforehand.
1771 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1772 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1773 * fragments the message should be sent.
1774 * expected_fragments is 0: can be used for DTLS testing while the message
1775 * size is larger than MFL. In that case the message
1776 * cannot be fragmented and sent to the second
1777 * endpoint.
1778 * This value can be used for negative tests.
1779 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1780 * message size is below MFL
1781 * expected_fragments > 1: can be used for TLS testing while the message
1782 * size is larger than MFL
1783 *
1784 * \retval 0 on success, otherwise error code.
1785 */
1786int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
1787 int msg_len_1, const int expected_fragments_1,
1788 mbedtls_ssl_context *ssl_2,
1789 int msg_len_2, const int expected_fragments_2)
1790{
1791 unsigned char *msg_buf_1 = malloc(msg_len_1);
1792 unsigned char *msg_buf_2 = malloc(msg_len_2);
1793 unsigned char *in_buf_1 = malloc(msg_len_2);
1794 unsigned char *in_buf_2 = malloc(msg_len_1);
1795 int msg_type, ret = -1;
1796
1797 /* Perform this test with two message types. At first use a message
1798 * consisting of only 0x00 for the client and only 0xFF for the server.
1799 * At the second time use message with generated data */
1800 for (msg_type = 0; msg_type < 2; msg_type++) {
1801 int written_1 = 0;
1802 int written_2 = 0;
1803 int read_1 = 0;
1804 int read_2 = 0;
1805 int fragments_1 = 0;
1806 int fragments_2 = 0;
1807
1808 if (msg_type == 0) {
1809 memset(msg_buf_1, 0x00, msg_len_1);
1810 memset(msg_buf_2, 0xff, msg_len_2);
1811 } else {
1812 int i, j = 0;
1813 for (i = 0; i < msg_len_1; i++) {
1814 msg_buf_1[i] = j++ & 0xFF;
1815 }
1816 for (i = 0; i < msg_len_2; i++) {
1817 msg_buf_2[i] = (j -= 5) & 0xFF;
1818 }
1819 }
1820
1821 while (read_1 < msg_len_2 || read_2 < msg_len_1) {
1822 /* ssl_1 sending */
1823 if (msg_len_1 > written_1) {
1824 ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1,
1825 msg_len_1, &written_1,
1826 expected_fragments_1);
1827 if (expected_fragments_1 == 0) {
1828 /* This error is expected when the message is too large and
1829 * cannot be fragmented */
1830 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
1831 msg_len_1 = 0;
1832 } else {
1833 TEST_ASSERT(ret == 0);
1834 }
1835 }
1836
1837 /* ssl_2 sending */
1838 if (msg_len_2 > written_2) {
1839 ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2,
1840 msg_len_2, &written_2,
1841 expected_fragments_2);
1842 if (expected_fragments_2 == 0) {
1843 /* This error is expected when the message is too large and
1844 * cannot be fragmented */
1845 TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
1846 msg_len_2 = 0;
1847 } else {
1848 TEST_ASSERT(ret == 0);
1849 }
1850 }
1851
1852 /* ssl_1 reading */
1853 if (read_1 < msg_len_2) {
1854 ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1,
1855 msg_len_2, &read_1,
1856 &fragments_2,
1857 expected_fragments_2);
1858 TEST_ASSERT(ret == 0);
1859 }
1860
1861 /* ssl_2 reading */
1862 if (read_2 < msg_len_1) {
1863 ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2,
1864 msg_len_1, &read_2,
1865 &fragments_1,
1866 expected_fragments_1);
1867 TEST_ASSERT(ret == 0);
1868 }
1869 }
1870
1871 ret = -1;
1872 TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
1873 TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
1874 TEST_ASSERT(fragments_1 == expected_fragments_1);
1875 TEST_ASSERT(fragments_2 == expected_fragments_2);
1876 }
1877
1878 ret = 0;
1879
1880exit:
1881 free(msg_buf_1);
1882 free(in_buf_1);
1883 free(msg_buf_2);
1884 free(in_buf_2);
1885
1886 return ret;
1887}
1888
1889/*
1890 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1891 * must be initialized and connected beforehand.
1892 *
1893 * \retval 0 on success, otherwise error code.
1894 */
1895int exchange_data(mbedtls_ssl_context *ssl_1,
1896 mbedtls_ssl_context *ssl_2)
1897{
1898 return mbedtls_exchange_data(ssl_1, 256, 1,
1899 ssl_2, 256, 1);
1900}
1901
1902#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1903static int check_ssl_version(
1904 mbedtls_ssl_protocol_version expected_negotiated_version,
1905 const mbedtls_ssl_context *ssl)
1906{
1907 const char *version_string = mbedtls_ssl_get_version(ssl);
1908 mbedtls_ssl_protocol_version version_number =
1909 mbedtls_ssl_get_version_number(ssl);
1910
1911 TEST_EQUAL(ssl->tls_version, expected_negotiated_version);
1912
1913 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1914 TEST_EQUAL(version_string[0], 'D');
1915 ++version_string;
1916 }
1917
1918 switch (expected_negotiated_version) {
1919 case MBEDTLS_SSL_VERSION_TLS1_2:
1920 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2);
1921 TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0);
1922 break;
1923
1924 case MBEDTLS_SSL_VERSION_TLS1_3:
1925 TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3);
1926 TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0);
1927 break;
1928
1929 default:
1930 TEST_ASSERT(
1931 !"Version check not implemented for this protocol version");
1932 }
1933
1934 return 1;
1935
1936exit:
1937 return 0;
1938}
1939#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1940
1941
1942#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1943void mbedtls_test_ssl_perform_handshake(
1944 mbedtls_test_handshake_test_options *options)
1945{
1946 /* forced_ciphersuite needs to last until the end of the handshake */
1947 int forced_ciphersuite[2];
1948 enum { BUFFSIZE = 17000 };
1949 mbedtls_test_ssl_endpoint client, server;
1950#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1951 const char *psk_identity = "foo";
1952#endif
1953#if defined(MBEDTLS_TIMING_C)
1954 mbedtls_timing_delay_context timer_client, timer_server;
1955#endif
1956#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1957 unsigned char *context_buf = NULL;
1958 size_t context_buf_len;
1959#endif
1960#if defined(MBEDTLS_SSL_RENEGOTIATION)
1961 int ret = -1;
1962#endif
1963 int expected_handshake_result = options->expected_handshake_result;
1964
1965 USE_PSA_INIT();
1966 mbedtls_platform_zeroize(&client, sizeof(client));
1967 mbedtls_platform_zeroize(&server, sizeof(server));
1968 mbedtls_test_ssl_message_queue server_queue, client_queue;
1969 mbedtls_test_message_socket_context server_context, client_context;
1970 mbedtls_test_message_socket_init(&server_context);
1971 mbedtls_test_message_socket_init(&client_context);
1972
1973 /* Client side */
1974 if (options->dtls != 0) {
1975 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
1976 MBEDTLS_SSL_IS_CLIENT,
1977 options, &client_context,
1978 &client_queue,
1979 &server_queue, NULL) == 0);
1980#if defined(MBEDTLS_TIMING_C)
1981 mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
1982 mbedtls_timing_set_delay,
1983 mbedtls_timing_get_delay);
1984#endif
1985 } else {
1986 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
1987 MBEDTLS_SSL_IS_CLIENT,
1988 options, NULL, NULL,
1989 NULL, NULL) == 0);
1990 }
1991
1992 if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
1993 mbedtls_ssl_conf_min_tls_version(&client.conf,
1994 options->client_min_version);
1995 }
1996
1997 if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
1998 mbedtls_ssl_conf_max_tls_version(&client.conf,
1999 options->client_max_version);
2000 }
2001
2002 if (strlen(options->cipher) > 0) {
2003 set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
2004 }
2005
2006#if defined(MBEDTLS_DEBUG_C)
2007 if (options->cli_log_fun) {
2008 mbedtls_debug_set_threshold(4);
2009 mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
2010 options->cli_log_obj);
2011 }
2012#endif
2013
2014 /* Server side */
2015 if (options->dtls != 0) {
2016 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
2017 MBEDTLS_SSL_IS_SERVER,
2018 options, &server_context,
2019 &server_queue,
2020 &client_queue, NULL) == 0);
2021#if defined(MBEDTLS_TIMING_C)
2022 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
2023 mbedtls_timing_set_delay,
2024 mbedtls_timing_get_delay);
2025#endif
2026 } else {
2027 TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
2028 MBEDTLS_SSL_IS_SERVER,
2029 options, NULL, NULL, NULL,
2030 NULL) == 0);
2031 }
2032
2033 mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
2034
2035 if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
2036 mbedtls_ssl_conf_min_tls_version(&server.conf,
2037 options->server_min_version);
2038 }
2039
2040 if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
2041 mbedtls_ssl_conf_max_tls_version(&server.conf,
2042 options->server_max_version);
2043 }
2044
2045#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2046 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
2047 (unsigned char) options->mfl)
2048 == 0);
2049 TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
2050 (unsigned char) options->mfl)
2051 == 0);
2052#else
2053 TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
2054#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2055
2056#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
2057 if (options->psk_str != NULL && options->psk_str->len > 0) {
2058 TEST_ASSERT(mbedtls_ssl_conf_psk(
2059 &client.conf, options->psk_str->x,
2060 options->psk_str->len,
2061 (const unsigned char *) psk_identity,
2062 strlen(psk_identity)) == 0);
2063
2064 TEST_ASSERT(mbedtls_ssl_conf_psk(
2065 &server.conf, options->psk_str->x,
2066 options->psk_str->len,
2067 (const unsigned char *) psk_identity,
2068 strlen(psk_identity)) == 0);
2069#if defined(MBEDTLS_SSL_SRV_C)
2070 mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
2071#endif
2072 }
2073#endif
2074#if defined(MBEDTLS_SSL_RENEGOTIATION)
2075 if (options->renegotiate) {
2076 mbedtls_ssl_conf_renegotiation(&(server.conf),
2077 MBEDTLS_SSL_RENEGOTIATION_ENABLED);
2078 mbedtls_ssl_conf_renegotiation(&(client.conf),
2079 MBEDTLS_SSL_RENEGOTIATION_ENABLED);
2080
2081 mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
2082 options->legacy_renegotiation);
2083 mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
2084 options->legacy_renegotiation);
2085 }
2086#endif /* MBEDTLS_SSL_RENEGOTIATION */
2087
2088#if defined(MBEDTLS_DEBUG_C)
2089 if (options->srv_log_fun) {
2090 mbedtls_debug_set_threshold(4);
2091 mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
2092 options->srv_log_obj);
2093 }
2094#endif
2095
2096 TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
2097 &(server.socket),
2098 BUFFSIZE) == 0);
2099
2100#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2101 if (options->resize_buffers != 0) {
2102 /* Ensure that the buffer sizes are appropriate before resizes */
2103 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2104 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2105 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2106 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2107 }
2108#endif
2109
2110 if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) {
2111 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
2112 }
2113
2114 TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl),
2115 &(server.ssl),
2116 MBEDTLS_SSL_HANDSHAKE_OVER)
2117 == expected_handshake_result);
2118
2119 if (expected_handshake_result != 0) {
2120 /* Connection will have failed by this point, skip to cleanup */
2121 goto exit;
2122 }
2123
2124 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1);
2125
2126 /* Make sure server state is moved to HANDSHAKE_OVER also. */
2127 TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl),
2128 &(client.ssl),
2129 MBEDTLS_SSL_HANDSHAKE_OVER),
2130 0);
2131
2132 TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1);
2133 /* Check that both sides have negotiated the expected version. */
2134 mbedtls_test_set_step(0);
2135 if (!check_ssl_version(options->expected_negotiated_version,
2136 &client.ssl)) {
2137 goto exit;
2138 }
2139
2140 mbedtls_test_set_step(1);
2141 if (!check_ssl_version(options->expected_negotiated_version,
2142 &server.ssl)) {
2143 goto exit;
2144 }
2145
2146 if (options->expected_ciphersuite != 0) {
2147 TEST_EQUAL(server.ssl.session->ciphersuite,
2148 options->expected_ciphersuite);
2149 }
2150
2151#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2152 if (options->resize_buffers != 0) {
2153 /* A server, when using DTLS, might delay a buffer resize to happen
2154 * after it receives a message, so we force it. */
2155 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
2156
2157 TEST_ASSERT(client.ssl.out_buf_len ==
2158 mbedtls_ssl_get_output_buflen(&client.ssl));
2159 TEST_ASSERT(client.ssl.in_buf_len ==
2160 mbedtls_ssl_get_input_buflen(&client.ssl));
2161 TEST_ASSERT(server.ssl.out_buf_len ==
2162 mbedtls_ssl_get_output_buflen(&server.ssl));
2163 TEST_ASSERT(server.ssl.in_buf_len ==
2164 mbedtls_ssl_get_input_buflen(&server.ssl));
2165 }
2166#endif
2167
2168 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
2169 /* Start data exchanging test */
2170 TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len,
2171 options->expected_cli_fragments,
2172 &(server.ssl), options->srv_msg_len,
2173 options->expected_srv_fragments)
2174 == 0);
2175 }
2176#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2177 if (options->serialize == 1) {
2178 TEST_ASSERT(options->dtls == 1);
2179
2180 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
2181 0, &context_buf_len)
2182 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
2183
2184 context_buf = mbedtls_calloc(1, context_buf_len);
2185 TEST_ASSERT(context_buf != NULL);
2186
2187 TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
2188 context_buf_len,
2189 &context_buf_len)
2190 == 0);
2191
2192 mbedtls_ssl_free(&(server.ssl));
2193 mbedtls_ssl_init(&(server.ssl));
2194
2195 TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
2196
2197 mbedtls_ssl_set_bio(&(server.ssl), &server_context,
2198 mbedtls_test_mock_tcp_send_msg,
2199 mbedtls_test_mock_tcp_recv_msg,
2200 NULL);
2201
2202 mbedtls_ssl_set_user_data_p(&server.ssl, &server);
2203
2204#if defined(MBEDTLS_TIMING_C)
2205 mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
2206 mbedtls_timing_set_delay,
2207 mbedtls_timing_get_delay);
2208#endif
2209#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2210 if (options->resize_buffers != 0) {
2211 /* Ensure that the buffer sizes are appropriate before resizes */
2212 TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2213 TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2214 }
2215#endif
2216 TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
2217 context_buf_len) == 0);
2218
2219#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2220 /* Validate buffer sizes after context deserialization */
2221 if (options->resize_buffers != 0) {
2222 TEST_ASSERT(server.ssl.out_buf_len ==
2223 mbedtls_ssl_get_output_buflen(&server.ssl));
2224 TEST_ASSERT(server.ssl.in_buf_len ==
2225 mbedtls_ssl_get_input_buflen(&server.ssl));
2226 }
2227#endif
2228 /* Retest writing/reading */
2229 if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
2230 TEST_ASSERT(mbedtls_exchange_data(
2231 &(client.ssl),
2232 options->cli_msg_len,
2233 options->expected_cli_fragments,
2234 &(server.ssl),
2235 options->srv_msg_len,
2236 options->expected_srv_fragments)
2237 == 0);
2238 }
2239 }
2240#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2241
2242#if defined(MBEDTLS_SSL_RENEGOTIATION)
2243 if (options->renegotiate) {
2244 /* Start test with renegotiation */
2245 TEST_ASSERT(server.ssl.renego_status ==
2246 MBEDTLS_SSL_INITIAL_HANDSHAKE);
2247 TEST_ASSERT(client.ssl.renego_status ==
2248 MBEDTLS_SSL_INITIAL_HANDSHAKE);
2249
2250 /* After calling this function for the server, it only sends a handshake
2251 * request. All renegotiation should happen during data exchanging */
2252 TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
2253 TEST_ASSERT(server.ssl.renego_status ==
2254 MBEDTLS_SSL_RENEGOTIATION_PENDING);
2255 TEST_ASSERT(client.ssl.renego_status ==
2256 MBEDTLS_SSL_INITIAL_HANDSHAKE);
2257
2258 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
2259 TEST_ASSERT(server.ssl.renego_status ==
2260 MBEDTLS_SSL_RENEGOTIATION_DONE);
2261 TEST_ASSERT(client.ssl.renego_status ==
2262 MBEDTLS_SSL_RENEGOTIATION_DONE);
2263
2264 /* After calling mbedtls_ssl_renegotiate for the client,
2265 * all renegotiation should happen inside this function.
2266 * However in this test, we cannot perform simultaneous communication
2267 * between client and server so this function will return waiting error
2268 * on the socket. All rest of renegotiation should happen
2269 * during data exchanging */
2270 ret = mbedtls_ssl_renegotiate(&(client.ssl));
2271#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2272 if (options->resize_buffers != 0) {
2273 /* Ensure that the buffer sizes are appropriate before resizes */
2274 TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
2275 TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
2276 }
2277#endif
2278 TEST_ASSERT(ret == 0 ||
2279 ret == MBEDTLS_ERR_SSL_WANT_READ ||
2280 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
2281 TEST_ASSERT(server.ssl.renego_status ==
2282 MBEDTLS_SSL_RENEGOTIATION_DONE);
2283 TEST_ASSERT(client.ssl.renego_status ==
2284 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
2285
2286 TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
2287 TEST_ASSERT(server.ssl.renego_status ==
2288 MBEDTLS_SSL_RENEGOTIATION_DONE);
2289 TEST_ASSERT(client.ssl.renego_status ==
2290 MBEDTLS_SSL_RENEGOTIATION_DONE);
2291#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2292 /* Validate buffer sizes after renegotiation */
2293 if (options->resize_buffers != 0) {
2294 TEST_ASSERT(client.ssl.out_buf_len ==
2295 mbedtls_ssl_get_output_buflen(&client.ssl));
2296 TEST_ASSERT(client.ssl.in_buf_len ==
2297 mbedtls_ssl_get_input_buflen(&client.ssl));
2298 TEST_ASSERT(server.ssl.out_buf_len ==
2299 mbedtls_ssl_get_output_buflen(&server.ssl));
2300 TEST_ASSERT(server.ssl.in_buf_len ==
2301 mbedtls_ssl_get_input_buflen(&server.ssl));
2302 }
2303#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
2304 }
2305#endif /* MBEDTLS_SSL_RENEGOTIATION */
2306
2307 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client);
2308 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client);
2309 TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server);
2310 TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server);
2311
2312exit:
2313 mbedtls_test_ssl_endpoint_free(&client,
2314 options->dtls != 0 ?
2315 &client_context : NULL);
2316 mbedtls_test_ssl_endpoint_free(&server,
2317 options->dtls != 0 ?
2318 &server_context : NULL);
2319#if defined(MBEDTLS_DEBUG_C)
2320 if (options->cli_log_fun || options->srv_log_fun) {
2321 mbedtls_debug_set_threshold(0);
2322 }
2323#endif
2324#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2325 if (context_buf != NULL) {
2326 mbedtls_free(context_buf);
2327 }
2328#endif
2329 USE_PSA_DONE();
2330}
2331#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2332
2333#if defined(MBEDTLS_TEST_HOOKS)
2334/*
2335 * Tweak vector lengths in a TLS 1.3 Certificate message
2336 *
2337 * \param[in] buf Buffer containing the Certificate message to tweak
2338 * \param[in]]out] end End of the buffer to parse
2339 * \param tweak Tweak identifier (from 1 to the number of tweaks).
2340 * \param[out] expected_result Error code expected from the parsing function
2341 * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that
2342 * is expected to fail. All zeroes if no
2343 * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected.
2344 */
2345int tweak_tls13_certificate_msg_vector_len(
2346 unsigned char *buf, unsigned char **end, int tweak,
2347 int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args)
2348{
2349/*
2350 * The definition of the tweaks assume that the certificate list contains only
2351 * one certificate.
2352 */
2353
2354/*
2355 * struct {
2356 * opaque cert_data<1..2^24-1>;
2357 * Extension extensions<0..2^16-1>;
2358 * } CertificateEntry;
2359 *
2360 * struct {
2361 * opaque certificate_request_context<0..2^8-1>;
2362 * CertificateEntry certificate_list<0..2^24-1>;
2363 * } Certificate;
2364 */
2365 unsigned char *p_certificate_request_context_len = buf;
2366 size_t certificate_request_context_len = buf[0];
2367
2368 unsigned char *p_certificate_list_len =
2369 buf + 1 + certificate_request_context_len;
2370 unsigned char *certificate_list = p_certificate_list_len + 3;
2371 size_t certificate_list_len =
2372 MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0);
2373
2374 unsigned char *p_cert_data_len = certificate_list;
2375 unsigned char *cert_data = p_cert_data_len + 3;
2376 size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0);
2377
2378 unsigned char *p_extensions_len = cert_data + cert_data_len;
2379 unsigned char *extensions = p_extensions_len + 2;
2380 size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0);
2381
2382 *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR;
2383
2384 switch (tweak) {
2385 case 1:
2386 /* Failure when checking if the certificate request context length
2387 * and certificate list length can be read
2388 */
2389 *end = buf + 3;
2390 set_chk_buf_ptr_args(args, buf, *end, 4);
2391 break;
2392
2393 case 2:
2394 /* Invalid certificate request context length.
2395 */
2396 *p_certificate_request_context_len =
2397 certificate_request_context_len + 1;
2398 reset_chk_buf_ptr_args(args);
2399 break;
2400
2401 case 3:
2402 /* Failure when checking if certificate_list data can be read. */
2403 MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1,
2404 p_certificate_list_len, 0);
2405 set_chk_buf_ptr_args(args, certificate_list, *end,
2406 certificate_list_len + 1);
2407 break;
2408
2409 case 4:
2410 /* Failure when checking if the cert_data length can be read. */
2411 MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0);
2412 set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3);
2413 break;
2414
2415 case 5:
2416 /* Failure when checking if cert_data data can be read. */
2417 MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1,
2418 p_cert_data_len, 0);
2419 set_chk_buf_ptr_args(args, cert_data,
2420 certificate_list + certificate_list_len,
2421 certificate_list_len - 3 + 1);
2422 break;
2423
2424 case 6:
2425 /* Failure when checking if the extensions length can be read. */
2426 MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1,
2427 p_certificate_list_len, 0);
2428 set_chk_buf_ptr_args(
2429 args, p_extensions_len,
2430 certificate_list + certificate_list_len - extensions_len - 1, 2);
2431 break;
2432
2433 case 7:
2434 /* Failure when checking if extensions data can be read. */
2435 MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0);
2436
2437 set_chk_buf_ptr_args(
2438 args, extensions,
2439 certificate_list + certificate_list_len, extensions_len + 1);
2440 break;
2441
2442 default:
2443 return -1;
2444 }
2445
2446 return 0;
2447}
2448#endif /* MBEDTLS_TEST_HOOKS */