TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6264e66ba4a8cbc74c468fd33b3666753c76b92e / . / tests / suites / test_suite_ssl.function
blob: ea81a8b3c5ed25d6e2d60698d5814561d33d025f [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]4
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame^]5
6/*
7 * Buffer structure for custom I/O callbacks.
8 */
9
10typedef struct mbedtls_test_buffer
11{
12 size_t start;
13 size_t content_length;
14 size_t capacity;
15 unsigned char *buffer;
16} mbedtls_test_buffer;
17
18/*
19 * Initialises \p buf. After calling this function it is safe to call
20 * `mbedtls_test_buffer_free()` on \p buf.
21 */
22void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
23{
24 memset( buf, 0, sizeof( *buf ) );
25}
26
27/*
28 * Sets up \p buf. After calling this function it is safe to call
29 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
30 */
31int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
32{
33 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
34 sizeof(unsigned char) );
35 if( NULL == buf->buffer )
36 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
37 buf->capacity = capacity;
38
39 return 0;
40}
41
42void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
43{
44 if( buf->buffer != NULL )
45 mbedtls_free( buf->buffer );
46
47 memset( buf, 0, sizeof( *buf ) );
48}
49
50/*
51 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
52 *
53 * \p buf must have been initialized and set up by calling
54 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
55 *
56 * \retval \p input_len, if the data fits.
57 * \retval 0 <= value < \p input_len, if the data does not fit.
58 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
59 * zero and \p input is NULL.
60 */
61int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
62 const unsigned char* input, size_t input_len )
63{
64 size_t overflow = 0;
65
66 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
67 return -1;
68
69 /* Reduce input_len to a number that fits in the buffer. */
70 if ( ( buf->content_length + input_len ) > buf->capacity )
71 {
72 input_len = buf->capacity - buf->content_length;
73 }
74
75 if( input == NULL )
76 {
77 return ( input_len == 0 ) ? 0 : -1;
78 }
79
80 /* Calculate the number of bytes that need to be placed at lower memory
81 * address */
82 if( buf->start + buf->content_length + input_len
83 > buf->capacity )
84 {
85 overflow = ( buf->start + buf->content_length + input_len )
86 % buf->capacity;
87 }
88
89 memcpy( buf->buffer + buf->start + buf->content_length, input,
90 input_len - overflow );
91 memcpy( buf->buffer, input + input_len - overflow, overflow );
92 buf->content_length += input_len;
93
94 return input_len;
95}
96
97/*
98 * Gets \p output_len bytes from the \p output buffer into the ring buffer
99 * \p buf.
100 *
101 * \p buf must have been initialized and set up by calling
102 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
103 *
104 * \retval \p output_len, if the data is available.
105 * \retval 0 <= value < \p output_len, if the data is not available.
106 * \retval -1, if \buf is NULL, it hasn't been set up or \p output_len is not
107 * zero and \p output is NULL
108 */
109int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
110 unsigned char* output, size_t output_len )
111{
112 size_t overflow = 0;
113
114 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
115 return -1;
116
117 if( output == NULL )
118 {
119 return ( output_len == 0 ) ? 0 : -1;
120 }
121
122 if( buf->content_length < output_len )
123 output_len = buf->content_length;
124
125 /* Calculate the number of bytes that need to be drawn from lower memory
126 * address */
127 if( buf->start + output_len > buf->capacity )
128 {
129 overflow = ( buf->start + output_len ) % buf->capacity;
130 }
131
132 memcpy( output, buf->buffer + buf->start, output_len - overflow );
133 memcpy( output + output_len - overflow, buf->buffer, overflow );
134 buf->content_length -= output_len;
135 buf->start = ( buf->start + output_len ) % buf->capacity;
136
137 return output_len;
138}
139
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]140/*
141 * Helper function setting up inverse record transformations
142 * using given cipher, hash, EtM mode, authentication tag length,
143 * and version.
144 */
145
146#define CHK( x ) \
147 do \
148 { \
149 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]150 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]151 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]152 goto cleanup; \
153 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]154 } while( 0 )
155
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]156#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
157#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
158#else
159#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
160#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]161
162static int build_transforms( mbedtls_ssl_transform *t_in,
163 mbedtls_ssl_transform *t_out,
164 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]165 int etm, int tag_mode, int ver,
166 size_t cid0_len,
167 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]168{
169 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]170 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]171
172 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]173 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]174 unsigned char iv_enc[16], iv_dec[16];
175
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]176#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]177 unsigned char cid0[ SSL_CID_LEN_MIN ];
178 unsigned char cid1[ SSL_CID_LEN_MIN ];
179
180 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
181 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]182#else
183 ((void) cid0_len);
184 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]185#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]186
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]187 maclen = 0;
188
189 /* Pick cipher */
190 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
191 CHK( cipher_info != NULL );
192 CHK( cipher_info->iv_size <= 16 );
193 CHK( cipher_info->key_bitlen % 8 == 0 );
194
195 /* Pick keys */
196 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]197 /* Allocate `keylen + 1` bytes to ensure that we get
198 * a non-NULL pointers from `mbedtls_calloc` even if
199 * `keylen == 0` in the case of the NULL cipher. */
200 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
201 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]202 memset( key0, 0x1, keylen );
203 memset( key1, 0x2, keylen );
204
205 /* Setup cipher contexts */
206 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
207 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
208 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
209 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
210
211#if defined(MBEDTLS_CIPHER_MODE_CBC)
212 if( cipher_info->mode == MBEDTLS_MODE_CBC )
213 {
214 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
215 MBEDTLS_PADDING_NONE ) == 0 );
216 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
217 MBEDTLS_PADDING_NONE ) == 0 );
218 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
219 MBEDTLS_PADDING_NONE ) == 0 );
220 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
221 MBEDTLS_PADDING_NONE ) == 0 );
222 }
223#endif /* MBEDTLS_CIPHER_MODE_CBC */
224
225 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
226 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
227 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
228 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
229 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
230 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
231 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
232 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]233
234 /* Setup MAC contexts */
235#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
236 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
237 cipher_info->mode == MBEDTLS_MODE_STREAM )
238 {
239 mbedtls_md_info_t const *md_info;
240 unsigned char *md0, *md1;
241
242 /* Pick hash */
243 md_info = mbedtls_md_info_from_type( hash_id );
244 CHK( md_info != NULL );
245
246 /* Pick hash keys */
247 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]248 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
249 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]250 memset( md0, 0x5, maclen );
251 memset( md1, 0x6, maclen );
252
253 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
254 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
255 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
256 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
257
258 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
259 {
260 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
261 md0, maclen ) == 0 );
262 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
263 md1, maclen ) == 0 );
264 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
265 md1, maclen ) == 0 );
266 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
267 md0, maclen ) == 0 );
268 }
269#if defined(MBEDTLS_SSL_PROTO_SSL3)
270 else
271 {
272 memcpy( &t_in->mac_enc, md0, maclen );
273 memcpy( &t_in->mac_dec, md1, maclen );
274 memcpy( &t_out->mac_enc, md1, maclen );
275 memcpy( &t_out->mac_dec, md0, maclen );
276 }
277#endif
278
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]279 mbedtls_free( md0 );
280 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]281 }
282#else
283 ((void) hash_id);
284#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
285
286
287 /* Pick IV's (regardless of whether they
288 * are being used by the transform). */
289 ivlen = cipher_info->iv_size;
290 memset( iv_enc, 0x3, sizeof( iv_enc ) );
291 memset( iv_dec, 0x4, sizeof( iv_dec ) );
292
293 /*
294 * Setup transforms
295 */
296
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]297#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
298 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]299 t_out->encrypt_then_mac = etm;
300 t_in->encrypt_then_mac = etm;
301#else
302 ((void) etm);
303#endif
304
305 t_out->minor_ver = ver;
306 t_in->minor_ver = ver;
307 t_out->ivlen = ivlen;
308 t_in->ivlen = ivlen;
309
310 switch( cipher_info->mode )
311 {
312 case MBEDTLS_MODE_GCM:
313 case MBEDTLS_MODE_CCM:
314 t_out->fixed_ivlen = 4;
315 t_in->fixed_ivlen = 4;
316 t_out->maclen = 0;
317 t_in->maclen = 0;
318 switch( tag_mode )
319 {
320 case 0: /* Full tag */
321 t_out->taglen = 16;
322 t_in->taglen = 16;
323 break;
324 case 1: /* Partial tag */
325 t_out->taglen = 8;
326 t_in->taglen = 8;
327 break;
328 default:
329 return( 1 );
330 }
331 break;
332
333 case MBEDTLS_MODE_CHACHAPOLY:
334 t_out->fixed_ivlen = 12;
335 t_in->fixed_ivlen = 12;
336 t_out->maclen = 0;
337 t_in->maclen = 0;
338 switch( tag_mode )
339 {
340 case 0: /* Full tag */
341 t_out->taglen = 16;
342 t_in->taglen = 16;
343 break;
344 case 1: /* Partial tag */
345 t_out->taglen = 8;
346 t_in->taglen = 8;
347 break;
348 default:
349 return( 1 );
350 }
351 break;
352
353 case MBEDTLS_MODE_STREAM:
354 case MBEDTLS_MODE_CBC:
355 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
356 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
357 t_out->taglen = 0;
358 t_in->taglen = 0;
359 switch( tag_mode )
360 {
361 case 0: /* Full tag */
362 t_out->maclen = maclen;
363 t_in->maclen = maclen;
364 break;
365 case 1: /* Partial tag */
366 t_out->maclen = 10;
367 t_in->maclen = 10;
368 break;
369 default:
370 return( 1 );
371 }
372 break;
373 default:
374 return( 1 );
375 break;
376 }
377
378 /* Setup IV's */
379
380 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
381 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
382 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
383 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
384
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]385#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]386 /* Add CID */
387 memcpy( &t_in->in_cid, cid0, cid0_len );
388 memcpy( &t_in->out_cid, cid1, cid1_len );
389 t_in->in_cid_len = cid0_len;
390 t_in->out_cid_len = cid1_len;
391 memcpy( &t_out->in_cid, cid1, cid1_len );
392 memcpy( &t_out->out_cid, cid0, cid0_len );
393 t_out->in_cid_len = cid1_len;
394 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]395#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]396
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]397cleanup:
398
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]399 mbedtls_free( key0 );
400 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]401
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]402 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]403}
404
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]405/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]406 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]407 * Choose dummy values, mostly non-0 to distinguish from the init default.
408 */
409static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]410 int ticket_len,
411 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]412{
413#if defined(MBEDTLS_HAVE_TIME)
414 session->start = mbedtls_time( NULL ) - 42;
415#endif
416 session->ciphersuite = 0xabcd;
417 session->compression = 1;
418 session->id_len = sizeof( session->id );
419 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]420 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]421
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]422#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]423 if( strlen( crt_file ) != 0 )
424 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]425 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]426 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]427
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]428 mbedtls_x509_crt_init( &tmp_crt );
429 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
430 if( ret != 0 )
431 return( ret );
432
433#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
434 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]435 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
436 if( session->peer_cert == NULL )
437 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]438 *session->peer_cert = tmp_crt;
439 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
440#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
441 /* Calculate digest of temporary CRT. */
442 session->peer_cert_digest =
443 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
444 if( session->peer_cert_digest == NULL )
445 return( -1 );
446 ret = mbedtls_md( mbedtls_md_info_from_type(
447 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
448 tmp_crt.raw.p, tmp_crt.raw.len,
449 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]450 if( ret != 0 )
451 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]452 session->peer_cert_digest_type =
453 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
454 session->peer_cert_digest_len =
455 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
456#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
457
458 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]459 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]460#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]461 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]462#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]463 session->verify_result = 0xdeadbeef;
464
465#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
466 if( ticket_len != 0 )
467 {
468 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]469 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]470 return( -1 );
471 memset( session->ticket, 33, ticket_len );
472 }
473 session->ticket_len = ticket_len;
474 session->ticket_lifetime = 86401;
475#else
476 (void) ticket_len;
477#endif
478
479#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
480 session->mfl_code = 1;
481#endif
482#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
483 session->trunc_hmac = 1;
484#endif
485#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
486 session->encrypt_then_mac = 1;
487#endif
488
489 return( 0 );
490}
491
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]492/* END_HEADER */
493
494/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]495 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]496 * END_DEPENDENCIES
497 */
498
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame^]499/* BEGIN_CASE */
500void test_callback_buffer_sanity()
501{
502 enum { MSGLEN = 10 };
503 mbedtls_test_buffer buf;
504 unsigned char input[MSGLEN];
505 unsigned char output[MSGLEN];
506
507 memset( input, 0, sizeof(input) );
508
509 /* Make sure calling put and get on NULL buffer results in error. */
510 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
511 == -1 );
512 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
513 == -1 );
514 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
515 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, sizeof( output ) )
516 == -1 );
517 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
518 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
519
520 /* Make sure calling put and get on a buffer that hasn't been set up results
521 * in eror. */
522 mbedtls_test_buffer_init( &buf );
523
524 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
525 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
526 == -1 );
527 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
528 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
529 == -1 );
530 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
531 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
532
533 /* Make sure calling put end get on NULL input and output only results in
534 * error if the length is not zero. */
535
536 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
537
538 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
539 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
540 == -1 );
541 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
542 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
543
544exit:
545
546 mbedtls_test_buffer_free( &buf );
547}
548/* END_CASE */
549
550/*
551 * Test if the implementation of `mbedtls_test_buffer` related functions is
552 * correct and works as expected.
553 *
554 * That is
555 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
556 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
557 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
558 * bytes.
559 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
560 * - All of the bytes we got match the bytes we put in in a FIFO manner.
561 */
562
563/* BEGIN_CASE */
564void test_callback_buffer( int size, int put1, int put1_ret,
565 int get1, int get1_ret, int put2, int put2_ret,
566 int get2, int get2_ret )
567{
568 enum { ROUNDS = 2 };
569 size_t put[ROUNDS];
570 int put_ret[ROUNDS];
571 size_t get[ROUNDS];
572 int get_ret[ROUNDS];
573 mbedtls_test_buffer buf;
574 unsigned char* input = NULL;
575 size_t input_len;
576 unsigned char* output = NULL;
577 size_t output_len;
578 size_t i, written, read;
579 int j;
580
581 mbedtls_test_buffer_init( &buf );
582 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
583
584 /* Check the sanity of input parameters and initialise local variables. That
585 * is, ensure that the amount of data is not negative and that we are not
586 * expecting more to put or get than we actually asked for. */
587 TEST_ASSERT( put1 >= 0 );
588 put[0] = put1;
589 put_ret[0] = put1_ret;
590 TEST_ASSERT( put1_ret <= put1 );
591 TEST_ASSERT( put2 >= 0 );
592 put[1] = put2;
593 put_ret[1] = put2_ret;
594 TEST_ASSERT( put2_ret <= put2 );
595
596 TEST_ASSERT( get1 >= 0 );
597 get[0] = get1;
598 get_ret[0] = get1_ret;
599 TEST_ASSERT( get1_ret <= get1 );
600 TEST_ASSERT( get2 >= 0 );
601 get[1] = get2;
602 get_ret[1] = get2_ret;
603 TEST_ASSERT( get2_ret <= get2 );
604
605 input_len = 0;
606 /* Calculate actual input and output lengths */
607 for( j = 0; j < ROUNDS; j++ )
608 {
609 if( put_ret[j] > 0 )
610 {
611 input_len += put_ret[j];
612 }
613 }
614 /* In order to always have a valid pointer we always allocate at least 1
615 * byte. */
616 if( input_len == 0 )
617 input_len = 1;
618 ASSERT_ALLOC( input, input_len );
619
620 output_len = 0;
621 for( j = 0; j < ROUNDS; j++ )
622 {
623 if( get_ret[j] > 0 )
624 {
625 output_len += get_ret[j];
626 }
627 }
628 TEST_ASSERT( output_len <= input_len );
629 /* In order to always have a valid pointer we always allocate at least 1
630 * byte. */
631 if( output_len == 0 )
632 output_len = 1;
633 ASSERT_ALLOC( output, output_len );
634
635 /* Fill up the buffer with structured data so that unwanted changes
636 * can be detected */
637 for( i = 0; i < input_len; i++ )
638 {
639 input[i] = i & 0xFF;
640 }
641
642 written = read = 0;
643 for( j = 0; j < ROUNDS; j++ )
644 {
645 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
646 input + written, put[j] ) );
647 written += put_ret[j];
648 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
649 output + read, get[j] ) );
650 read += get_ret[j];
651 TEST_ASSERT( read <= written );
652 if( get_ret[j] > 0 )
653 {
654 TEST_ASSERT( memcmp( output + read - get_ret[j],
655 input + read - get_ret[j], get_ret[j] )
656 == 0 );
657 }
658 }
659
660exit:
661
662 mbedtls_free( input );
663 mbedtls_free( output );
664 mbedtls_test_buffer_free( &buf );
665}
666/* END_CASE */
667
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]668/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]669void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]670{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]671 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]672 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]673 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]674
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]675 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]676 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]677
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]678 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
679 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]680 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
681 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]682 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]683
684 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]685 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]686 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]687 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]688 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]689 }
690
691 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]692 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]693 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]694
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]695 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]696 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]697}
698/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]699
700/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
701void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
702{
703 mbedtls_ssl_context ssl;
704 mbedtls_ssl_init( &ssl );
705
706 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
707 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
708
709 mbedtls_ssl_free( &ssl );
710}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]711/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]712
713/* BEGIN_CASE */
714void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]715 int etm, int tag_mode, int ver,
716 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]717{
718 /*
719 * Test several record encryptions and decryptions
720 * with plenty of space before and after the data
721 * within the record buffer.
722 */
723
724 int ret;
725 int num_records = 16;
726 mbedtls_ssl_context ssl; /* ONLY for debugging */
727
728 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]729 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]730 size_t const buflen = 512;
731 mbedtls_record rec, rec_backup;
732
733 mbedtls_ssl_init( &ssl );
734 mbedtls_ssl_transform_init( &t0 );
735 mbedtls_ssl_transform_init( &t1 );
736 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]737 etm, tag_mode, ver,
738 (size_t) cid0_len,
739 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]740
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]741 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]742
743 while( num_records-- > 0 )
744 {
745 mbedtls_ssl_transform *t_dec, *t_enc;
746 /* Take turns in who's sending and who's receiving. */
747 if( num_records % 3 == 0 )
748 {
749 t_dec = &t0;
750 t_enc = &t1;
751 }
752 else
753 {
754 t_dec = &t1;
755 t_enc = &t0;
756 }
757
758 /*
759 * The record header affects the transformation in two ways:
760 * 1) It determines the AEAD additional data
761 * 2) The record counter sometimes determines the IV.
762 *
763 * Apart from that, the fields don't have influence.
764 * In particular, it is currently not the responsibility
765 * of ssl_encrypt/decrypt_buf to check if the transform
766 * version matches the record version, or that the
767 * type is sensible.
768 */
769
770 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
771 rec.type = 42;
772 rec.ver[0] = num_records;
773 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]774#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]775 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]776#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]777
778 rec.buf = buf;
779 rec.buf_len = buflen;
780 rec.data_offset = 16;
781 /* Make sure to vary the length to exercise different
782 * paddings. */
783 rec.data_len = 1 + num_records;
784
785 memset( rec.buf + rec.data_offset, 42, rec.data_len );
786
787 /* Make a copy for later comparison */
788 rec_backup = rec;
789
790 /* Encrypt record */
791 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
792 rnd_std_rand, NULL );
793 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
794 if( ret != 0 )
795 {
796 continue;
797 }
798
799 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]800 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
801 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]802
803 /* Compare results */
804 TEST_ASSERT( rec.type == rec_backup.type );
805 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
806 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
807 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
808 TEST_ASSERT( rec.data_len == rec_backup.data_len );
809 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
810 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
811 rec_backup.buf + rec_backup.data_offset,
812 rec.data_len ) == 0 );
813 }
814
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]815exit:
816
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]817 /* Cleanup */
818 mbedtls_ssl_free( &ssl );
819 mbedtls_ssl_transform_free( &t0 );
820 mbedtls_ssl_transform_free( &t1 );
821
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]822 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]823}
824/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]825
826/* BEGIN_CASE */
827void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]828 int etm, int tag_mode, int ver,
829 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]830{
831 /*
832 * Test pairs of encryption and decryption with an increasing
833 * amount of space in the record buffer - in more detail:
834 * 1) Try to encrypt with 0, 1, 2, ... bytes available
835 * in front of the plaintext, and expect the encryption
836 * to succeed starting from some offset. Always keep
837 * enough space in the end of the buffer.
838 * 2) Try to encrypt with 0, 1, 2, ... bytes available
839 * at the end of the plaintext, and expect the encryption
840 * to succeed starting from some offset. Always keep
841 * enough space at the beginning of the buffer.
842 * 3) Try to encrypt with 0, 1, 2, ... bytes available
843 * both at the front and end of the plaintext,
844 * and expect the encryption to succeed starting from
845 * some offset.
846 *
847 * If encryption succeeds, check that decryption succeeds
848 * and yields the original record.
849 */
850
851 mbedtls_ssl_context ssl; /* ONLY for debugging */
852
853 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]854 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]855 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]856 mbedtls_record rec, rec_backup;
857
858 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]859 int mode; /* Mode 1, 2 or 3 as explained above */
860 size_t offset; /* Available space at beginning/end/both */
861 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]862
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]863 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
864 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]865
866 int seen_success; /* Indicates if in the current mode we've
867 * already seen a successful test. */
868
869 mbedtls_ssl_init( &ssl );
870 mbedtls_ssl_transform_init( &t0 );
871 mbedtls_ssl_transform_init( &t1 );
872 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]873 etm, tag_mode, ver,
874 (size_t) cid0_len,
875 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]876
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]877 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]878
879 for( mode=1; mode <= 3; mode++ )
880 {
881 seen_success = 0;
882 for( offset=0; offset <= threshold; offset++ )
883 {
884 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]885 t_dec = &t0;
886 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]887
888 memset( rec.ctr, offset, sizeof( rec.ctr ) );
889 rec.type = 42;
890 rec.ver[0] = offset;
891 rec.ver[1] = offset;
892 rec.buf = buf;
893 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]894#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]895 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]896#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]897
898 switch( mode )
899 {
900 case 1: /* Space in the beginning */
901 rec.data_offset = offset;
902 rec.data_len = buflen - offset - default_post_padding;
903 break;
904
905 case 2: /* Space in the end */
906 rec.data_offset = default_pre_padding;
907 rec.data_len = buflen - default_pre_padding - offset;
908 break;
909
910 case 3: /* Space in the beginning and end */
911 rec.data_offset = offset;
912 rec.data_len = buflen - 2 * offset;
913 break;
914
915 default:
916 TEST_ASSERT( 0 );
917 break;
918 }
919
920 memset( rec.buf + rec.data_offset, 42, rec.data_len );
921
922 /* Make a copy for later comparison */
923 rec_backup = rec;
924
925 /* Encrypt record */
926 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
927
928 if( ( mode == 1 || mode == 2 ) && seen_success )
929 {
930 TEST_ASSERT( ret == 0 );
931 }
932 else
933 {
934 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
935 if( ret == 0 )
936 seen_success = 1;
937 }
938
939 if( ret != 0 )
940 continue;
941
942 /* Decrypt record with t_dec */
943 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
944
945 /* Compare results */
946 TEST_ASSERT( rec.type == rec_backup.type );
947 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
948 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
949 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
950 TEST_ASSERT( rec.data_len == rec_backup.data_len );
951 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
952 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
953 rec_backup.buf + rec_backup.data_offset,
954 rec.data_len ) == 0 );
955 }
956
957 TEST_ASSERT( seen_success == 1 );
958 }
959
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]960exit:
961
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]962 /* Cleanup */
963 mbedtls_ssl_free( &ssl );
964 mbedtls_ssl_transform_free( &t0 );
965 mbedtls_ssl_transform_free( &t1 );
966
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]967 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]968}
969/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]970
971/* BEGIN_CASE */
972void ssl_tls_prf( int type, data_t * secret, data_t * random,
973 char *label, data_t *result_hex_str, int exp_ret )
974{
975 unsigned char *output;
976
977 output = mbedtls_calloc( 1, result_hex_str->len );
978 if( output == NULL )
979 goto exit;
980
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]981#if defined(MBEDTLS_USE_PSA_CRYPTO)
982 TEST_ASSERT( psa_crypto_init() == 0 );
983#endif
984
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]985 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
986 label, random->x, random->len,
987 output, result_hex_str->len ) == exp_ret );
988
989 if( exp_ret == 0 )
990 {
991 TEST_ASSERT( hexcmp( output, result_hex_str->x,
992 result_hex_str->len, result_hex_str->len ) == 0 );
993 }
994exit:
995
996 mbedtls_free( output );
997}
998/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]999
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1000/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1001void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1002{
1003 mbedtls_ssl_session original, restored;
1004 unsigned char *buf = NULL;
1005 size_t len;
1006
1007 /*
1008 * Test that a save-load pair is the identity
1009 */
1010
1011 mbedtls_ssl_session_init( &original );
1012 mbedtls_ssl_session_init( &restored );
1013
1014 /* Prepare a dummy session to work on */
1015 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
1016
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1017 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1018 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
1019 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1020 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
1021 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
1022 == 0 );
1023
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1024 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1025 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
1026
1027 /*
1028 * Make sure both session structures are identical
1029 */
1030#if defined(MBEDTLS_HAVE_TIME)
1031 TEST_ASSERT( original.start == restored.start );
1032#endif
1033 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
1034 TEST_ASSERT( original.compression == restored.compression );
1035 TEST_ASSERT( original.id_len == restored.id_len );
1036 TEST_ASSERT( memcmp( original.id,
1037 restored.id, sizeof( original.id ) ) == 0 );
1038 TEST_ASSERT( memcmp( original.master,
1039 restored.master, sizeof( original.master ) ) == 0 );
1040
1041#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1042#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1043 TEST_ASSERT( ( original.peer_cert == NULL ) ==
1044 ( restored.peer_cert == NULL ) );
1045 if( original.peer_cert != NULL )
1046 {
1047 TEST_ASSERT( original.peer_cert->raw.len ==
1048 restored.peer_cert->raw.len );
1049 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
1050 restored.peer_cert->raw.p,
1051 original.peer_cert->raw.len ) == 0 );
1052 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1053#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1054 TEST_ASSERT( original.peer_cert_digest_type ==
1055 restored.peer_cert_digest_type );
1056 TEST_ASSERT( original.peer_cert_digest_len ==
1057 restored.peer_cert_digest_len );
1058 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
1059 ( restored.peer_cert_digest == NULL ) );
1060 if( original.peer_cert_digest != NULL )
1061 {
1062 TEST_ASSERT( memcmp( original.peer_cert_digest,
1063 restored.peer_cert_digest,
1064 original.peer_cert_digest_len ) == 0 );
1065 }
1066#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1067#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1068 TEST_ASSERT( original.verify_result == restored.verify_result );
1069
1070#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1071 TEST_ASSERT( original.ticket_len == restored.ticket_len );
1072 if( original.ticket_len != 0 )
1073 {
1074 TEST_ASSERT( original.ticket != NULL );
1075 TEST_ASSERT( restored.ticket != NULL );
1076 TEST_ASSERT( memcmp( original.ticket,
1077 restored.ticket, original.ticket_len ) == 0 );
1078 }
1079 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
1080#endif
1081
1082#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1083 TEST_ASSERT( original.mfl_code == restored.mfl_code );
1084#endif
1085
1086#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1087 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
1088#endif
1089
1090#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1091 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
1092#endif
1093
1094exit:
1095 mbedtls_ssl_session_free( &original );
1096 mbedtls_ssl_session_free( &restored );
1097 mbedtls_free( buf );
1098}
1099/* END_CASE */
1100
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]1101/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1102void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1103{
1104 mbedtls_ssl_session session;
1105 unsigned char *buf1 = NULL, *buf2 = NULL;
1106 size_t len0, len1, len2;
1107
1108 /*
1109 * Test that a load-save pair is the identity
1110 */
1111
1112 mbedtls_ssl_session_init( &session );
1113
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1114 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1115 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1116
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1117 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1118 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
1119 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1120
1121 /* Allocate first buffer */
1122 buf1 = mbedtls_calloc( 1, len0 );
1123 TEST_ASSERT( buf1 != NULL );
1124
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1125 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1126 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
1127 == 0 );
1128 TEST_ASSERT( len0 == len1 );
1129 mbedtls_ssl_session_free( &session );
1130
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1131 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1132 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1133
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1134 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1135 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]1136 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1137 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
1138 == 0 );
1139
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1140 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1141 TEST_ASSERT( len1 == len2 );
1142 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
1143
1144exit:
1145 mbedtls_ssl_session_free( &session );
1146 mbedtls_free( buf1 );
1147 mbedtls_free( buf2 );
1148}
1149/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1150
1151/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1152void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1153{
1154 mbedtls_ssl_session session;
1155 unsigned char *buf = NULL;
1156 size_t good_len, bad_len, test_len;
1157
1158 /*
1159 * Test that session_save() fails cleanly on small buffers
1160 */
1161
1162 mbedtls_ssl_session_init( &session );
1163
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1164 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1165 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1166 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1167 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1168
1169 /* Try all possible bad lengths */
1170 for( bad_len = 1; bad_len < good_len; bad_len++ )
1171 {
1172 /* Allocate exact size so that asan/valgrind can detect any overwrite */
1173 mbedtls_free( buf );
1174 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
1175 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
1176 &test_len )
1177 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1178 TEST_ASSERT( test_len == good_len );
1179 }
1180
1181exit:
1182 mbedtls_ssl_session_free( &session );
1183 mbedtls_free( buf );
1184}
1185/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1186
1187/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1188void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1189{
1190 mbedtls_ssl_session session;
1191 unsigned char *good_buf = NULL, *bad_buf = NULL;
1192 size_t good_len, bad_len;
1193
1194 /*
1195 * Test that session_load() fails cleanly on small buffers
1196 */
1197
1198 mbedtls_ssl_session_init( &session );
1199
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1200 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1201 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1202 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1203 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1204 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
1205 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
1206 &good_len ) == 0 );
1207 mbedtls_ssl_session_free( &session );
1208
1209 /* Try all possible bad lengths */
1210 for( bad_len = 0; bad_len < good_len; bad_len++ )
1211 {
1212 /* Allocate exact size so that asan/valgrind can detect any overread */
1213 mbedtls_free( bad_buf );
1214 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
1215 TEST_ASSERT( bad_buf != NULL );
1216 memcpy( bad_buf, good_buf, bad_len );
1217
1218 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
1219 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1220 }
1221
1222exit:
1223 mbedtls_ssl_session_free( &session );
1224 mbedtls_free( good_buf );
1225 mbedtls_free( bad_buf );
1226}
1227/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1228
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1229/* BEGIN_CASE */
1230void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1231 int corrupt_minor,
1232 int corrupt_patch,
1233 int corrupt_config )
1234{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1235 unsigned char serialized_session[ 2048 ];
1236 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1237 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1238 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1239 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
1240 corrupt_minor == 1,
1241 corrupt_patch == 1,
1242 corrupt_config == 1,
1243 corrupt_config == 1 };
1244
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1245 mbedtls_ssl_session_init( &session );
1246
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1247 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1248 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1249 serialized_session,
1250 sizeof( serialized_session ),
1251 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1252
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1253 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1254
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1255 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1256 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1257 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1258 serialized_session,
1259 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1260 mbedtls_ssl_session_free( &session );
1261
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1262 /* Go through the bytes in the serialized session header and
1263 * corrupt them bit-by-bit. */
1264 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1265 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1266 int cur_bit;
1267 unsigned char * const byte = &serialized_session[ cur_byte ];
1268
1269 if( should_corrupt_byte[ cur_byte ] == 0 )
1270 continue;
1271
1272 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
1273 {
1274 unsigned char const corrupted_bit = 0x1u << cur_bit;
1275 /* Modify a single bit in the serialized session. */
1276 *byte ^= corrupted_bit;
1277
1278 /* Attempt to deserialize */
1279 TEST_ASSERT( mbedtls_ssl_session_load( &session,
1280 serialized_session,
1281 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]1282 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1283
1284 /* Undo the change */
1285 *byte ^= corrupted_bit;
1286 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1287 }
1288
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1289}
1290/* END_CASE */