TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 70d7fb0c2df35e3086503590f5a2a48cef0a822d / . / tests / suites / test_suite_ssl.function
blob: 153242925d4a3e50fc4e11c9905799230a010b8e [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
6#include <mbedtls/certs.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]7#include <mbedtls/timing.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]8#include <mbedtls/debug.h>
Hanno Becker73c825a2020-09-08 10:52:58 +0100[diff] [blame]9#include <ssl_tls13_keys.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]10
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]11#include <ssl_invasive.h>
12
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]13#include <test/constant_flow.h>
14
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]15#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
16 const int tls1_3_label_ ## name = idx;
17MBEDTLS_SSL_TLS1_3_LABEL_LIST
18#undef MBEDTLS_SSL_TLS1_3_LABEL
19
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]20typedef struct log_pattern
21{
22 const char *pattern;
23 size_t counter;
24} log_pattern;
25
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]26/*
27 * This function can be passed to mbedtls to receive output logs from it. In
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]28 * this case, it will count the instances of a log_pattern in the received
29 * logged messages.
30 */
31void log_analyzer( void *ctx, int level,
32 const char *file, int line,
33 const char *str )
34{
35 log_pattern *p = (log_pattern *) ctx;
36
37 (void) level;
38 (void) line;
39 (void) file;
40
41 if( NULL != p &&
42 NULL != p->pattern &&
43 NULL != strstr( str, p->pattern ) )
44 {
45 p->counter++;
46 }
47}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]48
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]49/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
50#define TEST_SSL_MINOR_VERSION_NONE -1
51
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]52typedef struct handshake_test_options
53{
54 const char *cipher;
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]55 int client_min_version;
56 int client_max_version;
57 int server_min_version;
58 int server_max_version;
59 int expected_negotiated_version;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]60 int pk_alg;
61 data_t *psk_str;
62 int dtls;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]63 int srv_auth_mode;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]64 int serialize;
65 int mfl;
66 int cli_msg_len;
67 int srv_msg_len;
68 int expected_cli_fragments;
69 int expected_srv_fragments;
70 int renegotiate;
71 int legacy_renegotiation;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]72 void *srv_log_obj;
73 void *cli_log_obj;
74 void (*srv_log_fun)(void *, int, const char *, int, const char *);
75 void (*cli_log_fun)(void *, int, const char *, int, const char *);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]76 int resize_buffers;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]77} handshake_test_options;
78
79void init_handshake_options( handshake_test_options *opts )
80{
81 opts->cipher = "";
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]82 opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
83 opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
84 opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
85 opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
86 opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]87 opts->pk_alg = MBEDTLS_PK_RSA;
88 opts->psk_str = NULL;
89 opts->dtls = 0;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]90 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]91 opts->serialize = 0;
92 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
93 opts->cli_msg_len = 100;
94 opts->srv_msg_len = 100;
95 opts->expected_cli_fragments = 1;
96 opts->expected_srv_fragments = 1;
97 opts->renegotiate = 0;
98 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]99 opts->srv_log_obj = NULL;
100 opts->srv_log_obj = NULL;
101 opts->srv_log_fun = NULL;
102 opts->cli_log_fun = NULL;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]103 opts->resize_buffers = 1;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]104}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]105/*
106 * Buffer structure for custom I/O callbacks.
107 */
108
109typedef struct mbedtls_test_buffer
110{
111 size_t start;
112 size_t content_length;
113 size_t capacity;
114 unsigned char *buffer;
115} mbedtls_test_buffer;
116
117/*
118 * Initialises \p buf. After calling this function it is safe to call
119 * `mbedtls_test_buffer_free()` on \p buf.
120 */
121void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
122{
123 memset( buf, 0, sizeof( *buf ) );
124}
125
126/*
127 * Sets up \p buf. After calling this function it is safe to call
128 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
129 */
130int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
131{
132 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
133 sizeof(unsigned char) );
134 if( NULL == buf->buffer )
135 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
136 buf->capacity = capacity;
137
138 return 0;
139}
140
141void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
142{
143 if( buf->buffer != NULL )
144 mbedtls_free( buf->buffer );
145
146 memset( buf, 0, sizeof( *buf ) );
147}
148
149/*
150 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
151 *
152 * \p buf must have been initialized and set up by calling
153 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
154 *
155 * \retval \p input_len, if the data fits.
156 * \retval 0 <= value < \p input_len, if the data does not fit.
157 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
158 * zero and \p input is NULL.
159 */
160int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]161 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]162{
163 size_t overflow = 0;
164
165 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
166 return -1;
167
168 /* Reduce input_len to a number that fits in the buffer. */
169 if ( ( buf->content_length + input_len ) > buf->capacity )
170 {
171 input_len = buf->capacity - buf->content_length;
172 }
173
174 if( input == NULL )
175 {
176 return ( input_len == 0 ) ? 0 : -1;
177 }
178
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]179 /* Check if the buffer has not come full circle and free space is not in
180 * the middle */
181 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]182 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]183
184 /* Calculate the number of bytes that need to be placed at lower memory
185 * address */
186 if( buf->start + buf->content_length + input_len
187 > buf->capacity )
188 {
189 overflow = ( buf->start + buf->content_length + input_len )
190 % buf->capacity;
191 }
192
193 memcpy( buf->buffer + buf->start + buf->content_length, input,
194 input_len - overflow );
195 memcpy( buf->buffer, input + input_len - overflow, overflow );
196
197 }
198 else
199 {
200 /* The buffer has come full circle and free space is in the middle */
201 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
202 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]203 }
204
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]205 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]206 return input_len;
207}
208
209/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]210 * Gets \p output_len bytes from the ring buffer \p buf into the
211 * \p output buffer. The output buffer can be NULL, in this case a part of the
212 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]213 *
214 * \p buf must have been initialized and set up by calling
215 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
216 *
217 * \retval \p output_len, if the data is available.
218 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]219 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]220 */
221int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
222 unsigned char* output, size_t output_len )
223{
224 size_t overflow = 0;
225
226 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
227 return -1;
228
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]229 if( output == NULL && output_len == 0 )
230 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]231
232 if( buf->content_length < output_len )
233 output_len = buf->content_length;
234
235 /* Calculate the number of bytes that need to be drawn from lower memory
236 * address */
237 if( buf->start + output_len > buf->capacity )
238 {
239 overflow = ( buf->start + output_len ) % buf->capacity;
240 }
241
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]242 if( output != NULL )
243 {
244 memcpy( output, buf->buffer + buf->start, output_len - overflow );
245 memcpy( output + output_len - overflow, buf->buffer, overflow );
246 }
247
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]248 buf->content_length -= output_len;
249 buf->start = ( buf->start + output_len ) % buf->capacity;
250
251 return output_len;
252}
253
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]254/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]255 * Errors used in the message transport mock tests
256 */
257 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]258 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
259
260/*
261 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
262 */
263typedef struct mbedtls_test_message_queue
264{
265 size_t *messages;
266 int pos;
267 int num;
268 int capacity;
269} mbedtls_test_message_queue;
270
271/*
272 * Setup and free functions for the message metadata queue.
273 *
274 * \p capacity describes the number of message metadata chunks that can be held
275 * within the queue.
276 *
277 * \retval 0, if a metadata queue of a given length can be allocated.
278 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
279 */
280int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
281 size_t capacity )
282{
283 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
284 if( NULL == queue->messages )
285 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
286
287 queue->capacity = capacity;
288 queue->pos = 0;
289 queue->num = 0;
290
291 return 0;
292}
293
294void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
295{
296 if( queue == NULL )
297 return;
298
299 if( queue->messages != NULL )
300 mbedtls_free( queue->messages );
301
302 memset( queue, 0, sizeof( *queue ) );
303}
304
305/*
306 * Push message length information onto the message metadata queue.
307 * This will become the last element to leave it (fifo).
308 *
309 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]310 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]311 * \retval \p len, if the push was successful.
312 */
313int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
314 size_t len )
315{
316 int place;
317 if( queue == NULL )
318 return MBEDTLS_TEST_ERROR_ARG_NULL;
319
320 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]321 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]322
323 place = ( queue->pos + queue->num ) % queue->capacity;
324 queue->messages[place] = len;
325 queue->num++;
326 return len;
327}
328
329/*
330 * Pop information about the next message length from the queue. This will be
331 * the oldest inserted message length(fifo). \p msg_len can be null, in which
332 * case the data will be popped from the queue but not copied anywhere.
333 *
334 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]335 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]336 * \retval message length, if the pop was successful, up to the given
337 \p buf_len.
338 */
339int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
340 size_t buf_len )
341{
342 size_t message_length;
343 if( queue == NULL )
344 return MBEDTLS_TEST_ERROR_ARG_NULL;
345 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]346 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]347
348 message_length = queue->messages[queue->pos];
349 queue->messages[queue->pos] = 0;
350 queue->num--;
351 queue->pos++;
352 queue->pos %= queue->capacity;
353 if( queue->pos < 0 )
354 queue->pos += queue->capacity;
355
356 return ( message_length > buf_len ) ? buf_len : message_length;
357}
358
359/*
360 * Take a peek on the info about the next message length from the queue.
361 * This will be the oldest inserted message length(fifo).
362 *
363 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]364 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]365 * \retval 0, if the peek was successful.
366 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
367 * too small to fit the message. In this case the \p msg_len will be
368 * set to the full message length so that the
369 * caller knows what portion of the message can be dropped.
370 */
371int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
372 size_t buf_len, size_t* msg_len )
373{
374 if( queue == NULL || msg_len == NULL )
375 return MBEDTLS_TEST_ERROR_ARG_NULL;
376 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]377 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]378
379 *msg_len = queue->messages[queue->pos];
380 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
381}
382/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]383 * Context for the I/O callbacks simulating network connection.
384 */
385
386#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
387
388typedef struct mbedtls_mock_socket
389{
390 int status;
391 mbedtls_test_buffer *input;
392 mbedtls_test_buffer *output;
393 struct mbedtls_mock_socket *peer;
394} mbedtls_mock_socket;
395
396/*
397 * Setup and teardown functions for mock sockets.
398 */
399void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
400{
401 memset( socket, 0, sizeof( *socket ) );
402}
403
404/*
405 * Closes the socket \p socket.
406 *
407 * \p socket must have been previously initialized by calling
408 * mbedtls_mock_socket_init().
409 *
410 * This function frees all allocated resources and both sockets are aware of the
411 * new connection state.
412 *
413 * That is, this function does not simulate half-open TCP connections and the
414 * phenomenon that when closing a UDP connection the peer is not aware of the
415 * connection having been closed.
416 */
417void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
418{
419 if( socket == NULL )
420 return;
421
422 if( socket->input != NULL )
423 {
424 mbedtls_test_buffer_free( socket->input );
425 mbedtls_free( socket->input );
426 }
427
428 if( socket->output != NULL )
429 {
430 mbedtls_test_buffer_free( socket->output );
431 mbedtls_free( socket->output );
432 }
433
434 if( socket->peer != NULL )
435 memset( socket->peer, 0, sizeof( *socket->peer ) );
436
437 memset( socket, 0, sizeof( *socket ) );
438}
439
440/*
441 * Establishes a connection between \p peer1 and \p peer2.
442 *
443 * \p peer1 and \p peer2 must have been previously initialized by calling
444 * mbedtls_mock_socket_init().
445 *
446 * The capacites of the internal buffers are set to \p bufsize. Setting this to
447 * the correct value allows for simulation of MTU, sanity testing the mock
448 * implementation and mocking TCP connections with lower memory cost.
449 */
450int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
451 mbedtls_mock_socket* peer2,
452 size_t bufsize )
453{
454 int ret = -1;
455
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]456 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]457 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
458 if( peer1->output == NULL )
459 {
460 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
461 goto exit;
462 }
463 mbedtls_test_buffer_init( peer1->output );
464 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
465 {
466 goto exit;
467 }
468
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]469 peer2->output =
470 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
471 if( peer2->output == NULL )
472 {
473 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
474 goto exit;
475 }
476 mbedtls_test_buffer_init( peer2->output );
477 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
478 {
479 goto exit;
480 }
481
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]482 peer1->peer = peer2;
483 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]484 peer1->input = peer2->output;
485 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]486
487 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
488 ret = 0;
489
490exit:
491
492 if( ret != 0 )
493 {
494 mbedtls_mock_socket_close( peer1 );
495 mbedtls_mock_socket_close( peer2 );
496 }
497
498 return ret;
499}
500
501/*
502 * Callbacks for simulating blocking I/O over connection-oriented transport.
503 */
504
505int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
506{
507 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
508
509 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
510 return -1;
511
512 return mbedtls_test_buffer_put( socket->output, buf, len );
513}
514
515int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
516{
517 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
518
519 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
520 return -1;
521
522 return mbedtls_test_buffer_get( socket->input, buf, len );
523}
524
525/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]526 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
527 */
528
529int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
530{
531 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
532
533 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
534 return -1;
535
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]536 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]537 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]538 return MBEDTLS_ERR_SSL_WANT_WRITE;
539 }
540
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]541 return mbedtls_test_buffer_put( socket->output, buf, len );
542}
543
544int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
545{
546 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
547
548 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
549 return -1;
550
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]551 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]552 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]553 return MBEDTLS_ERR_SSL_WANT_READ;
554 }
555
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]556 return mbedtls_test_buffer_get( socket->input, buf, len );
557}
558
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]559/* Errors used in the message socket mocks */
560
561#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
562#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
563#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
564
565/*
566 * Structure used as an addon, or a wrapper, around the mocked sockets.
567 * Contains an input queue, to which the other socket pushes metadata,
568 * and an output queue, to which this one pushes metadata. This context is
569 * considered as an owner of the input queue only, which is initialized and
570 * freed in the respective setup and free calls.
571 */
572typedef struct mbedtls_test_message_socket_context
573{
574 mbedtls_test_message_queue* queue_input;
575 mbedtls_test_message_queue* queue_output;
576 mbedtls_mock_socket* socket;
577} mbedtls_test_message_socket_context;
578
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]579void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
580{
581 ctx->queue_input = NULL;
582 ctx->queue_output = NULL;
583 ctx->socket = NULL;
584}
585
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]586/*
587 * Setup a given mesasge socket context including initialization of
588 * input/output queues to a chosen capacity of messages. Also set the
589 * corresponding mock socket.
590 *
591 * \retval 0, if everything succeeds.
592 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
593 * queue failed.
594 */
595int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
596 mbedtls_test_message_queue* queue_output,
597 size_t queue_capacity,
598 mbedtls_mock_socket* socket,
599 mbedtls_test_message_socket_context* ctx )
600{
601 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
602 if( ret != 0 )
603 return ret;
604 ctx->queue_input = queue_input;
605 ctx->queue_output = queue_output;
606 ctx->socket = socket;
607 mbedtls_mock_socket_init( socket );
608
609 return 0;
610}
611
612/*
613 * Close a given message socket context, along with the socket itself. Free the
614 * memory allocated by the input queue.
615 */
616void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
617{
618 if( ctx == NULL )
619 return;
620
621 mbedtls_test_message_queue_free( ctx->queue_input );
622 mbedtls_mock_socket_close( ctx->socket );
623 memset( ctx, 0, sizeof( *ctx ) );
624}
625
626/*
627 * Send one message through a given message socket context.
628 *
629 * \retval \p len, if everything succeeds.
630 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
631 * elements or the context itself is null.
632 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]633 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]634 *
635 * This function will also return any error from
636 * mbedtls_test_message_queue_push_info.
637 */
638int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
639{
640 mbedtls_test_message_queue* queue;
641 mbedtls_mock_socket* socket;
642 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
643
644 if( context == NULL || context->socket == NULL
645 || context->queue_output == NULL )
646 {
647 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
648 }
649
650 queue = context->queue_output;
651 socket = context->socket;
652
653 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]654 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]655
656 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
657 return MBEDTLS_TEST_ERROR_SEND_FAILED;
658
659 return mbedtls_test_message_queue_push_info( queue, len );
660}
661
662/*
663 * Receive one message from a given message socket context and return message
664 * length or an error.
665 *
666 * \retval message length, if everything succeeds.
667 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
668 * elements or the context itself is null.
669 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
670 *
671 * This function will also return any error other than
672 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
673 */
674int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
675{
676 mbedtls_test_message_queue* queue;
677 mbedtls_mock_socket* socket;
678 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
Gilles Peskine19e841e2020-03-09 20:43:51 +0100[diff] [blame]679 size_t drop_len = 0;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]680 size_t msg_len;
681 int ret;
682
683 if( context == NULL || context->socket == NULL
684 || context->queue_input == NULL )
685 {
686 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
687 }
688
689 queue = context->queue_input;
690 socket = context->socket;
691
692 /* Peek first, so that in case of a socket error the data remains in
693 * the queue. */
694 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
695 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
696 {
697 /* Calculate how much to drop */
698 drop_len = msg_len - buf_len;
699
700 /* Set the requested message len to be buffer length */
701 msg_len = buf_len;
702 } else if( ret != 0 )
703 {
704 return ret;
705 }
706
707 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
708 return MBEDTLS_TEST_ERROR_RECV_FAILED;
709
710 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
711 {
712 /* Drop the remaining part of the message */
713 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
714 {
715 /* Inconsistent state - part of the message was read,
716 * and a part couldn't. Not much we can do here, but it should not
717 * happen in test environment, unless forced manually. */
718 }
719 }
720 mbedtls_test_message_queue_pop_info( queue, buf_len );
721
722 return msg_len;
723}
724
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]725#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
726 defined(MBEDTLS_ENTROPY_C) && \
727 defined(MBEDTLS_CTR_DRBG_C)
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]728
729/*
730 * Structure with endpoint's certificates for SSL communication tests.
731 */
732typedef struct mbedtls_endpoint_certificate
733{
734 mbedtls_x509_crt ca_cert;
735 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]736 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]737} mbedtls_endpoint_certificate;
738
739/*
740 * Endpoint structure for SSL communication tests.
741 */
742typedef struct mbedtls_endpoint
743{
744 const char *name;
745 mbedtls_ssl_context ssl;
746 mbedtls_ssl_config conf;
747 mbedtls_ctr_drbg_context ctr_drbg;
748 mbedtls_entropy_context entropy;
749 mbedtls_mock_socket socket;
750 mbedtls_endpoint_certificate cert;
751} mbedtls_endpoint;
752
753/*
754 * Initializes \p ep_cert structure and assigns it to endpoint
755 * represented by \p ep.
756 *
757 * \retval 0 on success, otherwise error code.
758 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]759int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]760{
761 int i = 0;
762 int ret = -1;
763 mbedtls_endpoint_certificate *cert;
764
765 if( ep == NULL )
766 {
767 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
768 }
769
770 cert = &( ep->cert );
771 mbedtls_x509_crt_init( &( cert->ca_cert ) );
772 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]773 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]774
775 /* Load the trusted CA */
776
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]777 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
778 {
779 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
780 (const unsigned char *) mbedtls_test_cas_der[i],
781 mbedtls_test_cas_der_len[i] );
782 TEST_ASSERT( ret == 0 );
783 }
784
785 /* Load own certificate and private key */
786
787 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
788 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]789 if( pk_alg == MBEDTLS_PK_RSA )
790 {
791 ret = mbedtls_x509_crt_parse( &( cert->cert ),
792 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
793 mbedtls_test_srv_crt_rsa_sha256_der_len );
794 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]795
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]796 ret = mbedtls_pk_parse_key( &( cert->pkey ),
797 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
798 mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
799 TEST_ASSERT( ret == 0 );
800 }
801 else
802 {
803 ret = mbedtls_x509_crt_parse( &( cert->cert ),
804 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
805 mbedtls_test_srv_crt_ec_der_len );
806 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]807
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]808 ret = mbedtls_pk_parse_key( &( cert->pkey ),
809 (const unsigned char*) mbedtls_test_srv_key_ec_der,
810 mbedtls_test_srv_key_ec_der_len, NULL, 0 );
811 TEST_ASSERT( ret == 0 );
812 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]813 }
814 else
815 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]816 if( pk_alg == MBEDTLS_PK_RSA )
817 {
818 ret = mbedtls_x509_crt_parse( &( cert->cert ),
819 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
820 mbedtls_test_cli_crt_rsa_der_len );
821 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]822
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]823 ret = mbedtls_pk_parse_key( &( cert->pkey ),
824 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
825 mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
826 TEST_ASSERT( ret == 0 );
827 }
828 else
829 {
830 ret = mbedtls_x509_crt_parse( &( cert->cert ),
831 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
832 mbedtls_test_cli_crt_ec_len );
833 TEST_ASSERT( ret == 0 );
834
835 ret = mbedtls_pk_parse_key( &( cert->pkey ),
836 (const unsigned char *) mbedtls_test_cli_key_ec_der,
837 mbedtls_test_cli_key_ec_der_len, NULL, 0 );
838 TEST_ASSERT( ret == 0 );
839 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]840 }
841
842 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
843
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]844 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
845 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]846 TEST_ASSERT( ret == 0 );
847
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]848exit:
849 if( ret != 0 )
850 {
851 mbedtls_x509_crt_free( &( cert->ca_cert ) );
852 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]853 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]854 }
855
856 return ret;
857}
858
859/*
860 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
861 * after calling this function even if it fails.
862 *
863 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
864 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]865 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
866 * MBEDTLS_PK_ECDSA are supported.
867 * \p dtls_context - in case of DTLS - this is the context handling metadata.
868 * \p input_queue - used only in case of DTLS.
869 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]870 *
871 * \retval 0 on success, otherwise error code.
872 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]873int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
874 mbedtls_test_message_socket_context *dtls_context,
875 mbedtls_test_message_queue *input_queue,
876 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]877{
878 int ret = -1;
879
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]880 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]881 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]882
883 if( ep == NULL )
884 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]885
886 memset( ep, 0, sizeof( *ep ) );
887
888 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
889
890 mbedtls_ssl_init( &( ep->ssl ) );
891 mbedtls_ssl_config_init( &( ep->conf ) );
892 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
893 mbedtls_ssl_conf_rng( &( ep->conf ),
894 mbedtls_ctr_drbg_random,
895 &( ep->ctr_drbg ) );
896 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]897 if( dtls_context != NULL )
898 {
899 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
900 100, &( ep->socket ),
901 dtls_context ) == 0 );
902 }
903 else
904 {
905 mbedtls_mock_socket_init( &( ep->socket ) );
906 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]907
908 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
909 &( ep->entropy ), (const unsigned char *) ( ep->name ),
910 strlen( ep->name ) );
911 TEST_ASSERT( ret == 0 );
912
913 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]914 if( dtls_context != NULL )
915 {
916 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
917 mbedtls_mock_tcp_send_msg,
918 mbedtls_mock_tcp_recv_msg,
919 NULL );
920 }
921 else
922 {
923 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
924 mbedtls_mock_tcp_send_nb,
925 mbedtls_mock_tcp_recv_nb,
926 NULL );
927 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]928
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]929 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]930 ( dtls_context != NULL ) ?
931 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
932 MBEDTLS_SSL_TRANSPORT_STREAM,
933 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]934 TEST_ASSERT( ret == 0 );
935
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]936 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
937 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]938
939#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
940 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
941 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
942#endif
943
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]944 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]945 TEST_ASSERT( ret == 0 );
946
947exit:
948 return ret;
949}
950
951/*
952 * Deinitializes certificates from endpoint represented by \p ep.
953 */
954void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
955{
956 mbedtls_endpoint_certificate *cert = &( ep->cert );
957 mbedtls_x509_crt_free( &( cert->ca_cert ) );
958 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]959 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]960}
961
962/*
963 * Deinitializes endpoint represented by \p ep.
964 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]965void mbedtls_endpoint_free( mbedtls_endpoint *ep,
966 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]967{
968 mbedtls_endpoint_certificate_free( ep );
969
970 mbedtls_ssl_free( &( ep->ssl ) );
971 mbedtls_ssl_config_free( &( ep->conf ) );
972 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
973 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]974
975 if( context != NULL )
976 {
977 mbedtls_message_socket_close( context );
978 }
979 else
980 {
981 mbedtls_mock_socket_close( &( ep->socket ) );
982 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]983}
984
985/*
986 * This function moves ssl handshake from \p ssl to prescribed \p state.
987 * /p second_ssl is used as second endpoint and their sockets have to be
988 * connected before calling this function.
989 *
990 * \retval 0 on success, otherwise error code.
991 */
992int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
993 mbedtls_ssl_context *second_ssl,
994 int state )
995{
996 enum { BUFFSIZE = 1024 };
997 int max_steps = 1000;
998 int ret = 0;
999
1000 if( ssl == NULL || second_ssl == NULL )
1001 {
1002 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
1003 }
1004
1005 /* Perform communication via connected sockets */
1006 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
1007 {
1008 /* If /p second_ssl ends the handshake procedure before /p ssl then
1009 * there is no need to call the next step */
1010 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
1011 {
1012 ret = mbedtls_ssl_handshake_step( second_ssl );
1013 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1014 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1015 {
1016 return ret;
1017 }
1018 }
1019
1020 /* We only care about the \p ssl state and returns, so we call it last,
1021 * to leave the iteration as soon as the state is as expected. */
1022 ret = mbedtls_ssl_handshake_step( ssl );
1023 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1024 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1025 {
1026 return ret;
1027 }
1028 }
1029
1030 return ( max_steps >= 0 ) ? ret : -1;
1031}
1032
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1033#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1034
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1035/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1036 * Write application data. Increase write counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1037 */
1038int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1039 int buf_len, int *written,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1040 const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1041{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1042 int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
1043 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1044 {
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1045 *written += ret;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1046 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1047
1048 if( expected_fragments == 0 )
1049 {
1050 /* Used for DTLS and the message size larger than MFL. In that case
1051 * the message can not be fragmented and the library should return
1052 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
1053 * to prevent a dead loop inside mbedtls_exchange_data(). */
1054 return ret;
1055 }
1056 else if( expected_fragments == 1 )
1057 {
1058 /* Used for TLS/DTLS and the message size lower than MFL */
1059 TEST_ASSERT( ret == buf_len ||
1060 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1061 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1062 }
1063 else
1064 {
1065 /* Used for TLS and the message size larger than MFL */
1066 TEST_ASSERT( expected_fragments > 1 );
1067 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1068 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1069 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1070 }
1071
1072 return 0;
1073
1074exit:
1075 /* Some of the tests failed */
1076 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1077}
1078
1079/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1080 * Read application data and increase read counter and fragments counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1081 */
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1082int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
1083 int buf_len, int *read,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1084 int *fragments, const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1085{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1086 int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
1087 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1088 {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1089 ( *fragments )++;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1090 *read += ret;
1091 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1092
1093 if( expected_fragments == 0 )
1094 {
1095 TEST_ASSERT( ret == 0 );
1096 }
1097 else if( expected_fragments == 1 )
1098 {
1099 TEST_ASSERT( ret == buf_len ||
1100 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1101 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1102 }
1103 else
1104 {
1105 TEST_ASSERT( expected_fragments > 1 );
1106 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1107 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1108 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1109 }
1110
1111 return 0;
1112
1113exit:
1114 /* Some of the tests failed */
1115 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1116}
1117
1118/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1119 * Helper function setting up inverse record transformations
1120 * using given cipher, hash, EtM mode, authentication tag length,
1121 * and version.
1122 */
1123
1124#define CHK( x ) \
1125 do \
1126 { \
1127 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1128 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1129 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1130 goto cleanup; \
1131 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1132 } while( 0 )
1133
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1134void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
1135 int* forced_ciphersuite )
1136{
1137 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1138 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
1139 forced_ciphersuite[1] = 0;
1140
1141 ciphersuite_info =
1142 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
1143
1144 TEST_ASSERT( ciphersuite_info != NULL );
1145 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
1146 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
1147
1148 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
1149 {
1150 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
1151 }
1152 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
1153 {
1154 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
1155 }
1156
1157 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
1158
1159exit:
1160 return;
1161}
1162
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1163int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1164 const unsigned char *name, size_t name_len )
1165{
1166 (void) p_info;
1167 (void) ssl;
1168 (void) name;
1169 (void) name_len;
1170
1171 return ( 0 );
1172}
1173
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1174#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1175#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1176#else
1177#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1178#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1179
1180static int build_transforms( mbedtls_ssl_transform *t_in,
1181 mbedtls_ssl_transform *t_out,
1182 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1183 int etm, int tag_mode, int ver,
1184 size_t cid0_len,
1185 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1186{
1187 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1188 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1189
1190 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1191 unsigned char *key0 = NULL, *key1 = NULL;
Paul Elliott6f1eda72020-06-11 20:22:00 +0100[diff] [blame]1192 unsigned char *md0 = NULL, *md1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1193 unsigned char iv_enc[16], iv_dec[16];
1194
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1195#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1196 unsigned char cid0[ SSL_CID_LEN_MIN ];
1197 unsigned char cid1[ SSL_CID_LEN_MIN ];
1198
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]1199 mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1200 mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1201#else
1202 ((void) cid0_len);
1203 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1204#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1205
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1206 maclen = 0;
1207
1208 /* Pick cipher */
1209 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1210 CHK( cipher_info != NULL );
1211 CHK( cipher_info->iv_size <= 16 );
1212 CHK( cipher_info->key_bitlen % 8 == 0 );
1213
1214 /* Pick keys */
1215 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1216 /* Allocate `keylen + 1` bytes to ensure that we get
1217 * a non-NULL pointers from `mbedtls_calloc` even if
1218 * `keylen == 0` in the case of the NULL cipher. */
1219 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1220 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1221 memset( key0, 0x1, keylen );
1222 memset( key1, 0x2, keylen );
1223
1224 /* Setup cipher contexts */
1225 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1226 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1227 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1228 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1229
1230#if defined(MBEDTLS_CIPHER_MODE_CBC)
1231 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1232 {
1233 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1234 MBEDTLS_PADDING_NONE ) == 0 );
1235 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1236 MBEDTLS_PADDING_NONE ) == 0 );
1237 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1238 MBEDTLS_PADDING_NONE ) == 0 );
1239 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1240 MBEDTLS_PADDING_NONE ) == 0 );
1241 }
1242#endif /* MBEDTLS_CIPHER_MODE_CBC */
1243
1244 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1245 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1246 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1247 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1248 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1249 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1250 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1251 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1252
1253 /* Setup MAC contexts */
1254#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
1255 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1256 cipher_info->mode == MBEDTLS_MODE_STREAM )
1257 {
1258 mbedtls_md_info_t const *md_info;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1259
1260 /* Pick hash */
1261 md_info = mbedtls_md_info_from_type( hash_id );
1262 CHK( md_info != NULL );
1263
1264 /* Pick hash keys */
1265 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1266 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1267 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1268 memset( md0, 0x5, maclen );
1269 memset( md1, 0x6, maclen );
1270
1271 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1272 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1273 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1274 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1275
1276 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
1277 {
1278 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1279 md0, maclen ) == 0 );
1280 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1281 md1, maclen ) == 0 );
1282 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1283 md1, maclen ) == 0 );
1284 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1285 md0, maclen ) == 0 );
1286 }
1287#if defined(MBEDTLS_SSL_PROTO_SSL3)
1288 else
1289 {
1290 memcpy( &t_in->mac_enc, md0, maclen );
1291 memcpy( &t_in->mac_dec, md1, maclen );
1292 memcpy( &t_out->mac_enc, md1, maclen );
1293 memcpy( &t_out->mac_dec, md0, maclen );
1294 }
1295#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1296 }
1297#else
1298 ((void) hash_id);
1299#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
1300
1301
1302 /* Pick IV's (regardless of whether they
1303 * are being used by the transform). */
1304 ivlen = cipher_info->iv_size;
1305 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1306 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1307
1308 /*
1309 * Setup transforms
1310 */
1311
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1312#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1313 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1314 t_out->encrypt_then_mac = etm;
1315 t_in->encrypt_then_mac = etm;
1316#else
1317 ((void) etm);
1318#endif
1319
1320 t_out->minor_ver = ver;
1321 t_in->minor_ver = ver;
1322 t_out->ivlen = ivlen;
1323 t_in->ivlen = ivlen;
1324
1325 switch( cipher_info->mode )
1326 {
1327 case MBEDTLS_MODE_GCM:
1328 case MBEDTLS_MODE_CCM:
Hanno Beckere6832872020-05-28 08:29:58 +0100[diff] [blame]1329#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1330 if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
1331 {
1332 t_out->fixed_ivlen = 12;
1333 t_in->fixed_ivlen = 12;
1334 }
1335 else
1336#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1337 {
1338 t_out->fixed_ivlen = 4;
1339 t_in->fixed_ivlen = 4;
1340 }
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1341 t_out->maclen = 0;
1342 t_in->maclen = 0;
1343 switch( tag_mode )
1344 {
1345 case 0: /* Full tag */
1346 t_out->taglen = 16;
1347 t_in->taglen = 16;
1348 break;
1349 case 1: /* Partial tag */
1350 t_out->taglen = 8;
1351 t_in->taglen = 8;
1352 break;
1353 default:
1354 return( 1 );
1355 }
1356 break;
1357
1358 case MBEDTLS_MODE_CHACHAPOLY:
1359 t_out->fixed_ivlen = 12;
1360 t_in->fixed_ivlen = 12;
1361 t_out->maclen = 0;
1362 t_in->maclen = 0;
1363 switch( tag_mode )
1364 {
1365 case 0: /* Full tag */
1366 t_out->taglen = 16;
1367 t_in->taglen = 16;
1368 break;
1369 case 1: /* Partial tag */
1370 t_out->taglen = 8;
1371 t_in->taglen = 8;
1372 break;
1373 default:
1374 return( 1 );
1375 }
1376 break;
1377
1378 case MBEDTLS_MODE_STREAM:
1379 case MBEDTLS_MODE_CBC:
1380 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1381 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1382 t_out->taglen = 0;
1383 t_in->taglen = 0;
1384 switch( tag_mode )
1385 {
1386 case 0: /* Full tag */
1387 t_out->maclen = maclen;
1388 t_in->maclen = maclen;
1389 break;
1390 case 1: /* Partial tag */
1391 t_out->maclen = 10;
1392 t_in->maclen = 10;
1393 break;
1394 default:
1395 return( 1 );
1396 }
1397 break;
1398 default:
1399 return( 1 );
1400 break;
1401 }
1402
1403 /* Setup IV's */
1404
1405 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1406 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1407 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1408 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1409
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1410#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1411 /* Add CID */
1412 memcpy( &t_in->in_cid, cid0, cid0_len );
1413 memcpy( &t_in->out_cid, cid1, cid1_len );
1414 t_in->in_cid_len = cid0_len;
1415 t_in->out_cid_len = cid1_len;
1416 memcpy( &t_out->in_cid, cid1, cid1_len );
1417 memcpy( &t_out->out_cid, cid0, cid0_len );
1418 t_out->in_cid_len = cid1_len;
1419 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1420#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1421
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1422cleanup:
1423
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1424 mbedtls_free( key0 );
1425 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1426
Paul Elliott6f1eda72020-06-11 20:22:00 +0100[diff] [blame]1427 mbedtls_free( md0 );
1428 mbedtls_free( md1 );
1429
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1430 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1431}
1432
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1433/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1434 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1435 * Choose dummy values, mostly non-0 to distinguish from the init default.
1436 */
1437static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1438 int ticket_len,
1439 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1440{
1441#if defined(MBEDTLS_HAVE_TIME)
1442 session->start = mbedtls_time( NULL ) - 42;
1443#endif
1444 session->ciphersuite = 0xabcd;
1445 session->compression = 1;
1446 session->id_len = sizeof( session->id );
1447 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1448 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1449
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1450#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1451 if( strlen( crt_file ) != 0 )
1452 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1453 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1454 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1455
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1456 mbedtls_x509_crt_init( &tmp_crt );
1457 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1458 if( ret != 0 )
1459 return( ret );
1460
1461#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1462 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1463 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1464 if( session->peer_cert == NULL )
1465 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1466 *session->peer_cert = tmp_crt;
1467 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1468#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1469 /* Calculate digest of temporary CRT. */
1470 session->peer_cert_digest =
1471 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1472 if( session->peer_cert_digest == NULL )
1473 return( -1 );
1474 ret = mbedtls_md( mbedtls_md_info_from_type(
1475 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1476 tmp_crt.raw.p, tmp_crt.raw.len,
1477 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1478 if( ret != 0 )
1479 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1480 session->peer_cert_digest_type =
1481 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1482 session->peer_cert_digest_len =
1483 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1484#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1485
1486 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1487 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1488#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1489 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1490#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1491 session->verify_result = 0xdeadbeef;
1492
1493#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1494 if( ticket_len != 0 )
1495 {
1496 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1497 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1498 return( -1 );
1499 memset( session->ticket, 33, ticket_len );
1500 }
1501 session->ticket_len = ticket_len;
1502 session->ticket_lifetime = 86401;
1503#else
1504 (void) ticket_len;
1505#endif
1506
1507#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1508 session->mfl_code = 1;
1509#endif
1510#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1511 session->trunc_hmac = 1;
1512#endif
1513#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1514 session->encrypt_then_mac = 1;
1515#endif
1516
1517 return( 0 );
1518}
1519
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1520/*
1521 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1522 * message was sent in the correct number of fragments.
1523 *
1524 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1525 * of them must be initialized and connected beforehand.
1526 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1527 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1528 * fragments the message should be sent.
1529 * expected_fragments is 0: can be used for DTLS testing while the message
1530 * size is larger than MFL. In that case the message
1531 * cannot be fragmented and sent to the second endpoint.
1532 * This value can be used for negative tests.
1533 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1534 * message size is below MFL
1535 * expected_fragments > 1: can be used for TLS testing while the message
1536 * size is larger than MFL
1537 *
1538 * \retval 0 on success, otherwise error code.
1539 */
1540int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
1541 int msg_len_1, const int expected_fragments_1,
1542 mbedtls_ssl_context *ssl_2,
1543 int msg_len_2, const int expected_fragments_2 )
1544{
1545 unsigned char *msg_buf_1 = malloc( msg_len_1 );
1546 unsigned char *msg_buf_2 = malloc( msg_len_2 );
1547 unsigned char *in_buf_1 = malloc( msg_len_2 );
1548 unsigned char *in_buf_2 = malloc( msg_len_1 );
1549 int msg_type, ret = -1;
1550
1551 /* Perform this test with two message types. At first use a message
1552 * consisting of only 0x00 for the client and only 0xFF for the server.
1553 * At the second time use message with generated data */
1554 for( msg_type = 0; msg_type < 2; msg_type++ )
1555 {
1556 int written_1 = 0;
1557 int written_2 = 0;
1558 int read_1 = 0;
1559 int read_2 = 0;
1560 int fragments_1 = 0;
1561 int fragments_2 = 0;
1562
1563 if( msg_type == 0 )
1564 {
1565 memset( msg_buf_1, 0x00, msg_len_1 );
1566 memset( msg_buf_2, 0xff, msg_len_2 );
1567 }
1568 else
1569 {
1570 int i, j = 0;
1571 for( i = 0; i < msg_len_1; i++ )
1572 {
1573 msg_buf_1[i] = j++ & 0xFF;
1574 }
1575 for( i = 0; i < msg_len_2; i++ )
1576 {
1577 msg_buf_2[i] = ( j -= 5 ) & 0xFF;
1578 }
1579 }
1580
1581 while( read_1 < msg_len_2 || read_2 < msg_len_1 )
1582 {
1583 /* ssl_1 sending */
1584 if( msg_len_1 > written_1 )
1585 {
1586 ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
1587 msg_len_1, &written_1,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1588 expected_fragments_1 );
1589 if( expected_fragments_1 == 0 )
1590 {
1591 /* This error is expected when the message is too large and
1592 * cannot be fragmented */
1593 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1594 msg_len_1 = 0;
1595 }
1596 else
1597 {
1598 TEST_ASSERT( ret == 0 );
1599 }
1600 }
1601
1602 /* ssl_2 sending */
1603 if( msg_len_2 > written_2 )
1604 {
1605 ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
1606 msg_len_2, &written_2,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1607 expected_fragments_2 );
1608 if( expected_fragments_2 == 0 )
1609 {
1610 /* This error is expected when the message is too large and
1611 * cannot be fragmented */
1612 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1613 msg_len_2 = 0;
1614 }
1615 else
1616 {
1617 TEST_ASSERT( ret == 0 );
1618 }
1619 }
1620
1621 /* ssl_1 reading */
1622 if( read_1 < msg_len_2 )
1623 {
1624 ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
1625 msg_len_2, &read_1,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1626 &fragments_2,
1627 expected_fragments_2 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1628 TEST_ASSERT( ret == 0 );
1629 }
1630
1631 /* ssl_2 reading */
1632 if( read_2 < msg_len_1 )
1633 {
1634 ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
1635 msg_len_1, &read_2,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1636 &fragments_1,
1637 expected_fragments_1 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1638 TEST_ASSERT( ret == 0 );
1639 }
1640 }
1641
1642 ret = -1;
1643 TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
1644 TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
1645 TEST_ASSERT( fragments_1 == expected_fragments_1 );
1646 TEST_ASSERT( fragments_2 == expected_fragments_2 );
1647 }
1648
1649 ret = 0;
1650
1651exit:
1652 free( msg_buf_1 );
1653 free( in_buf_1 );
1654 free( msg_buf_2 );
1655 free( in_buf_2 );
1656
1657 return ret;
1658}
1659
Piotr Nowicki95e9eb82020-02-14 11:33:34 +0100[diff] [blame]1660/*
1661 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1662 * must be initialized and connected beforehand.
1663 *
1664 * \retval 0 on success, otherwise error code.
1665 */
1666int exchange_data( mbedtls_ssl_context *ssl_1,
1667 mbedtls_ssl_context *ssl_2 )
1668{
1669 return mbedtls_exchange_data( ssl_1, 256, 1,
1670 ssl_2, 256, 1 );
1671}
1672
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1673#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
1674 defined(MBEDTLS_ENTROPY_C) && \
1675 defined(MBEDTLS_CTR_DRBG_C)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1676void perform_handshake( handshake_test_options* options )
1677{
1678 /* forced_ciphersuite needs to last until the end of the handshake */
1679 int forced_ciphersuite[2];
1680 enum { BUFFSIZE = 17000 };
1681 mbedtls_endpoint client, server;
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1682#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1683 const char *psk_identity = "foo";
1684#endif
1685#if defined(MBEDTLS_TIMING_C)
1686 mbedtls_timing_delay_context timer_client, timer_server;
1687#endif
1688#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1689 unsigned char *context_buf = NULL;
1690 size_t context_buf_len;
1691#endif
1692#if defined(MBEDTLS_SSL_RENEGOTIATION)
1693 int ret = -1;
1694#endif
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1695 int expected_handshake_result = 0;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1696
1697 mbedtls_test_message_queue server_queue, client_queue;
1698 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]1699 mbedtls_message_socket_init( &server_context );
1700 mbedtls_message_socket_init( &client_context );
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1701
1702 /* Client side */
1703 if( options->dtls != 0 )
1704 {
1705 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1706 options->pk_alg, &client_context,
1707 &client_queue,
1708 &server_queue ) == 0 );
1709#if defined(MBEDTLS_TIMING_C)
1710 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
1711 mbedtls_timing_set_delay,
1712 mbedtls_timing_get_delay );
1713#endif
1714 }
1715 else
1716 {
1717 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1718 options->pk_alg, NULL, NULL,
1719 NULL ) == 0 );
1720 }
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1721
1722 if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
1723 {
1724 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1725 options->client_min_version );
1726 }
1727
1728 if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
1729 {
1730 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1731 options->client_max_version );
1732 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1733
1734 if( strlen( options->cipher ) > 0 )
1735 {
1736 set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
1737 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1738
1739#if defined (MBEDTLS_DEBUG_C)
1740 if( options->cli_log_fun )
1741 {
1742 mbedtls_debug_set_threshold( 4 );
1743 mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
1744 options->cli_log_obj );
1745 }
1746#endif
1747
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1748 /* Server side */
1749 if( options->dtls != 0 )
1750 {
1751 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1752 options->pk_alg, &server_context,
1753 &server_queue,
1754 &client_queue) == 0 );
1755#if defined(MBEDTLS_TIMING_C)
1756 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1757 mbedtls_timing_set_delay,
1758 mbedtls_timing_get_delay );
1759#endif
1760 }
1761 else
1762 {
1763 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1764 options->pk_alg, NULL, NULL, NULL ) == 0 );
1765 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1766
1767 mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
1768
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1769 if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
1770 {
1771 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1772 options->server_min_version );
1773 }
1774
1775 if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
1776 {
1777 mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1778 options->server_max_version );
1779 }
1780
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1781#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1782 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
1783 (unsigned char) options->mfl ) == 0 );
1784 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
1785 (unsigned char) options->mfl ) == 0 );
1786#else
1787 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
1788#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1789
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1790#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1791 if( options->psk_str != NULL && options->psk_str->len > 0 )
1792 {
1793 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
1794 options->psk_str->len,
1795 (const unsigned char *) psk_identity,
1796 strlen( psk_identity ) ) == 0 );
1797
1798 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
1799 options->psk_str->len,
1800 (const unsigned char *) psk_identity,
1801 strlen( psk_identity ) ) == 0 );
1802
1803 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
1804 }
1805#endif
1806#if defined(MBEDTLS_SSL_RENEGOTIATION)
1807 if( options->renegotiate )
1808 {
1809 mbedtls_ssl_conf_renegotiation( &(server.conf),
1810 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1811 mbedtls_ssl_conf_renegotiation( &(client.conf),
1812 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1813
1814 mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
1815 options->legacy_renegotiation );
1816 mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
1817 options->legacy_renegotiation );
1818 }
1819#endif /* MBEDTLS_SSL_RENEGOTIATION */
1820
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1821#if defined (MBEDTLS_DEBUG_C)
1822 if( options->srv_log_fun )
1823 {
1824 mbedtls_debug_set_threshold( 4 );
1825 mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
1826 options->srv_log_obj );
1827 }
1828#endif
1829
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1830 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
1831 &(server.socket),
1832 BUFFSIZE ) == 0 );
1833
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1834#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1835 if( options->resize_buffers != 0 )
1836 {
1837 /* Ensure that the buffer sizes are appropriate before resizes */
1838 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1839 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1840 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1841 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1842 }
1843#endif
1844
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1845 if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
1846 {
1847 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
1848 }
1849
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1850 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
1851 &(server.ssl),
1852 MBEDTLS_SSL_HANDSHAKE_OVER )
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1853 == expected_handshake_result );
1854
1855 if( expected_handshake_result != 0 )
1856 {
1857 /* Connection will have failed by this point, skip to cleanup */
1858 goto exit;
1859 }
1860
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1861 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1862 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1863
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1864 /* Check that we agree on the version... */
1865 TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
1866
1867 /* And check that the version negotiated is the expected one. */
1868 TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
1869
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1870#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1871 if( options->resize_buffers != 0 )
1872 {
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1873 if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
1874 options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1875 {
1876 /* A server, when using DTLS, might delay a buffer resize to happen
1877 * after it receives a message, so we force it. */
1878 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
1879
1880 TEST_ASSERT( client.ssl.out_buf_len ==
1881 mbedtls_ssl_get_output_buflen( &client.ssl ) );
1882 TEST_ASSERT( client.ssl.in_buf_len ==
1883 mbedtls_ssl_get_input_buflen( &client.ssl ) );
1884 TEST_ASSERT( server.ssl.out_buf_len ==
1885 mbedtls_ssl_get_output_buflen( &server.ssl ) );
1886 TEST_ASSERT( server.ssl.in_buf_len ==
1887 mbedtls_ssl_get_input_buflen( &server.ssl ) );
1888 }
1889 }
1890#endif
1891
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1892 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
1893 {
1894 /* Start data exchanging test */
1895 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
1896 options->expected_cli_fragments,
1897 &(server.ssl), options->srv_msg_len,
1898 options->expected_srv_fragments )
1899 == 0 );
1900 }
1901#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1902 if( options->serialize == 1 )
1903 {
1904 TEST_ASSERT( options->dtls == 1 );
1905
1906 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
1907 0, &context_buf_len )
1908 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1909
1910 context_buf = mbedtls_calloc( 1, context_buf_len );
1911 TEST_ASSERT( context_buf != NULL );
1912
1913 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
1914 context_buf_len,
1915 &context_buf_len ) == 0 );
1916
1917 mbedtls_ssl_free( &(server.ssl) );
1918 mbedtls_ssl_init( &(server.ssl) );
1919
1920 TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
1921
1922 mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
1923 mbedtls_mock_tcp_send_msg,
1924 mbedtls_mock_tcp_recv_msg,
1925 NULL );
1926
1927#if defined(MBEDTLS_TIMING_C)
1928 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1929 mbedtls_timing_set_delay,
1930 mbedtls_timing_get_delay );
1931#endif
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1932#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1933 if( options->resize_buffers != 0 )
1934 {
1935 /* Ensure that the buffer sizes are appropriate before resizes */
1936 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1937 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1938 }
1939#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1940 TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
1941 context_buf_len ) == 0 );
1942
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1943#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1944 /* Validate buffer sizes after context deserialization */
1945 if( options->resize_buffers != 0 )
1946 {
1947 TEST_ASSERT( server.ssl.out_buf_len ==
1948 mbedtls_ssl_get_output_buflen( &server.ssl ) );
1949 TEST_ASSERT( server.ssl.in_buf_len ==
1950 mbedtls_ssl_get_input_buflen( &server.ssl ) );
1951 }
1952#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1953 /* Retest writing/reading */
1954 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
1955 {
1956 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
1957 options->cli_msg_len,
1958 options->expected_cli_fragments,
1959 &(server.ssl),
1960 options->srv_msg_len,
1961 options->expected_srv_fragments )
1962 == 0 );
1963 }
1964 }
1965#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1966
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1967#if defined(MBEDTLS_SSL_RENEGOTIATION)
1968 if( options->renegotiate )
1969 {
1970 /* Start test with renegotiation */
1971 TEST_ASSERT( server.ssl.renego_status ==
1972 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1973 TEST_ASSERT( client.ssl.renego_status ==
1974 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1975
1976 /* After calling this function for the server, it only sends a handshake
1977 * request. All renegotiation should happen during data exchanging */
1978 TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
1979 TEST_ASSERT( server.ssl.renego_status ==
1980 MBEDTLS_SSL_RENEGOTIATION_PENDING );
1981 TEST_ASSERT( client.ssl.renego_status ==
1982 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1983
1984 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
1985 TEST_ASSERT( server.ssl.renego_status ==
1986 MBEDTLS_SSL_RENEGOTIATION_DONE );
1987 TEST_ASSERT( client.ssl.renego_status ==
1988 MBEDTLS_SSL_RENEGOTIATION_DONE );
1989
1990 /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
1991 * should happen inside this function. However in this test, we cannot
1992 * perform simultaneous communication betwen client and server so this
1993 * function will return waiting error on the socket. All rest of
1994 * renegotiation should happen during data exchanging */
1995 ret = mbedtls_ssl_renegotiate( &(client.ssl) );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1996#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1997 if( options->resize_buffers != 0 )
1998 {
1999 /* Ensure that the buffer sizes are appropriate before resizes */
2000 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
2001 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
2002 }
2003#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2004 TEST_ASSERT( ret == 0 ||
2005 ret == MBEDTLS_ERR_SSL_WANT_READ ||
2006 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2007 TEST_ASSERT( server.ssl.renego_status ==
2008 MBEDTLS_SSL_RENEGOTIATION_DONE );
2009 TEST_ASSERT( client.ssl.renego_status ==
2010 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
2011
2012 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
2013 TEST_ASSERT( server.ssl.renego_status ==
2014 MBEDTLS_SSL_RENEGOTIATION_DONE );
2015 TEST_ASSERT( client.ssl.renego_status ==
2016 MBEDTLS_SSL_RENEGOTIATION_DONE );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2017#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2018 /* Validate buffer sizes after renegotiation */
2019 if( options->resize_buffers != 0 )
2020 {
2021 TEST_ASSERT( client.ssl.out_buf_len ==
2022 mbedtls_ssl_get_output_buflen( &client.ssl ) );
2023 TEST_ASSERT( client.ssl.in_buf_len ==
2024 mbedtls_ssl_get_input_buflen( &client.ssl ) );
2025 TEST_ASSERT( server.ssl.out_buf_len ==
2026 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2027 TEST_ASSERT( server.ssl.in_buf_len ==
2028 mbedtls_ssl_get_input_buflen( &server.ssl ) );
2029 }
2030#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2031 }
2032#endif /* MBEDTLS_SSL_RENEGOTIATION */
2033
2034exit:
2035 mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
2036 mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2037#if defined (MBEDTLS_DEBUG_C)
2038 if( options->cli_log_fun || options->srv_log_fun )
2039 {
2040 mbedtls_debug_set_threshold( 0 );
2041 }
2042#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2043#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2044 if( context_buf != NULL )
2045 mbedtls_free( context_buf );
2046#endif
2047}
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]2048#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2049
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2050/* END_HEADER */
2051
2052/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2053 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2054 * END_DEPENDENCIES
2055 */
2056
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2057/* BEGIN_CASE */
2058void test_callback_buffer_sanity()
2059{
2060 enum { MSGLEN = 10 };
2061 mbedtls_test_buffer buf;
2062 unsigned char input[MSGLEN];
2063 unsigned char output[MSGLEN];
2064
2065 memset( input, 0, sizeof(input) );
2066
2067 /* Make sure calling put and get on NULL buffer results in error. */
2068 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
2069 == -1 );
2070 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
2071 == -1 );
2072 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2073
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2074 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
2075 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
2076
2077 /* Make sure calling put and get on a buffer that hasn't been set up results
2078 * in eror. */
2079 mbedtls_test_buffer_init( &buf );
2080
2081 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
2082 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
2083 == -1 );
2084 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2085
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2086 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
2087 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
2088
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2089 /* Make sure calling put and get on NULL input only results in
2090 * error if the length is not zero, and that a NULL output is valid for data
2091 * dropping.
2092 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2093
2094 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
2095
2096 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
2097 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2098 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2099 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
2100 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
2101
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]2102 /* Make sure calling put several times in the row is safe */
2103
2104 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
2105 == sizeof( input ) );
2106 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
2107 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
2108 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
2109 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
2110
2111
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2112exit:
2113
2114 mbedtls_test_buffer_free( &buf );
2115}
2116/* END_CASE */
2117
2118/*
2119 * Test if the implementation of `mbedtls_test_buffer` related functions is
2120 * correct and works as expected.
2121 *
2122 * That is
2123 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
2124 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2125 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
2126 * bytes.
2127 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2128 * - All of the bytes we got match the bytes we put in in a FIFO manner.
2129 */
2130
2131/* BEGIN_CASE */
2132void test_callback_buffer( int size, int put1, int put1_ret,
2133 int get1, int get1_ret, int put2, int put2_ret,
2134 int get2, int get2_ret )
2135{
2136 enum { ROUNDS = 2 };
2137 size_t put[ROUNDS];
2138 int put_ret[ROUNDS];
2139 size_t get[ROUNDS];
2140 int get_ret[ROUNDS];
2141 mbedtls_test_buffer buf;
2142 unsigned char* input = NULL;
2143 size_t input_len;
2144 unsigned char* output = NULL;
2145 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2146 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2147
2148 mbedtls_test_buffer_init( &buf );
2149 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
2150
2151 /* Check the sanity of input parameters and initialise local variables. That
2152 * is, ensure that the amount of data is not negative and that we are not
2153 * expecting more to put or get than we actually asked for. */
2154 TEST_ASSERT( put1 >= 0 );
2155 put[0] = put1;
2156 put_ret[0] = put1_ret;
2157 TEST_ASSERT( put1_ret <= put1 );
2158 TEST_ASSERT( put2 >= 0 );
2159 put[1] = put2;
2160 put_ret[1] = put2_ret;
2161 TEST_ASSERT( put2_ret <= put2 );
2162
2163 TEST_ASSERT( get1 >= 0 );
2164 get[0] = get1;
2165 get_ret[0] = get1_ret;
2166 TEST_ASSERT( get1_ret <= get1 );
2167 TEST_ASSERT( get2 >= 0 );
2168 get[1] = get2;
2169 get_ret[1] = get2_ret;
2170 TEST_ASSERT( get2_ret <= get2 );
2171
2172 input_len = 0;
2173 /* Calculate actual input and output lengths */
2174 for( j = 0; j < ROUNDS; j++ )
2175 {
2176 if( put_ret[j] > 0 )
2177 {
2178 input_len += put_ret[j];
2179 }
2180 }
2181 /* In order to always have a valid pointer we always allocate at least 1
2182 * byte. */
2183 if( input_len == 0 )
2184 input_len = 1;
2185 ASSERT_ALLOC( input, input_len );
2186
2187 output_len = 0;
2188 for( j = 0; j < ROUNDS; j++ )
2189 {
2190 if( get_ret[j] > 0 )
2191 {
2192 output_len += get_ret[j];
2193 }
2194 }
2195 TEST_ASSERT( output_len <= input_len );
2196 /* In order to always have a valid pointer we always allocate at least 1
2197 * byte. */
2198 if( output_len == 0 )
2199 output_len = 1;
2200 ASSERT_ALLOC( output, output_len );
2201
2202 /* Fill up the buffer with structured data so that unwanted changes
2203 * can be detected */
2204 for( i = 0; i < input_len; i++ )
2205 {
2206 input[i] = i & 0xFF;
2207 }
2208
2209 written = read = 0;
2210 for( j = 0; j < ROUNDS; j++ )
2211 {
2212 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
2213 input + written, put[j] ) );
2214 written += put_ret[j];
2215 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
2216 output + read, get[j] ) );
2217 read += get_ret[j];
2218 TEST_ASSERT( read <= written );
2219 if( get_ret[j] > 0 )
2220 {
2221 TEST_ASSERT( memcmp( output + read - get_ret[j],
2222 input + read - get_ret[j], get_ret[j] )
2223 == 0 );
2224 }
2225 }
2226
2227exit:
2228
2229 mbedtls_free( input );
2230 mbedtls_free( output );
2231 mbedtls_test_buffer_free( &buf );
2232}
2233/* END_CASE */
2234
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2235/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2236 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
2237 * correct and works as expected on unconnected sockets.
2238 */
2239
2240/* BEGIN_CASE */
2241void ssl_mock_sanity( )
2242{
2243 enum { MSGLEN = 105 };
2244 unsigned char message[MSGLEN];
2245 unsigned char received[MSGLEN];
2246 mbedtls_mock_socket socket;
2247
2248 mbedtls_mock_socket_init( &socket );
2249 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
2250 mbedtls_mock_socket_close( &socket );
2251 mbedtls_mock_socket_init( &socket );
2252 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
2253 mbedtls_mock_socket_close( &socket );
2254
2255 mbedtls_mock_socket_init( &socket );
2256 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
2257 mbedtls_mock_socket_close( &socket );
2258 mbedtls_mock_socket_init( &socket );
2259 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
2260 mbedtls_mock_socket_close( &socket );
2261
2262exit:
2263
2264 mbedtls_mock_socket_close( &socket );
2265}
2266/* END_CASE */
2267
2268/*
2269 * Test if the implementation of `mbedtls_mock_socket` related functions can
2270 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2271 */
2272
2273/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2274void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2275{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2276 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2277 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2278 unsigned char message[MSGLEN];
2279 unsigned char received[MSGLEN];
2280 mbedtls_mock_socket client;
2281 mbedtls_mock_socket server;
2282 size_t written, read;
2283 int send_ret, recv_ret;
2284 mbedtls_ssl_send_t *send;
2285 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2286 unsigned i;
2287
2288 if( blocking == 0 )
2289 {
2290 send = mbedtls_mock_tcp_send_nb;
2291 recv = mbedtls_mock_tcp_recv_nb;
2292 }
2293 else
2294 {
2295 send = mbedtls_mock_tcp_send_b;
2296 recv = mbedtls_mock_tcp_recv_b;
2297 }
2298
2299 mbedtls_mock_socket_init( &client );
2300 mbedtls_mock_socket_init( &server );
2301
2302 /* Fill up the buffer with structured data so that unwanted changes
2303 * can be detected */
2304 for( i = 0; i < MSGLEN; i++ )
2305 {
2306 message[i] = i & 0xFF;
2307 }
2308
2309 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2310 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2311
2312 /* Send the message to the server */
2313 send_ret = recv_ret = 1;
2314 written = read = 0;
2315 while( send_ret != 0 || recv_ret != 0 )
2316 {
2317 send_ret = send( &client, message + written, MSGLEN - written );
2318
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2319 TEST_ASSERT( send_ret >= 0 );
2320 TEST_ASSERT( send_ret <= BUFLEN );
2321 written += send_ret;
2322
2323 /* If the buffer is full we can test blocking and non-blocking send */
2324 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2325 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2326 int blocking_ret = send( &client, message , 1 );
2327 if ( blocking )
2328 {
2329 TEST_ASSERT( blocking_ret == 0 );
2330 }
2331 else
2332 {
2333 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2334 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2335 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2336
2337 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2338
2339 /* The result depends on whether any data was sent */
2340 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2341 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2342 TEST_ASSERT( recv_ret > 0 );
2343 TEST_ASSERT( recv_ret <= BUFLEN );
2344 read += recv_ret;
2345 }
2346 else if( blocking )
2347 {
2348 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2349 }
2350 else
2351 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2352 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
2353 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2354 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2355
2356 /* If the buffer is empty we can test blocking and non-blocking read */
2357 if ( recv_ret == BUFLEN )
2358 {
2359 int blocking_ret = recv( &server, received, 1 );
2360 if ( blocking )
2361 {
2362 TEST_ASSERT( blocking_ret == 0 );
2363 }
2364 else
2365 {
2366 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2367 }
2368 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2369 }
2370 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2371
2372exit:
2373
2374 mbedtls_mock_socket_close( &client );
2375 mbedtls_mock_socket_close( &server );
2376}
2377/* END_CASE */
2378
2379/*
2380 * Test if the implementation of `mbedtls_mock_socket` related functions can
2381 * send messages in both direction at the same time (with the I/O calls
2382 * interleaving).
2383 */
2384
2385/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2386void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2387{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2388 enum { ROUNDS = 2 };
2389 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2390 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2391 unsigned char message[ROUNDS][MSGLEN];
2392 unsigned char received[ROUNDS][MSGLEN];
2393 mbedtls_mock_socket client;
2394 mbedtls_mock_socket server;
2395 size_t written[ROUNDS];
2396 size_t read[ROUNDS];
2397 int send_ret[ROUNDS];
2398 int recv_ret[ROUNDS];
2399 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2400 mbedtls_ssl_send_t *send;
2401 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2402
2403 if( blocking == 0 )
2404 {
2405 send = mbedtls_mock_tcp_send_nb;
2406 recv = mbedtls_mock_tcp_recv_nb;
2407 }
2408 else
2409 {
2410 send = mbedtls_mock_tcp_send_b;
2411 recv = mbedtls_mock_tcp_recv_b;
2412 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2413
2414 mbedtls_mock_socket_init( &client );
2415 mbedtls_mock_socket_init( &server );
2416
2417 /* Fill up the buffers with structured data so that unwanted changes
2418 * can be detected */
2419 for( i = 0; i < ROUNDS; i++ )
2420 {
2421 for( j = 0; j < MSGLEN; j++ )
2422 {
2423 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
2424 }
2425 }
2426
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2427 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2428 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2429
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2430 /* Send the message from both sides, interleaving. */
2431 progress = 1;
2432 for( i = 0; i < ROUNDS; i++ )
2433 {
2434 written[i] = 0;
2435 read[i] = 0;
2436 }
2437 /* This loop does not stop as long as there was a successful write or read
2438 * of at least one byte on either side. */
2439 while( progress != 0 )
2440 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2441 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2442
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2443 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2444 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2445 /* First sending is from the client */
2446 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2447
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2448 send_ret[i] = send( socket, message[i] + written[i],
2449 MSGLEN - written[i] );
2450 TEST_ASSERT( send_ret[i] >= 0 );
2451 TEST_ASSERT( send_ret[i] <= BUFLEN );
2452 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2453
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2454 /* If the buffer is full we can test blocking and non-blocking
2455 * send */
2456 if ( send_ret[i] == BUFLEN )
2457 {
2458 int blocking_ret = send( socket, message[i] , 1 );
2459 if ( blocking )
2460 {
2461 TEST_ASSERT( blocking_ret == 0 );
2462 }
2463 else
2464 {
2465 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2466 }
2467 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2468 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2469
2470 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2471 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2472 /* First receiving is from the server */
2473 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
2474
2475 recv_ret[i] = recv( socket, received[i] + read[i],
2476 MSGLEN - read[i] );
2477
2478 /* The result depends on whether any data was sent */
2479 if ( send_ret[i] > 0 )
2480 {
2481 TEST_ASSERT( recv_ret[i] > 0 );
2482 TEST_ASSERT( recv_ret[i] <= BUFLEN );
2483 read[i] += recv_ret[i];
2484 }
2485 else if( blocking )
2486 {
2487 TEST_ASSERT( recv_ret[i] == 0 );
2488 }
2489 else
2490 {
2491 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
2492 recv_ret[i] = 0;
2493 }
2494
2495 /* If the buffer is empty we can test blocking and non-blocking
2496 * read */
2497 if ( recv_ret[i] == BUFLEN )
2498 {
2499 int blocking_ret = recv( socket, received[i], 1 );
2500 if ( blocking )
2501 {
2502 TEST_ASSERT( blocking_ret == 0 );
2503 }
2504 else
2505 {
2506 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2507 }
2508 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2509 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2510
2511 progress = 0;
2512 for( i = 0; i < ROUNDS; i++ )
2513 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2514 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2515 }
2516 }
2517
2518 for( i = 0; i < ROUNDS; i++ )
2519 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
2520
2521exit:
2522
2523 mbedtls_mock_socket_close( &client );
2524 mbedtls_mock_socket_close( &server );
2525}
2526/* END_CASE */
2527
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2528/* BEGIN_CASE */
2529void ssl_message_queue_sanity( )
2530{
2531 mbedtls_test_message_queue queue;
2532
2533 /* Trying to push/pull to an empty queue */
2534 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
2535 == MBEDTLS_TEST_ERROR_ARG_NULL );
2536 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
2537 == MBEDTLS_TEST_ERROR_ARG_NULL );
2538
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2539 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2540 TEST_ASSERT( queue.capacity == 3 );
2541 TEST_ASSERT( queue.num == 0 );
2542
2543exit:
2544 mbedtls_test_message_queue_free( &queue );
2545}
2546/* END_CASE */
2547
2548/* BEGIN_CASE */
2549void ssl_message_queue_basic( )
2550{
2551 mbedtls_test_message_queue queue;
2552
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2553 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2554
2555 /* Sanity test - 3 pushes and 3 pops with sufficient space */
2556 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2557 TEST_ASSERT( queue.capacity == 3 );
2558 TEST_ASSERT( queue.num == 1 );
2559 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2560 TEST_ASSERT( queue.capacity == 3 );
2561 TEST_ASSERT( queue.num == 2 );
2562 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2563 TEST_ASSERT( queue.capacity == 3 );
2564 TEST_ASSERT( queue.num == 3 );
2565
2566 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2567 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2568 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2569
2570exit:
2571 mbedtls_test_message_queue_free( &queue );
2572}
2573/* END_CASE */
2574
2575/* BEGIN_CASE */
2576void ssl_message_queue_overflow_underflow( )
2577{
2578 mbedtls_test_message_queue queue;
2579
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2580 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2581
2582 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
2583 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2584 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2585 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2586 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2587 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2588
2589 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2590 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2591 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2592
2593 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2594 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2595
2596exit:
2597 mbedtls_test_message_queue_free( &queue );
2598}
2599/* END_CASE */
2600
2601/* BEGIN_CASE */
2602void ssl_message_queue_interleaved( )
2603{
2604 mbedtls_test_message_queue queue;
2605
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2606 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2607
2608 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
2609 * (to wrap around the buffer) */
2610 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2611 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2612
2613 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2614
2615 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2616 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
2617
2618 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2619 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2620
2621 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
2622 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
2623
2624 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
2625
2626 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
2627
2628 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
2629
2630exit:
2631 mbedtls_test_message_queue_free( &queue );
2632}
2633/* END_CASE */
2634
2635/* BEGIN_CASE */
2636void ssl_message_queue_insufficient_buffer( )
2637{
2638 mbedtls_test_message_queue queue;
2639 size_t message_len = 10;
2640 size_t buffer_len = 5;
2641
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2642 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 1 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2643
2644 /* Popping without a sufficient buffer */
2645 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
2646 == (int) message_len );
2647 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
2648 == (int) buffer_len );
2649exit:
2650 mbedtls_test_message_queue_free( &queue );
2651}
2652/* END_CASE */
2653
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2654/* BEGIN_CASE */
2655void ssl_message_mock_uninitialized( )
2656{
2657 enum { MSGLEN = 10 };
2658 unsigned char message[MSGLEN], received[MSGLEN];
2659 mbedtls_mock_socket client, server;
2660 mbedtls_test_message_queue server_queue, client_queue;
2661 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2662 mbedtls_message_socket_init( &server_context );
2663 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2664
2665 /* Send with a NULL context */
2666 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
2667 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2668
2669 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
2670 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2671
2672 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2673 &server,
2674 &server_context ) == 0 );
2675
2676 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2677 &client,
2678 &client_context ) == 0 );
2679
2680 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
2681 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2682
2683 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2684 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2685
2686 /* Push directly to a queue to later simulate a disconnected behavior */
2687 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
2688 == MSGLEN );
2689
2690 /* Test if there's an error when trying to read from a disconnected
2691 * socket */
2692 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2693 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2694 exit:
2695 mbedtls_message_socket_close( &server_context );
2696 mbedtls_message_socket_close( &client_context );
2697}
2698/* END_CASE */
2699
2700/* BEGIN_CASE */
2701void ssl_message_mock_basic( )
2702{
2703 enum { MSGLEN = 10 };
2704 unsigned char message[MSGLEN], received[MSGLEN];
2705 mbedtls_mock_socket client, server;
2706 unsigned i;
2707 mbedtls_test_message_queue server_queue, client_queue;
2708 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2709 mbedtls_message_socket_init( &server_context );
2710 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2711
2712 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2713 &server,
2714 &server_context ) == 0 );
2715
2716 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2717 &client,
2718 &client_context ) == 0 );
2719
2720 /* Fill up the buffer with structured data so that unwanted changes
2721 * can be detected */
2722 for( i = 0; i < MSGLEN; i++ )
2723 {
2724 message[i] = i & 0xFF;
2725 }
2726 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2727 MSGLEN ) );
2728
2729 /* Send the message to the server */
2730 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2731 MSGLEN ) == MSGLEN );
2732
2733 /* Read from the server */
2734 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2735 == MSGLEN );
2736
2737 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2738 memset( received, 0, MSGLEN );
2739
2740 /* Send the message to the client */
2741 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2742 MSGLEN ) == MSGLEN );
2743
2744 /* Read from the client */
2745 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2746 == MSGLEN );
2747 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2748
2749 exit:
2750 mbedtls_message_socket_close( &server_context );
2751 mbedtls_message_socket_close( &client_context );
2752}
2753/* END_CASE */
2754
2755/* BEGIN_CASE */
2756void ssl_message_mock_queue_overflow_underflow( )
2757{
2758 enum { MSGLEN = 10 };
2759 unsigned char message[MSGLEN], received[MSGLEN];
2760 mbedtls_mock_socket client, server;
2761 unsigned i;
2762 mbedtls_test_message_queue server_queue, client_queue;
2763 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2764 mbedtls_message_socket_init( &server_context );
2765 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2766
2767 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2768 &server,
2769 &server_context ) == 0 );
2770
2771 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2772 &client,
2773 &client_context ) == 0 );
2774
2775 /* Fill up the buffer with structured data so that unwanted changes
2776 * can be detected */
2777 for( i = 0; i < MSGLEN; i++ )
2778 {
2779 message[i] = i & 0xFF;
2780 }
2781 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2782 MSGLEN*2 ) );
2783
2784 /* Send three message to the server, last one with an error */
2785 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2786 MSGLEN - 1 ) == MSGLEN - 1 );
2787
2788 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2789 MSGLEN ) == MSGLEN );
2790
2791 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2792 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2793 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2794
2795 /* Read three messages from the server, last one with an error */
2796 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2797 MSGLEN - 1 ) == MSGLEN - 1 );
2798
2799 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2800 == MSGLEN );
2801
2802 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2803
2804 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2805 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2806
2807 exit:
2808 mbedtls_message_socket_close( &server_context );
2809 mbedtls_message_socket_close( &client_context );
2810}
2811/* END_CASE */
2812
2813/* BEGIN_CASE */
2814void ssl_message_mock_socket_overflow( )
2815{
2816 enum { MSGLEN = 10 };
2817 unsigned char message[MSGLEN], received[MSGLEN];
2818 mbedtls_mock_socket client, server;
2819 unsigned i;
2820 mbedtls_test_message_queue server_queue, client_queue;
2821 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2822 mbedtls_message_socket_init( &server_context );
2823 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2824
2825 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2826 &server,
2827 &server_context ) == 0 );
2828
2829 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2830 &client,
2831 &client_context ) == 0 );
2832
2833 /* Fill up the buffer with structured data so that unwanted changes
2834 * can be detected */
2835 for( i = 0; i < MSGLEN; i++ )
2836 {
2837 message[i] = i & 0xFF;
2838 }
2839 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2840 MSGLEN ) );
2841
2842 /* Send two message to the server, second one with an error */
2843 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2844 MSGLEN ) == MSGLEN );
2845
2846 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2847 MSGLEN )
2848 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2849
2850 /* Read the only message from the server */
2851 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2852 == MSGLEN );
2853
2854 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2855
2856 exit:
2857 mbedtls_message_socket_close( &server_context );
2858 mbedtls_message_socket_close( &client_context );
2859}
2860/* END_CASE */
2861
2862/* BEGIN_CASE */
2863void ssl_message_mock_truncated( )
2864{
2865 enum { MSGLEN = 10 };
2866 unsigned char message[MSGLEN], received[MSGLEN];
2867 mbedtls_mock_socket client, server;
2868 unsigned i;
2869 mbedtls_test_message_queue server_queue, client_queue;
2870 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2871 mbedtls_message_socket_init( &server_context );
2872 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2873
2874 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2875 &server,
2876 &server_context ) == 0 );
2877
2878 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2879 &client,
2880 &client_context ) == 0 );
2881
2882 memset( received, 0, MSGLEN );
2883 /* Fill up the buffer with structured data so that unwanted changes
2884 * can be detected */
2885 for( i = 0; i < MSGLEN; i++ )
2886 {
2887 message[i] = i & 0xFF;
2888 }
2889 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2890 2 * MSGLEN ) );
2891
2892 /* Send two messages to the server, the second one small enough to fit in the
2893 * receiver's buffer. */
2894 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2895 MSGLEN ) == MSGLEN );
2896 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2897 MSGLEN / 2 ) == MSGLEN / 2 );
2898 /* Read a truncated message from the server */
2899 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2900 == MSGLEN/2 );
2901
2902 /* Test that the first half of the message is valid, and second one isn't */
2903 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2904 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2905 != 0 );
2906 memset( received, 0, MSGLEN );
2907
2908 /* Read a full message from the server */
2909 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2910 == MSGLEN / 2 );
2911
2912 /* Test that the first half of the message is valid */
2913 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2914
2915 exit:
2916 mbedtls_message_socket_close( &server_context );
2917 mbedtls_message_socket_close( &client_context );
2918}
2919/* END_CASE */
2920
2921/* BEGIN_CASE */
2922void ssl_message_mock_socket_read_error( )
2923{
2924 enum { MSGLEN = 10 };
2925 unsigned char message[MSGLEN], received[MSGLEN];
2926 mbedtls_mock_socket client, server;
2927 unsigned i;
2928 mbedtls_test_message_queue server_queue, client_queue;
2929 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2930 mbedtls_message_socket_init( &server_context );
2931 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2932
2933 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2934 &server,
2935 &server_context ) == 0 );
2936
2937 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2938 &client,
2939 &client_context ) == 0 );
2940
2941 /* Fill up the buffer with structured data so that unwanted changes
2942 * can be detected */
2943 for( i = 0; i < MSGLEN; i++ )
2944 {
2945 message[i] = i & 0xFF;
2946 }
2947 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2948 MSGLEN ) );
2949
2950 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2951 MSGLEN ) == MSGLEN );
2952
2953 /* Force a read error by disconnecting the socket by hand */
2954 server.status = 0;
2955 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2956 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2957 /* Return to a valid state */
2958 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2959
2960 memset( received, 0, sizeof( received ) );
2961
2962 /* Test that even though the server tried to read once disconnected, the
2963 * continuity is preserved */
2964 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2965 == MSGLEN );
2966
2967 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2968
2969 exit:
2970 mbedtls_message_socket_close( &server_context );
2971 mbedtls_message_socket_close( &client_context );
2972}
2973/* END_CASE */
2974
2975/* BEGIN_CASE */
2976void ssl_message_mock_interleaved_one_way( )
2977{
2978 enum { MSGLEN = 10 };
2979 unsigned char message[MSGLEN], received[MSGLEN];
2980 mbedtls_mock_socket client, server;
2981 unsigned i;
2982 mbedtls_test_message_queue server_queue, client_queue;
2983 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2984 mbedtls_message_socket_init( &server_context );
2985 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2986
2987 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2988 &server,
2989 &server_context ) == 0 );
2990
2991 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2992 &client,
2993 &client_context ) == 0 );
2994
2995 /* Fill up the buffer with structured data so that unwanted changes
2996 * can be detected */
2997 for( i = 0; i < MSGLEN; i++ )
2998 {
2999 message[i] = i & 0xFF;
3000 }
3001 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3002 MSGLEN*3 ) );
3003
3004 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
3005 * (to wrap around the buffer) */
3006 for( i = 0; i < 2; i++ )
3007 {
3008 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3009 MSGLEN ) == MSGLEN );
3010
3011 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3012 MSGLEN ) == MSGLEN );
3013
3014 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3015 MSGLEN ) == MSGLEN );
3016 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3017 memset( received, 0, sizeof( received ) );
3018 }
3019
3020 for( i = 0; i < 2; i++ )
3021 {
3022 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3023 MSGLEN ) == MSGLEN );
3024
3025 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3026 }
3027 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3028 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3029 exit:
3030 mbedtls_message_socket_close( &server_context );
3031 mbedtls_message_socket_close( &client_context );
3032}
3033/* END_CASE */
3034
3035/* BEGIN_CASE */
3036void ssl_message_mock_interleaved_two_ways( )
3037{
3038 enum { MSGLEN = 10 };
3039 unsigned char message[MSGLEN], received[MSGLEN];
3040 mbedtls_mock_socket client, server;
3041 unsigned i;
3042 mbedtls_test_message_queue server_queue, client_queue;
3043 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3044 mbedtls_message_socket_init( &server_context );
3045 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3046
3047 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
3048 &server,
3049 &server_context ) == 0 );
3050
3051 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
3052 &client,
3053 &client_context ) == 0 );
3054
3055 /* Fill up the buffer with structured data so that unwanted changes
3056 * can be detected */
3057 for( i = 0; i < MSGLEN; i++ )
3058 {
3059 message[i] = i & 0xFF;
3060 }
3061 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3062 MSGLEN*3 ) );
3063
3064 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
3065 * (to wrap around the buffer) both ways. */
3066 for( i = 0; i < 2; i++ )
3067 {
3068 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3069 MSGLEN ) == MSGLEN );
3070
3071 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3072 MSGLEN ) == MSGLEN );
3073
3074 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3075 MSGLEN ) == MSGLEN );
3076
3077 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3078 MSGLEN ) == MSGLEN );
3079
3080 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3081 MSGLEN ) == MSGLEN );
3082
3083 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3084
3085 memset( received, 0, sizeof( received ) );
3086
3087 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3088 MSGLEN ) == MSGLEN );
3089
3090 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3091
3092 memset( received, 0, sizeof( received ) );
3093 }
3094
3095 for( i = 0; i < 2; i++ )
3096 {
3097 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3098 MSGLEN ) == MSGLEN );
3099
3100 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3101 memset( received, 0, sizeof( received ) );
3102
3103 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3104 MSGLEN ) == MSGLEN );
3105
3106 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3107 memset( received, 0, sizeof( received ) );
3108 }
3109
3110 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3111 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3112
3113 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3114 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3115 exit:
3116 mbedtls_message_socket_close( &server_context );
3117 mbedtls_message_socket_close( &client_context );
3118}
3119/* END_CASE */
3120
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3121/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]3122void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3123{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3124 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3125 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3126 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3127
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]3128 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3129 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]3130
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]3131 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
3132 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]3133 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
3134 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3135 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3136
3137 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3138 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3139 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3140 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3141 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3142 }
3143
3144 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3145 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3146 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3147
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3148 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3149 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3150}
3151/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]3152
3153/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
3154void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
3155{
3156 mbedtls_ssl_context ssl;
3157 mbedtls_ssl_init( &ssl );
3158
3159 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
3160 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
3161
3162 mbedtls_ssl_free( &ssl );
3163}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]3164/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3165
3166/* BEGIN_CASE */
3167void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3168 int etm, int tag_mode, int ver,
3169 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3170{
3171 /*
3172 * Test several record encryptions and decryptions
3173 * with plenty of space before and after the data
3174 * within the record buffer.
3175 */
3176
3177 int ret;
3178 int num_records = 16;
3179 mbedtls_ssl_context ssl; /* ONLY for debugging */
3180
3181 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3182 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3183 size_t const buflen = 512;
3184 mbedtls_record rec, rec_backup;
3185
3186 mbedtls_ssl_init( &ssl );
3187 mbedtls_ssl_transform_init( &t0 );
3188 mbedtls_ssl_transform_init( &t1 );
3189 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3190 etm, tag_mode, ver,
3191 (size_t) cid0_len,
3192 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3193
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3194 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3195
3196 while( num_records-- > 0 )
3197 {
3198 mbedtls_ssl_transform *t_dec, *t_enc;
3199 /* Take turns in who's sending and who's receiving. */
3200 if( num_records % 3 == 0 )
3201 {
3202 t_dec = &t0;
3203 t_enc = &t1;
3204 }
3205 else
3206 {
3207 t_dec = &t1;
3208 t_enc = &t0;
3209 }
3210
3211 /*
3212 * The record header affects the transformation in two ways:
3213 * 1) It determines the AEAD additional data
3214 * 2) The record counter sometimes determines the IV.
3215 *
3216 * Apart from that, the fields don't have influence.
3217 * In particular, it is currently not the responsibility
3218 * of ssl_encrypt/decrypt_buf to check if the transform
3219 * version matches the record version, or that the
3220 * type is sensible.
3221 */
3222
3223 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
3224 rec.type = 42;
3225 rec.ver[0] = num_records;
3226 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3227#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3228 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3229#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3230
3231 rec.buf = buf;
3232 rec.buf_len = buflen;
3233 rec.data_offset = 16;
3234 /* Make sure to vary the length to exercise different
3235 * paddings. */
3236 rec.data_len = 1 + num_records;
3237
3238 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3239
3240 /* Make a copy for later comparison */
3241 rec_backup = rec;
3242
3243 /* Encrypt record */
3244 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]3245 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3246 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3247 if( ret != 0 )
3248 {
3249 continue;
3250 }
3251
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3252#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3253 if( rec.cid_len != 0 )
3254 {
3255 /* DTLS 1.2 + CID hides the real content type and
3256 * uses a special CID content type in the protected
3257 * record. Double-check this. */
3258 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3259 }
3260#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3261
3262#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
3263 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3264 {
3265 /* TLS 1.3 hides the real content type and
3266 * always uses Application Data as the content type
3267 * for protected records. Double-check this. */
3268 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3269 }
3270#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3271
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3272 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3273 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
3274 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3275
3276 /* Compare results */
3277 TEST_ASSERT( rec.type == rec_backup.type );
3278 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3279 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3280 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3281 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3282 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3283 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3284 rec_backup.buf + rec_backup.data_offset,
3285 rec.data_len ) == 0 );
3286 }
3287
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3288exit:
3289
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3290 /* Cleanup */
3291 mbedtls_ssl_free( &ssl );
3292 mbedtls_ssl_transform_free( &t0 );
3293 mbedtls_ssl_transform_free( &t1 );
3294
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3295 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3296}
3297/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3298
3299/* BEGIN_CASE */
3300void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3301 int etm, int tag_mode, int ver,
3302 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3303{
3304 /*
3305 * Test pairs of encryption and decryption with an increasing
3306 * amount of space in the record buffer - in more detail:
3307 * 1) Try to encrypt with 0, 1, 2, ... bytes available
3308 * in front of the plaintext, and expect the encryption
3309 * to succeed starting from some offset. Always keep
3310 * enough space in the end of the buffer.
3311 * 2) Try to encrypt with 0, 1, 2, ... bytes available
3312 * at the end of the plaintext, and expect the encryption
3313 * to succeed starting from some offset. Always keep
3314 * enough space at the beginning of the buffer.
3315 * 3) Try to encrypt with 0, 1, 2, ... bytes available
3316 * both at the front and end of the plaintext,
3317 * and expect the encryption to succeed starting from
3318 * some offset.
3319 *
3320 * If encryption succeeds, check that decryption succeeds
3321 * and yields the original record.
3322 */
3323
3324 mbedtls_ssl_context ssl; /* ONLY for debugging */
3325
3326 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3327 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3328 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3329 mbedtls_record rec, rec_backup;
3330
3331 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3332 int mode; /* Mode 1, 2 or 3 as explained above */
3333 size_t offset; /* Available space at beginning/end/both */
3334 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3335
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3336 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
3337 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3338
3339 int seen_success; /* Indicates if in the current mode we've
3340 * already seen a successful test. */
3341
3342 mbedtls_ssl_init( &ssl );
3343 mbedtls_ssl_transform_init( &t0 );
3344 mbedtls_ssl_transform_init( &t1 );
3345 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3346 etm, tag_mode, ver,
3347 (size_t) cid0_len,
3348 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3349
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3350 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3351
3352 for( mode=1; mode <= 3; mode++ )
3353 {
3354 seen_success = 0;
3355 for( offset=0; offset <= threshold; offset++ )
3356 {
3357 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]3358 t_dec = &t0;
3359 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3360
3361 memset( rec.ctr, offset, sizeof( rec.ctr ) );
3362 rec.type = 42;
3363 rec.ver[0] = offset;
3364 rec.ver[1] = offset;
3365 rec.buf = buf;
3366 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3367#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3368 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3369#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3370
3371 switch( mode )
3372 {
3373 case 1: /* Space in the beginning */
3374 rec.data_offset = offset;
3375 rec.data_len = buflen - offset - default_post_padding;
3376 break;
3377
3378 case 2: /* Space in the end */
3379 rec.data_offset = default_pre_padding;
3380 rec.data_len = buflen - default_pre_padding - offset;
3381 break;
3382
3383 case 3: /* Space in the beginning and end */
3384 rec.data_offset = offset;
3385 rec.data_len = buflen - 2 * offset;
3386 break;
3387
3388 default:
3389 TEST_ASSERT( 0 );
3390 break;
3391 }
3392
3393 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3394
3395 /* Make a copy for later comparison */
3396 rec_backup = rec;
3397
3398 /* Encrypt record */
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]3399 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
3400 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3401
3402 if( ( mode == 1 || mode == 2 ) && seen_success )
3403 {
3404 TEST_ASSERT( ret == 0 );
3405 }
3406 else
3407 {
3408 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3409 if( ret == 0 )
3410 seen_success = 1;
3411 }
3412
3413 if( ret != 0 )
3414 continue;
3415
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3416#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3417 if( rec.cid_len != 0 )
3418 {
3419 /* DTLS 1.2 + CID hides the real content type and
3420 * uses a special CID content type in the protected
3421 * record. Double-check this. */
3422 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3423 }
3424#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3425
3426#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
3427 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3428 {
3429 /* TLS 1.3 hides the real content type and
3430 * always uses Application Data as the content type
3431 * for protected records. Double-check this. */
3432 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3433 }
3434#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3435
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3436 /* Decrypt record with t_dec */
3437 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
3438
3439 /* Compare results */
3440 TEST_ASSERT( rec.type == rec_backup.type );
3441 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3442 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3443 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3444 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3445 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3446 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3447 rec_backup.buf + rec_backup.data_offset,
3448 rec.data_len ) == 0 );
3449 }
3450
3451 TEST_ASSERT( seen_success == 1 );
3452 }
3453
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3454exit:
3455
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3456 /* Cleanup */
3457 mbedtls_ssl_free( &ssl );
3458 mbedtls_ssl_transform_free( &t0 );
3459 mbedtls_ssl_transform_free( &t1 );
3460
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3461 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3462}
3463/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3464
Manuel Pégourié-Gonnard913a2042020-07-09 10:02:41 +0200[diff] [blame]3465/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3466void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3467 int length_selector )
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3468{
3469 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3470 * Test record decryption for CBC without EtM, focused on the verification
3471 * of padding and MAC.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3472 *
3473 * Actually depends on TLS >= 1.0 (SSL 3.0 computes the MAC differently),
Manuel Pégourié-Gonnard913a2042020-07-09 10:02:41 +0200[diff] [blame]3474 * and either AES, ARIA, Camellia or DES, but since the test framework
3475 * doesn't support alternation in dependency statements, just depend on
3476 * TLS 1.2 and AES.
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3477 *
3478 * The length_selector argument is interpreted as follows:
3479 * - if it's -1, the plaintext length is 0 and minimal padding is applied
3480 * - if it's -2, the plaintext length is 0 and maximal padding is applied
3481 * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
3482 * it's the length of the rest of the padding, that is, excluding the
3483 * byte that encodes the length. The minimal non-zero plaintext length
3484 * that gives this padding_length is automatically selected.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3485 */
3486 mbedtls_ssl_context ssl; /* ONLY for debugging */
3487 mbedtls_ssl_transform t0, t1;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3488 mbedtls_record rec, rec_save;
3489 unsigned char *buf = NULL, *buf_save = NULL;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3490 size_t buflen, olen = 0;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3491 size_t plaintext_len, block_size, i;
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3492 unsigned char padlen; /* excluding the padding_length byte */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3493 unsigned char add_data[13];
3494 unsigned char mac[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3495 int exp_ret;
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +0200[diff] [blame]3496 const unsigned char pad_max_len = 255; /* Per the standard */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3497
3498 mbedtls_ssl_init( &ssl );
3499 mbedtls_ssl_transform_init( &t0 );
3500 mbedtls_ssl_transform_init( &t1 );
3501
3502 /* Set up transforms with dummy keys */
3503 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
3504 0, trunc_hmac,
3505 MBEDTLS_SSL_MINOR_VERSION_3,
3506 0 , 0 ) == 0 );
3507
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3508 /* Determine padding/plaintext length */
3509 TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3510 block_size = t0.ivlen;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3511 if( length_selector < 0 )
3512 {
3513 plaintext_len = 0;
3514
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3515 /* Minimal padding
3516 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3517 padlen = block_size - ( t0.maclen + 1 ) % block_size;
3518
3519 /* Maximal padding? */
3520 if( length_selector == -2 )
3521 padlen += block_size * ( ( pad_max_len - padlen ) / block_size );
3522 }
3523 else
3524 {
3525 padlen = length_selector;
3526
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3527 /* Minimal non-zero plaintext_length giving desired padding.
3528 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3529 plaintext_len = block_size - ( padlen + t0.maclen + 1 ) % block_size;
3530 }
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3531
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3532 /* Prepare a buffer for record data */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3533 buflen = block_size
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3534 + plaintext_len
3535 + t0.maclen
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3536 + padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3537 ASSERT_ALLOC( buf, buflen );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3538 ASSERT_ALLOC( buf_save, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3539
3540 /* Prepare a dummy record header */
3541 memset( rec.ctr, 0, sizeof( rec.ctr ) );
3542 rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
3543 rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
3544 rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
3545#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3546 rec.cid_len = 0;
3547#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3548
3549 /* Prepare dummy record content */
3550 rec.buf = buf;
3551 rec.buf_len = buflen;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3552 rec.data_offset = block_size;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3553 rec.data_len = plaintext_len;
3554 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3555
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3556 /* Serialized version of record header for MAC purposes */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3557 memcpy( add_data, rec.ctr, 8 );
3558 add_data[8] = rec.type;
3559 add_data[9] = rec.ver[0];
3560 add_data[10] = rec.ver[1];
3561 add_data[11] = ( rec.data_len >> 8 ) & 0xff;
3562 add_data[12] = ( rec.data_len >> 0 ) & 0xff;
3563
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3564 /* Set dummy IV */
3565 memset( t0.iv_enc, 0x55, t0.ivlen );
3566 memcpy( rec.buf, t0.iv_enc, t0.ivlen );
3567
3568 /*
3569 * Prepare a pre-encryption record (with MAC and padding), and save it.
3570 */
3571
3572 /* MAC with additional data */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3573 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
3574 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
3575 rec.buf + rec.data_offset,
3576 rec.data_len ) );
3577 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
3578
3579 memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
3580 rec.data_len += t0.maclen;
3581
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3582 /* Pad */
3583 memset( rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1 );
3584 rec.data_len += padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3585
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3586 /* Save correct pre-encryption record */
3587 rec_save = rec;
3588 rec_save.buf = buf_save;
3589 memcpy( buf_save, buf, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3590
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3591 /*
3592 * Encrypt and decrypt the correct record, expecting success
3593 */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3594 TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
3595 t0.iv_enc, t0.ivlen,
3596 rec.buf + rec.data_offset, rec.data_len,
3597 rec.buf + rec.data_offset, &olen ) );
3598 rec.data_offset -= t0.ivlen;
3599 rec.data_len += t0.ivlen;
3600
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3601 TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3602
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3603 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3604 * Modify each byte of the pre-encryption record before encrypting and
3605 * decrypting it, expecting failure every time.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3606 */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3607 for( i = block_size; i < buflen; i++ )
3608 {
3609 test_set_step( i );
3610
3611 /* Restore correct pre-encryption record */
3612 rec = rec_save;
3613 rec.buf = buf;
3614 memcpy( buf, buf_save, buflen );
3615
Manuel Pégourié-Gonnardb51f0442020-07-21 10:40:25 +0200[diff] [blame]3616 /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3617 rec.buf[i] ^= 0x01;
3618
3619 /* Encrypt */
3620 TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
3621 t0.iv_enc, t0.ivlen,
3622 rec.buf + rec.data_offset, rec.data_len,
3623 rec.buf + rec.data_offset, &olen ) );
3624 rec.data_offset -= t0.ivlen;
3625 rec.data_len += t0.ivlen;
3626
3627 /* Decrypt and expect failure */
3628 TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
3629 mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3630 }
3631
3632 /*
3633 * Use larger values of the padding bytes - with small buffers, this tests
3634 * the case where the announced padlen would be larger than the buffer
3635 * (and before that, than the buffer minus the size of the MAC), to make
3636 * sure our padding checking code does not perform any out-of-bounds reads
3637 * in this case. (With larger buffers, ie when the plaintext is long or
3638 * maximal length padding is used, this is less relevant but still doesn't
3639 * hurt to test.)
3640 *
3641 * (Start the loop with correct padding, just to double-check that record
3642 * saving did work, and that we're overwriting the correct bytes.)
3643 */
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +0200[diff] [blame]3644 for( i = padlen; i <= pad_max_len; i++ )
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3645 {
3646 test_set_step( i );
3647
3648 /* Restore correct pre-encryption record */
3649 rec = rec_save;
3650 rec.buf = buf;
3651 memcpy( buf, buf_save, buflen );
3652
3653 /* Set padding bytes to new value */
3654 memset( buf + buflen - padlen - 1, i, padlen + 1 );
3655
3656 /* Encrypt */
3657 TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
3658 t0.iv_enc, t0.ivlen,
3659 rec.buf + rec.data_offset, rec.data_len,
3660 rec.buf + rec.data_offset, &olen ) );
3661 rec.data_offset -= t0.ivlen;
3662 rec.data_len += t0.ivlen;
3663
3664 /* Decrypt and expect failure except the first time */
3665 exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
3666 TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3667 }
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3668
3669exit:
3670 mbedtls_ssl_free( &ssl );
3671 mbedtls_ssl_transform_free( &t0 );
3672 mbedtls_ssl_transform_free( &t1 );
3673 mbedtls_free( buf );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3674 mbedtls_free( buf_save );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3675}
3676/* END_CASE */
3677
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3678/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3679void ssl_tls1_3_hkdf_expand_label( int hash_alg,
3680 data_t *secret,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]3681 int label_idx,
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3682 data_t *ctx,
3683 int desired_length,
3684 data_t *expected )
3685{
3686 unsigned char dst[ 100 ];
3687
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]3688 unsigned char const *lbl = NULL;
3689 size_t lbl_len;
3690#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
3691 if( label_idx == tls1_3_label_ ## name ) \
3692 { \
3693 lbl = mbedtls_ssl_tls1_3_labels.name; \
3694 lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
3695 }
3696MBEDTLS_SSL_TLS1_3_LABEL_LIST
3697#undef MBEDTLS_SSL_TLS1_3_LABEL
3698 TEST_ASSERT( lbl != NULL );
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3699
3700 /* Check sanity of test parameters. */
3701 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3702 TEST_ASSERT( (size_t) desired_length == expected->len );
3703
3704 TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
3705 (mbedtls_md_type_t) hash_alg,
3706 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]3707 lbl, lbl_len,
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3708 ctx->x, ctx->len,
3709 dst, desired_length ) == 0 );
3710
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3711 ASSERT_COMPARE( dst, (size_t) desired_length,
3712 expected->x, (size_t) expected->len );
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3713}
3714/* END_CASE */
3715
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]3716/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3717void ssl_tls1_3_traffic_key_generation( int hash_alg,
3718 data_t *server_secret,
3719 data_t *client_secret,
3720 int desired_iv_len,
3721 int desired_key_len,
3722 data_t *expected_server_write_key,
3723 data_t *expected_server_write_iv,
3724 data_t *expected_client_write_key,
3725 data_t *expected_client_write_iv )
3726{
3727 mbedtls_ssl_key_set keys;
3728
3729 /* Check sanity of test parameters. */
3730 TEST_ASSERT( client_secret->len == server_secret->len );
3731 TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len &&
3732 expected_client_write_iv->len == (size_t) desired_iv_len );
3733 TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
3734 expected_client_write_key->len == (size_t) desired_key_len );
3735
3736 TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys(
3737 (mbedtls_md_type_t) hash_alg,
3738 client_secret->x,
3739 server_secret->x,
3740 client_secret->len /* == server_secret->len */,
3741 desired_key_len, desired_iv_len,
3742 &keys ) == 0 );
3743
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3744 ASSERT_COMPARE( keys.client_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3745 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3746 expected_client_write_key->x,
3747 (size_t) desired_key_len );
3748 ASSERT_COMPARE( keys.server_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3749 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3750 expected_server_write_key->x,
3751 (size_t) desired_key_len );
3752 ASSERT_COMPARE( keys.client_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3753 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3754 expected_client_write_iv->x,
3755 (size_t) desired_iv_len );
3756 ASSERT_COMPARE( keys.server_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3757 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3758 expected_server_write_iv->x,
3759 (size_t) desired_iv_len );
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]3760}
3761/* END_CASE */
3762
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3763/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3764void ssl_tls1_3_derive_secret( int hash_alg,
3765 data_t *secret,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]3766 int label_idx,
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3767 data_t *ctx,
3768 int desired_length,
3769 int already_hashed,
3770 data_t *expected )
3771{
3772 unsigned char dst[ 100 ];
3773
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]3774 unsigned char const *lbl = NULL;
3775 size_t lbl_len;
3776#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
3777 if( label_idx == tls1_3_label_ ## name ) \
3778 { \
3779 lbl = mbedtls_ssl_tls1_3_labels.name; \
3780 lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
3781 }
3782MBEDTLS_SSL_TLS1_3_LABEL_LIST
3783#undef MBEDTLS_SSL_TLS1_3_LABEL
3784 TEST_ASSERT( lbl != NULL );
3785
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3786 /* Check sanity of test parameters. */
3787 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3788 TEST_ASSERT( (size_t) desired_length == expected->len );
3789
3790 TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
3791 (mbedtls_md_type_t) hash_alg,
3792 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame^]3793 lbl, lbl_len,
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3794 ctx->x, ctx->len,
3795 already_hashed,
3796 dst, desired_length ) == 0 );
3797
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3798 ASSERT_COMPARE( dst, desired_length,
3799 expected->x, desired_length );
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3800}
3801/* END_CASE */
3802
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]3803/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3804void ssl_tls1_3_key_evolution( int hash_alg,
3805 data_t *secret,
3806 data_t *input,
3807 data_t *expected )
3808{
3809 unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
3810
3811 TEST_ASSERT( mbedtls_ssl_tls1_3_evolve_secret(
3812 (mbedtls_md_type_t) hash_alg,
3813 secret->len ? secret->x : NULL,
3814 input->len ? input->x : NULL, input->len,
3815 secret_new ) == 0 );
3816
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3817 ASSERT_COMPARE( secret_new, (size_t) expected->len,
3818 expected->x, (size_t) expected->len );
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]3819}
3820/* END_CASE */
3821
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3822/* BEGIN_CASE */
3823void ssl_tls_prf( int type, data_t * secret, data_t * random,
3824 char *label, data_t *result_hex_str, int exp_ret )
3825{
3826 unsigned char *output;
3827
3828 output = mbedtls_calloc( 1, result_hex_str->len );
3829 if( output == NULL )
3830 goto exit;
3831
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]3832#if defined(MBEDTLS_USE_PSA_CRYPTO)
3833 TEST_ASSERT( psa_crypto_init() == 0 );
3834#endif
3835
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3836 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
3837 label, random->x, random->len,
3838 output, result_hex_str->len ) == exp_ret );
3839
3840 if( exp_ret == 0 )
3841 {
Ronald Cronde70b162020-06-10 11:03:08 +0200[diff] [blame]3842 TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3843 result_hex_str->len, result_hex_str->len ) == 0 );
3844 }
3845exit:
3846
3847 mbedtls_free( output );
3848}
3849/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3850
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3851/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3852void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3853{
3854 mbedtls_ssl_session original, restored;
3855 unsigned char *buf = NULL;
3856 size_t len;
3857
3858 /*
3859 * Test that a save-load pair is the identity
3860 */
3861
3862 mbedtls_ssl_session_init( &original );
3863 mbedtls_ssl_session_init( &restored );
3864
3865 /* Prepare a dummy session to work on */
3866 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
3867
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3868 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3869 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
3870 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3871 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
3872 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
3873 == 0 );
3874
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3875 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3876 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
3877
3878 /*
3879 * Make sure both session structures are identical
3880 */
3881#if defined(MBEDTLS_HAVE_TIME)
3882 TEST_ASSERT( original.start == restored.start );
3883#endif
3884 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
3885 TEST_ASSERT( original.compression == restored.compression );
3886 TEST_ASSERT( original.id_len == restored.id_len );
3887 TEST_ASSERT( memcmp( original.id,
3888 restored.id, sizeof( original.id ) ) == 0 );
3889 TEST_ASSERT( memcmp( original.master,
3890 restored.master, sizeof( original.master ) ) == 0 );
3891
3892#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]3893#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3894 TEST_ASSERT( ( original.peer_cert == NULL ) ==
3895 ( restored.peer_cert == NULL ) );
3896 if( original.peer_cert != NULL )
3897 {
3898 TEST_ASSERT( original.peer_cert->raw.len ==
3899 restored.peer_cert->raw.len );
3900 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
3901 restored.peer_cert->raw.p,
3902 original.peer_cert->raw.len ) == 0 );
3903 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]3904#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
3905 TEST_ASSERT( original.peer_cert_digest_type ==
3906 restored.peer_cert_digest_type );
3907 TEST_ASSERT( original.peer_cert_digest_len ==
3908 restored.peer_cert_digest_len );
3909 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
3910 ( restored.peer_cert_digest == NULL ) );
3911 if( original.peer_cert_digest != NULL )
3912 {
3913 TEST_ASSERT( memcmp( original.peer_cert_digest,
3914 restored.peer_cert_digest,
3915 original.peer_cert_digest_len ) == 0 );
3916 }
3917#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
3918#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3919 TEST_ASSERT( original.verify_result == restored.verify_result );
3920
3921#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
3922 TEST_ASSERT( original.ticket_len == restored.ticket_len );
3923 if( original.ticket_len != 0 )
3924 {
3925 TEST_ASSERT( original.ticket != NULL );
3926 TEST_ASSERT( restored.ticket != NULL );
3927 TEST_ASSERT( memcmp( original.ticket,
3928 restored.ticket, original.ticket_len ) == 0 );
3929 }
3930 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
3931#endif
3932
3933#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3934 TEST_ASSERT( original.mfl_code == restored.mfl_code );
3935#endif
3936
3937#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
3938 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
3939#endif
3940
3941#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
3942 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
3943#endif
3944
3945exit:
3946 mbedtls_ssl_session_free( &original );
3947 mbedtls_ssl_session_free( &restored );
3948 mbedtls_free( buf );
3949}
3950/* END_CASE */
3951
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]3952/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3953void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3954{
3955 mbedtls_ssl_session session;
3956 unsigned char *buf1 = NULL, *buf2 = NULL;
3957 size_t len0, len1, len2;
3958
3959 /*
3960 * Test that a load-save pair is the identity
3961 */
3962
3963 mbedtls_ssl_session_init( &session );
3964
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]3965 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3966 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]3967
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3968 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3969 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
3970 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3971
3972 /* Allocate first buffer */
3973 buf1 = mbedtls_calloc( 1, len0 );
3974 TEST_ASSERT( buf1 != NULL );
3975
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3976 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3977 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
3978 == 0 );
3979 TEST_ASSERT( len0 == len1 );
3980 mbedtls_ssl_session_free( &session );
3981
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3982 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]3983 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3984
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3985 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3986 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]3987 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3988 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
3989 == 0 );
3990
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3991 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3992 TEST_ASSERT( len1 == len2 );
3993 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
3994
3995exit:
3996 mbedtls_ssl_session_free( &session );
3997 mbedtls_free( buf1 );
3998 mbedtls_free( buf2 );
3999}
4000/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4001
4002/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4003void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4004{
4005 mbedtls_ssl_session session;
4006 unsigned char *buf = NULL;
4007 size_t good_len, bad_len, test_len;
4008
4009 /*
4010 * Test that session_save() fails cleanly on small buffers
4011 */
4012
4013 mbedtls_ssl_session_init( &session );
4014
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4015 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]4016 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4017 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4018 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4019
4020 /* Try all possible bad lengths */
4021 for( bad_len = 1; bad_len < good_len; bad_len++ )
4022 {
4023 /* Allocate exact size so that asan/valgrind can detect any overwrite */
4024 mbedtls_free( buf );
4025 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
4026 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
4027 &test_len )
4028 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4029 TEST_ASSERT( test_len == good_len );
4030 }
4031
4032exit:
4033 mbedtls_ssl_session_free( &session );
4034 mbedtls_free( buf );
4035}
4036/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4037
4038/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4039void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4040{
4041 mbedtls_ssl_session session;
4042 unsigned char *good_buf = NULL, *bad_buf = NULL;
4043 size_t good_len, bad_len;
4044
4045 /*
4046 * Test that session_load() fails cleanly on small buffers
4047 */
4048
4049 mbedtls_ssl_session_init( &session );
4050
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4051 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]4052 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4053 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4054 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4055 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
4056 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
4057 &good_len ) == 0 );
4058 mbedtls_ssl_session_free( &session );
4059
4060 /* Try all possible bad lengths */
4061 for( bad_len = 0; bad_len < good_len; bad_len++ )
4062 {
4063 /* Allocate exact size so that asan/valgrind can detect any overread */
4064 mbedtls_free( bad_buf );
4065 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
4066 TEST_ASSERT( bad_buf != NULL );
4067 memcpy( bad_buf, good_buf, bad_len );
4068
4069 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
4070 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
4071 }
4072
4073exit:
4074 mbedtls_ssl_session_free( &session );
4075 mbedtls_free( good_buf );
4076 mbedtls_free( bad_buf );
4077}
4078/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4079
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4080/* BEGIN_CASE */
4081void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4082 int corrupt_minor,
4083 int corrupt_patch,
4084 int corrupt_config )
4085{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4086 unsigned char serialized_session[ 2048 ];
4087 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4088 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4089 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4090 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
4091 corrupt_minor == 1,
4092 corrupt_patch == 1,
4093 corrupt_config == 1,
4094 corrupt_config == 1 };
4095
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4096 mbedtls_ssl_session_init( &session );
4097
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4098 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4099 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4100 serialized_session,
4101 sizeof( serialized_session ),
4102 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4103
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4104 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4105
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4106 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4107 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4108 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4109 serialized_session,
4110 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4111 mbedtls_ssl_session_free( &session );
4112
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4113 /* Go through the bytes in the serialized session header and
4114 * corrupt them bit-by-bit. */
4115 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4116 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4117 int cur_bit;
4118 unsigned char * const byte = &serialized_session[ cur_byte ];
4119
4120 if( should_corrupt_byte[ cur_byte ] == 0 )
4121 continue;
4122
4123 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
4124 {
4125 unsigned char const corrupted_bit = 0x1u << cur_bit;
4126 /* Modify a single bit in the serialized session. */
4127 *byte ^= corrupted_bit;
4128
4129 /* Attempt to deserialize */
4130 TEST_ASSERT( mbedtls_ssl_session_load( &session,
4131 serialized_session,
4132 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]4133 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4134
4135 /* Undo the change */
4136 *byte ^= corrupted_bit;
4137 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4138 }
4139
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4140}
4141/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4142
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4143/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4144void mbedtls_endpoint_sanity( int endpoint_type )
4145{
4146 enum { BUFFSIZE = 1024 };
4147 mbedtls_endpoint ep;
4148 int ret = -1;
4149
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4150 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
4151 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4152 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4153
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]4154 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4155 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4156
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4157 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
4158 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4159 TEST_ASSERT( ret == 0 );
4160
4161exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4162 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4163}
4164/* END_CASE */
4165
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4166/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4167void move_handshake_to_state(int endpoint_type, int state, int need_pass)
4168{
4169 enum { BUFFSIZE = 1024 };
4170 mbedtls_endpoint base_ep, second_ep;
4171 int ret = -1;
4172
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4173 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
4174 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4175 TEST_ASSERT( ret == 0 );
4176
4177 ret = mbedtls_endpoint_init( &second_ep,
4178 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]4179 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4180 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4181 TEST_ASSERT( ret == 0 );
4182
4183 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
4184 &(second_ep.socket),
4185 BUFFSIZE );
4186 TEST_ASSERT( ret == 0 );
4187
4188 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
4189 &(second_ep.ssl),
4190 state );
4191 if( need_pass )
4192 {
4193 TEST_ASSERT( ret == 0 );
4194 TEST_ASSERT( base_ep.ssl.state == state );
4195 }
4196 else
4197 {
4198 TEST_ASSERT( ret != 0 );
4199 TEST_ASSERT( base_ep.ssl.state != state );
4200 }
4201
4202exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4203 mbedtls_endpoint_free( &base_ep, NULL );
4204 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4205}
4206/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4207
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4208/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4209void handshake_version( int dtls, int client_min_version, int client_max_version,
4210 int server_min_version, int server_max_version,
4211 int expected_negotiated_version )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4212{
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4213 handshake_test_options options;
4214 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4215
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4216 options.client_min_version = client_min_version;
4217 options.client_max_version = client_max_version;
4218 options.server_min_version = server_min_version;
4219 options.server_max_version = server_max_version;
4220
4221 options.expected_negotiated_version = expected_negotiated_version;
4222
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4223 options.dtls = dtls;
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]4224 /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so
4225 * the number of fragments will be twice as big. */
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4226 if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 ||
4227 expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]4228 {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]4229 options.expected_cli_fragments = 2;
4230 options.expected_srv_fragments = 2;
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]4231 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4232 perform_handshake( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4233
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4234 /* The goto below is used to avoid an "unused label" warning.*/
4235 goto exit;
4236}
4237/* END_CASE */
Andrzej Kurek9e9efdc2020-02-26 05:25:23 -0500[diff] [blame]4238
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4239/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4240void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
4241{
4242 handshake_test_options options;
4243 init_handshake_options( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4244
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4245 options.cipher = cipher;
4246 options.dtls = dtls;
4247 options.psk_str = psk_str;
4248 options.pk_alg = pk_alg;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]4249
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4250 perform_handshake( &options );
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4251
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4252 /* The goto below is used to avoid an "unused label" warning.*/
4253 goto exit;
4254}
4255/* END_CASE */
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4256
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4257/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4258void handshake_cipher( char* cipher, int pk_alg, int dtls )
4259{
4260 test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4261
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4262 /* The goto below is used to avoid an "unused label" warning.*/
4263 goto exit;
4264}
4265/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4266
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4267/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4268void app_data( int mfl, int cli_msg_len, int srv_msg_len,
4269 int expected_cli_fragments,
4270 int expected_srv_fragments, int dtls )
4271{
4272 handshake_test_options options;
4273 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4274
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4275 options.mfl = mfl;
4276 options.cli_msg_len = cli_msg_len;
4277 options.srv_msg_len = srv_msg_len;
4278 options.expected_cli_fragments = expected_cli_fragments;
4279 options.expected_srv_fragments = expected_srv_fragments;
4280 options.dtls = dtls;
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4281
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4282 perform_handshake( &options );
4283 /* The goto below is used to avoid an "unused label" warning.*/
4284 goto exit;
4285}
4286/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4287
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4288/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4289void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
4290 int expected_cli_fragments,
4291 int expected_srv_fragments )
4292{
4293 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4294 expected_srv_fragments, 0 );
4295 /* The goto below is used to avoid an "unused label" warning.*/
4296 goto exit;
4297}
4298/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4299
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4300/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4301void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
4302 int expected_cli_fragments,
4303 int expected_srv_fragments )
4304{
4305 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4306 expected_srv_fragments, 1 );
4307 /* The goto below is used to avoid an "unused label" warning.*/
4308 goto exit;
4309}
4310/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4311
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4312/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4313void handshake_serialization( )
4314{
4315 handshake_test_options options;
4316 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4317
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4318 options.serialize = 1;
4319 options.dtls = 1;
4320 perform_handshake( &options );
4321 /* The goto below is used to avoid an "unused label" warning.*/
4322 goto exit;
4323}
4324/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4325
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4326/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]4327void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
4328{
4329 handshake_test_options options;
4330 log_pattern srv_pattern, cli_pattern;
4331
4332 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
4333 srv_pattern.counter = 0;
4334 cli_pattern.counter = 0;
4335
4336 init_handshake_options( &options );
4337 options.dtls = 1;
4338 options.mfl = mfl;
Darryl Greenaad82f92019-12-02 10:53:11 +0000[diff] [blame]4339 /* Set cipher to one using CBC so that record splitting can be tested */
4340 options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]4341 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
4342 options.srv_log_obj = &srv_pattern;
4343 options.cli_log_obj = &cli_pattern;
4344 options.srv_log_fun = log_analyzer;
4345 options.cli_log_fun = log_analyzer;
4346
4347 perform_handshake( &options );
4348
4349 /* Test if the server received a fragmented handshake */
4350 if( expected_srv_hs_fragmentation )
4351 {
4352 TEST_ASSERT( srv_pattern.counter >= 1 );
4353 }
4354 /* Test if the client received a fragmented handshake */
4355 if( expected_cli_hs_fragmentation )
4356 {
4357 TEST_ASSERT( cli_pattern.counter >= 1 );
4358 }
4359}
4360/* END_CASE */
4361
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4362/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4363void renegotiation( int legacy_renegotiation )
4364{
4365 handshake_test_options options;
4366 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4367
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4368 options.renegotiate = 1;
4369 options.legacy_renegotiation = legacy_renegotiation;
4370 options.dtls = 1;
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4371
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4372 perform_handshake( &options );
4373 /* The goto below is used to avoid an "unused label" warning.*/
4374 goto exit;
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4375}
4376/* END_CASE */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4377
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4378/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4379void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4380 int serialize, int dtls, char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4381{
4382 handshake_test_options options;
4383 init_handshake_options( &options );
4384
4385 options.mfl = mfl;
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4386 options.cipher = cipher;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4387 options.renegotiate = renegotiation;
4388 options.legacy_renegotiation = legacy_renegotiation;
4389 options.serialize = serialize;
4390 options.dtls = dtls;
4391 options.resize_buffers = 1;
4392
4393 perform_handshake( &options );
4394 /* The goto below is used to avoid an "unused label" warning.*/
4395 goto exit;
4396}
4397/* END_CASE */
4398
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4399/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4400void resize_buffers_serialize_mfl( int mfl )
4401{
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4402 test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
4403 (char *) "" );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4404
4405 /* The goto below is used to avoid an "unused label" warning.*/
4406 goto exit;
4407}
4408/* END_CASE */
4409
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4410/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4411void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
4412 char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4413{
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4414 test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4415
4416 /* The goto below is used to avoid an "unused label" warning.*/
4417 goto exit;
4418}
4419/* END_CASE */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4420
Manuel Pégourié-Gonnarded0e8642020-07-21 11:20:30 +0200[diff] [blame]4421/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4422void ssl_cf_hmac( int hash )
4423{
4424 /*
4425 * Test the function mbedtls_ssl_cf_hmac() against a reference
4426 * implementation.
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4427 */
4428 mbedtls_md_context_t ctx, ref_ctx;
4429 const mbedtls_md_info_t *md_info;
4430 size_t out_len, block_size;
4431 size_t min_in_len, in_len, max_in_len, i;
4432 /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
4433 unsigned char add_data[13];
4434 unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
4435 unsigned char *data = NULL;
4436 unsigned char *out = NULL;
4437 unsigned char rec_num = 0;
4438
4439 mbedtls_md_init( &ctx );
4440 mbedtls_md_init( &ref_ctx );
4441
4442 md_info = mbedtls_md_info_from_type( hash );
4443 TEST_ASSERT( md_info != NULL );
4444 out_len = mbedtls_md_get_size( md_info );
4445 TEST_ASSERT( out_len != 0 );
4446 block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
4447
4448 /* Use allocated out buffer to catch overwrites */
4449 ASSERT_ALLOC( out, out_len );
4450
4451 /* Set up contexts with the given hash and a dummy key */
4452 TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
4453 TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
4454 memset( ref_out, 42, sizeof( ref_out ) );
4455 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
4456 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
4457 memset( ref_out, 0, sizeof( ref_out ) );
4458
4459 /*
4460 * Test all possible lengths up to a point. The difference between
4461 * max_in_len and min_in_len is at most 255, and make sure they both vary
4462 * by at least one block size.
4463 */
4464 for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
4465 {
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +0200[diff] [blame]4466 test_set_step( max_in_len * 10000 );
4467
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4468 /* Use allocated in buffer to catch overreads */
Manuel Pégourié-Gonnardc3219002020-07-22 10:32:52 +0200[diff] [blame]4469 ASSERT_ALLOC( data, max_in_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4470
4471 min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
4472 for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
4473 {
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +0200[diff] [blame]4474 test_set_step( max_in_len * 10000 + in_len );
4475
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4476 /* Set up dummy data and add_data */
4477 rec_num++;
4478 memset( add_data, rec_num, sizeof( add_data ) );
4479 for( i = 0; i < in_len; i++ )
4480 data[i] = ( i & 0xff ) ^ rec_num;
4481
4482 /* Get the function's result */
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]4483 TEST_CF_SECRET( &in_len, sizeof( in_len ) );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4484 TEST_EQUAL( 0, mbedtls_ssl_cf_hmac( &ctx, add_data, sizeof( add_data ),
4485 data, in_len,
4486 min_in_len, max_in_len,
4487 out ) );
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]4488 TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
4489 TEST_CF_PUBLIC( out, out_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4490
4491 /* Compute the reference result */
4492 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
4493 sizeof( add_data ) ) );
4494 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
4495 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
4496 TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
4497
4498 /* Compare */
4499 ASSERT_COMPARE( out, out_len, ref_out, out_len );
4500 }
4501
4502 mbedtls_free( data );
4503 data = NULL;
4504 }
4505
4506exit:
4507 mbedtls_md_free( &ref_ctx );
4508 mbedtls_md_free( &ctx );
4509
4510 mbedtls_free( data );
4511 mbedtls_free( out );
4512}
4513/* END_CASE */
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]4514
4515/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
4516void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
4517{
4518 unsigned char *dst = NULL;
4519 unsigned char *src = NULL;
4520 size_t src_len = offset_max + len;
4521 size_t secret;
4522
4523 ASSERT_ALLOC( dst, len );
4524 ASSERT_ALLOC( src, src_len );
4525
4526 /* Fill src in a way that we can detect if we copied the right bytes */
4527 mbedtls_test_rnd_std_rand( NULL, src, src_len );
4528
4529 for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
4530 {
4531 test_set_step( (int) secret );
4532
4533 TEST_CF_SECRET( &secret, sizeof( secret ) );
4534 mbedtls_ssl_cf_memcpy_offset( dst, src, secret,
4535 offset_min, offset_max, len );
4536 TEST_CF_PUBLIC( &secret, sizeof( secret ) );
4537 TEST_CF_PUBLIC( dst, len );
4538
4539 ASSERT_COMPARE( dst, len, src + secret, len );
4540 }
4541
4542exit:
4543 mbedtls_free( dst );
4544 mbedtls_free( src );
4545}
4546/* END_CASE */