TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 890b5ca33060a23131fe08fef18f11accd52d7c3 / . / tests / suites / test_suite_ssl.function
blob: 8816048c4fe3dfc8fb8097aef6e9d432311b272a [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]4
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]5
6/*
7 * Buffer structure for custom I/O callbacks.
8 */
9
10typedef struct mbedtls_test_buffer
11{
12 size_t start;
13 size_t content_length;
14 size_t capacity;
15 unsigned char *buffer;
16} mbedtls_test_buffer;
17
18/*
19 * Initialises \p buf. After calling this function it is safe to call
20 * `mbedtls_test_buffer_free()` on \p buf.
21 */
22void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
23{
24 memset( buf, 0, sizeof( *buf ) );
25}
26
27/*
28 * Sets up \p buf. After calling this function it is safe to call
29 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
30 */
31int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
32{
33 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
34 sizeof(unsigned char) );
35 if( NULL == buf->buffer )
36 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
37 buf->capacity = capacity;
38
39 return 0;
40}
41
42void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
43{
44 if( buf->buffer != NULL )
45 mbedtls_free( buf->buffer );
46
47 memset( buf, 0, sizeof( *buf ) );
48}
49
50/*
51 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
52 *
53 * \p buf must have been initialized and set up by calling
54 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
55 *
56 * \retval \p input_len, if the data fits.
57 * \retval 0 <= value < \p input_len, if the data does not fit.
58 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
59 * zero and \p input is NULL.
60 */
61int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
62 const unsigned char* input, size_t input_len )
63{
64 size_t overflow = 0;
65
66 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
67 return -1;
68
69 /* Reduce input_len to a number that fits in the buffer. */
70 if ( ( buf->content_length + input_len ) > buf->capacity )
71 {
72 input_len = buf->capacity - buf->content_length;
73 }
74
75 if( input == NULL )
76 {
77 return ( input_len == 0 ) ? 0 : -1;
78 }
79
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]80 /* Check if the buffer has not come full circle and free space is not in
81 * the middle */
82 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]83 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]84
85 /* Calculate the number of bytes that need to be placed at lower memory
86 * address */
87 if( buf->start + buf->content_length + input_len
88 > buf->capacity )
89 {
90 overflow = ( buf->start + buf->content_length + input_len )
91 % buf->capacity;
92 }
93
94 memcpy( buf->buffer + buf->start + buf->content_length, input,
95 input_len - overflow );
96 memcpy( buf->buffer, input + input_len - overflow, overflow );
97
98 }
99 else
100 {
101 /* The buffer has come full circle and free space is in the middle */
102 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
103 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]104 }
105
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]106 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]107 return input_len;
108}
109
110/*
111 * Gets \p output_len bytes from the \p output buffer into the ring buffer
112 * \p buf.
113 *
114 * \p buf must have been initialized and set up by calling
115 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
116 *
117 * \retval \p output_len, if the data is available.
118 * \retval 0 <= value < \p output_len, if the data is not available.
119 * \retval -1, if \buf is NULL, it hasn't been set up or \p output_len is not
120 * zero and \p output is NULL
121 */
122int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
123 unsigned char* output, size_t output_len )
124{
125 size_t overflow = 0;
126
127 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
128 return -1;
129
130 if( output == NULL )
131 {
132 return ( output_len == 0 ) ? 0 : -1;
133 }
134
135 if( buf->content_length < output_len )
136 output_len = buf->content_length;
137
138 /* Calculate the number of bytes that need to be drawn from lower memory
139 * address */
140 if( buf->start + output_len > buf->capacity )
141 {
142 overflow = ( buf->start + output_len ) % buf->capacity;
143 }
144
145 memcpy( output, buf->buffer + buf->start, output_len - overflow );
146 memcpy( output + output_len - overflow, buf->buffer, overflow );
147 buf->content_length -= output_len;
148 buf->start = ( buf->start + output_len ) % buf->capacity;
149
150 return output_len;
151}
152
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]153/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]154 * Context for the I/O callbacks simulating network connection.
155 */
156
157#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
158
159typedef struct mbedtls_mock_socket
160{
161 int status;
162 mbedtls_test_buffer *input;
163 mbedtls_test_buffer *output;
164 struct mbedtls_mock_socket *peer;
165} mbedtls_mock_socket;
166
167/*
168 * Setup and teardown functions for mock sockets.
169 */
170void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
171{
172 memset( socket, 0, sizeof( *socket ) );
173}
174
175/*
176 * Closes the socket \p socket.
177 *
178 * \p socket must have been previously initialized by calling
179 * mbedtls_mock_socket_init().
180 *
181 * This function frees all allocated resources and both sockets are aware of the
182 * new connection state.
183 *
184 * That is, this function does not simulate half-open TCP connections and the
185 * phenomenon that when closing a UDP connection the peer is not aware of the
186 * connection having been closed.
187 */
188void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
189{
190 if( socket == NULL )
191 return;
192
193 if( socket->input != NULL )
194 {
195 mbedtls_test_buffer_free( socket->input );
196 mbedtls_free( socket->input );
197 }
198
199 if( socket->output != NULL )
200 {
201 mbedtls_test_buffer_free( socket->output );
202 mbedtls_free( socket->output );
203 }
204
205 if( socket->peer != NULL )
206 memset( socket->peer, 0, sizeof( *socket->peer ) );
207
208 memset( socket, 0, sizeof( *socket ) );
209}
210
211/*
212 * Establishes a connection between \p peer1 and \p peer2.
213 *
214 * \p peer1 and \p peer2 must have been previously initialized by calling
215 * mbedtls_mock_socket_init().
216 *
217 * The capacites of the internal buffers are set to \p bufsize. Setting this to
218 * the correct value allows for simulation of MTU, sanity testing the mock
219 * implementation and mocking TCP connections with lower memory cost.
220 */
221int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
222 mbedtls_mock_socket* peer2,
223 size_t bufsize )
224{
225 int ret = -1;
226
227 peer1->input = peer2->output =
228 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
229 if( peer1->input == NULL )
230 {
231 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
232 goto exit;
233 }
234 mbedtls_test_buffer_init( peer1->input );
235 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->input, bufsize ) ) )
236 {
237 goto exit;
238 }
239
240 peer1->output = peer2->input =
241 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
242 if( peer1->output == NULL )
243 {
244 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
245 goto exit;
246 }
247 mbedtls_test_buffer_init( peer1->output );
248 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
249 {
250 goto exit;
251 }
252
253 peer1->peer = peer2;
254 peer2->peer = peer1;
255
256 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
257 ret = 0;
258
259exit:
260
261 if( ret != 0 )
262 {
263 mbedtls_mock_socket_close( peer1 );
264 mbedtls_mock_socket_close( peer2 );
265 }
266
267 return ret;
268}
269
270/*
271 * Callbacks for simulating blocking I/O over connection-oriented transport.
272 */
273
274int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
275{
276 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
277
278 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
279 return -1;
280
281 return mbedtls_test_buffer_put( socket->output, buf, len );
282}
283
284int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
285{
286 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
287
288 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
289 return -1;
290
291 return mbedtls_test_buffer_get( socket->input, buf, len );
292}
293
294/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]295 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
296 */
297
298int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
299{
300 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
301
302 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
303 return -1;
304
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]305 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]306 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]307 return MBEDTLS_ERR_SSL_WANT_WRITE;
308 }
309
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]310 return mbedtls_test_buffer_put( socket->output, buf, len );
311}
312
313int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
314{
315 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
316
317 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
318 return -1;
319
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]320 if( socket->input->content_length == 0)
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]321 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]322 return MBEDTLS_ERR_SSL_WANT_READ;
323 }
324
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]325 return mbedtls_test_buffer_get( socket->input, buf, len );
326}
327
328/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]329 * Helper function setting up inverse record transformations
330 * using given cipher, hash, EtM mode, authentication tag length,
331 * and version.
332 */
333
334#define CHK( x ) \
335 do \
336 { \
337 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]338 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]339 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]340 goto cleanup; \
341 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]342 } while( 0 )
343
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]344#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
345#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
346#else
347#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
348#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]349
350static int build_transforms( mbedtls_ssl_transform *t_in,
351 mbedtls_ssl_transform *t_out,
352 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]353 int etm, int tag_mode, int ver,
354 size_t cid0_len,
355 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]356{
357 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]358 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]359
360 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]361 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]362 unsigned char iv_enc[16], iv_dec[16];
363
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]364#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]365 unsigned char cid0[ SSL_CID_LEN_MIN ];
366 unsigned char cid1[ SSL_CID_LEN_MIN ];
367
368 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
369 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]370#else
371 ((void) cid0_len);
372 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]373#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]374
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]375 maclen = 0;
376
377 /* Pick cipher */
378 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
379 CHK( cipher_info != NULL );
380 CHK( cipher_info->iv_size <= 16 );
381 CHK( cipher_info->key_bitlen % 8 == 0 );
382
383 /* Pick keys */
384 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]385 /* Allocate `keylen + 1` bytes to ensure that we get
386 * a non-NULL pointers from `mbedtls_calloc` even if
387 * `keylen == 0` in the case of the NULL cipher. */
388 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
389 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]390 memset( key0, 0x1, keylen );
391 memset( key1, 0x2, keylen );
392
393 /* Setup cipher contexts */
394 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
395 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
396 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
397 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
398
399#if defined(MBEDTLS_CIPHER_MODE_CBC)
400 if( cipher_info->mode == MBEDTLS_MODE_CBC )
401 {
402 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
403 MBEDTLS_PADDING_NONE ) == 0 );
404 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
405 MBEDTLS_PADDING_NONE ) == 0 );
406 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
407 MBEDTLS_PADDING_NONE ) == 0 );
408 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
409 MBEDTLS_PADDING_NONE ) == 0 );
410 }
411#endif /* MBEDTLS_CIPHER_MODE_CBC */
412
413 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
414 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
415 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
416 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
417 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
418 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
419 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
420 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]421
422 /* Setup MAC contexts */
423#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
424 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
425 cipher_info->mode == MBEDTLS_MODE_STREAM )
426 {
427 mbedtls_md_info_t const *md_info;
428 unsigned char *md0, *md1;
429
430 /* Pick hash */
431 md_info = mbedtls_md_info_from_type( hash_id );
432 CHK( md_info != NULL );
433
434 /* Pick hash keys */
435 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]436 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
437 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]438 memset( md0, 0x5, maclen );
439 memset( md1, 0x6, maclen );
440
441 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
442 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
443 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
444 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
445
446 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
447 {
448 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
449 md0, maclen ) == 0 );
450 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
451 md1, maclen ) == 0 );
452 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
453 md1, maclen ) == 0 );
454 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
455 md0, maclen ) == 0 );
456 }
457#if defined(MBEDTLS_SSL_PROTO_SSL3)
458 else
459 {
460 memcpy( &t_in->mac_enc, md0, maclen );
461 memcpy( &t_in->mac_dec, md1, maclen );
462 memcpy( &t_out->mac_enc, md1, maclen );
463 memcpy( &t_out->mac_dec, md0, maclen );
464 }
465#endif
466
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]467 mbedtls_free( md0 );
468 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]469 }
470#else
471 ((void) hash_id);
472#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
473
474
475 /* Pick IV's (regardless of whether they
476 * are being used by the transform). */
477 ivlen = cipher_info->iv_size;
478 memset( iv_enc, 0x3, sizeof( iv_enc ) );
479 memset( iv_dec, 0x4, sizeof( iv_dec ) );
480
481 /*
482 * Setup transforms
483 */
484
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]485#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
486 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]487 t_out->encrypt_then_mac = etm;
488 t_in->encrypt_then_mac = etm;
489#else
490 ((void) etm);
491#endif
492
493 t_out->minor_ver = ver;
494 t_in->minor_ver = ver;
495 t_out->ivlen = ivlen;
496 t_in->ivlen = ivlen;
497
498 switch( cipher_info->mode )
499 {
500 case MBEDTLS_MODE_GCM:
501 case MBEDTLS_MODE_CCM:
502 t_out->fixed_ivlen = 4;
503 t_in->fixed_ivlen = 4;
504 t_out->maclen = 0;
505 t_in->maclen = 0;
506 switch( tag_mode )
507 {
508 case 0: /* Full tag */
509 t_out->taglen = 16;
510 t_in->taglen = 16;
511 break;
512 case 1: /* Partial tag */
513 t_out->taglen = 8;
514 t_in->taglen = 8;
515 break;
516 default:
517 return( 1 );
518 }
519 break;
520
521 case MBEDTLS_MODE_CHACHAPOLY:
522 t_out->fixed_ivlen = 12;
523 t_in->fixed_ivlen = 12;
524 t_out->maclen = 0;
525 t_in->maclen = 0;
526 switch( tag_mode )
527 {
528 case 0: /* Full tag */
529 t_out->taglen = 16;
530 t_in->taglen = 16;
531 break;
532 case 1: /* Partial tag */
533 t_out->taglen = 8;
534 t_in->taglen = 8;
535 break;
536 default:
537 return( 1 );
538 }
539 break;
540
541 case MBEDTLS_MODE_STREAM:
542 case MBEDTLS_MODE_CBC:
543 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
544 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
545 t_out->taglen = 0;
546 t_in->taglen = 0;
547 switch( tag_mode )
548 {
549 case 0: /* Full tag */
550 t_out->maclen = maclen;
551 t_in->maclen = maclen;
552 break;
553 case 1: /* Partial tag */
554 t_out->maclen = 10;
555 t_in->maclen = 10;
556 break;
557 default:
558 return( 1 );
559 }
560 break;
561 default:
562 return( 1 );
563 break;
564 }
565
566 /* Setup IV's */
567
568 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
569 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
570 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
571 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
572
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]573#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]574 /* Add CID */
575 memcpy( &t_in->in_cid, cid0, cid0_len );
576 memcpy( &t_in->out_cid, cid1, cid1_len );
577 t_in->in_cid_len = cid0_len;
578 t_in->out_cid_len = cid1_len;
579 memcpy( &t_out->in_cid, cid1, cid1_len );
580 memcpy( &t_out->out_cid, cid0, cid0_len );
581 t_out->in_cid_len = cid1_len;
582 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]583#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]584
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]585cleanup:
586
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]587 mbedtls_free( key0 );
588 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]589
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]590 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]591}
592
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]593/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]594 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]595 * Choose dummy values, mostly non-0 to distinguish from the init default.
596 */
597static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]598 int ticket_len,
599 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]600{
601#if defined(MBEDTLS_HAVE_TIME)
602 session->start = mbedtls_time( NULL ) - 42;
603#endif
604 session->ciphersuite = 0xabcd;
605 session->compression = 1;
606 session->id_len = sizeof( session->id );
607 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]608 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]609
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]610#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]611 if( strlen( crt_file ) != 0 )
612 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]613 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]614 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]615
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]616 mbedtls_x509_crt_init( &tmp_crt );
617 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
618 if( ret != 0 )
619 return( ret );
620
621#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
622 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]623 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
624 if( session->peer_cert == NULL )
625 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]626 *session->peer_cert = tmp_crt;
627 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
628#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
629 /* Calculate digest of temporary CRT. */
630 session->peer_cert_digest =
631 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
632 if( session->peer_cert_digest == NULL )
633 return( -1 );
634 ret = mbedtls_md( mbedtls_md_info_from_type(
635 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
636 tmp_crt.raw.p, tmp_crt.raw.len,
637 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]638 if( ret != 0 )
639 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]640 session->peer_cert_digest_type =
641 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
642 session->peer_cert_digest_len =
643 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
644#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
645
646 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]647 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]648#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]649 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]650#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]651 session->verify_result = 0xdeadbeef;
652
653#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
654 if( ticket_len != 0 )
655 {
656 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]657 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]658 return( -1 );
659 memset( session->ticket, 33, ticket_len );
660 }
661 session->ticket_len = ticket_len;
662 session->ticket_lifetime = 86401;
663#else
664 (void) ticket_len;
665#endif
666
667#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
668 session->mfl_code = 1;
669#endif
670#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
671 session->trunc_hmac = 1;
672#endif
673#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
674 session->encrypt_then_mac = 1;
675#endif
676
677 return( 0 );
678}
679
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]680/* END_HEADER */
681
682/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]683 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]684 * END_DEPENDENCIES
685 */
686
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]687/* BEGIN_CASE */
688void test_callback_buffer_sanity()
689{
690 enum { MSGLEN = 10 };
691 mbedtls_test_buffer buf;
692 unsigned char input[MSGLEN];
693 unsigned char output[MSGLEN];
694
695 memset( input, 0, sizeof(input) );
696
697 /* Make sure calling put and get on NULL buffer results in error. */
698 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
699 == -1 );
700 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
701 == -1 );
702 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
703 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, sizeof( output ) )
704 == -1 );
705 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
706 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
707
708 /* Make sure calling put and get on a buffer that hasn't been set up results
709 * in eror. */
710 mbedtls_test_buffer_init( &buf );
711
712 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
713 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
714 == -1 );
715 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
716 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
717 == -1 );
718 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
719 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
720
721 /* Make sure calling put end get on NULL input and output only results in
722 * error if the length is not zero. */
723
724 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
725
726 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
727 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
728 == -1 );
729 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
730 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
731
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]732 /* Make sure calling put several times in the row is safe */
733
734 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
735 == sizeof( input ) );
736 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
737 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
738 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
739 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
740
741
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]742exit:
743
744 mbedtls_test_buffer_free( &buf );
745}
746/* END_CASE */
747
748/*
749 * Test if the implementation of `mbedtls_test_buffer` related functions is
750 * correct and works as expected.
751 *
752 * That is
753 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
754 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
755 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
756 * bytes.
757 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
758 * - All of the bytes we got match the bytes we put in in a FIFO manner.
759 */
760
761/* BEGIN_CASE */
762void test_callback_buffer( int size, int put1, int put1_ret,
763 int get1, int get1_ret, int put2, int put2_ret,
764 int get2, int get2_ret )
765{
766 enum { ROUNDS = 2 };
767 size_t put[ROUNDS];
768 int put_ret[ROUNDS];
769 size_t get[ROUNDS];
770 int get_ret[ROUNDS];
771 mbedtls_test_buffer buf;
772 unsigned char* input = NULL;
773 size_t input_len;
774 unsigned char* output = NULL;
775 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]776 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]777
778 mbedtls_test_buffer_init( &buf );
779 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
780
781 /* Check the sanity of input parameters and initialise local variables. That
782 * is, ensure that the amount of data is not negative and that we are not
783 * expecting more to put or get than we actually asked for. */
784 TEST_ASSERT( put1 >= 0 );
785 put[0] = put1;
786 put_ret[0] = put1_ret;
787 TEST_ASSERT( put1_ret <= put1 );
788 TEST_ASSERT( put2 >= 0 );
789 put[1] = put2;
790 put_ret[1] = put2_ret;
791 TEST_ASSERT( put2_ret <= put2 );
792
793 TEST_ASSERT( get1 >= 0 );
794 get[0] = get1;
795 get_ret[0] = get1_ret;
796 TEST_ASSERT( get1_ret <= get1 );
797 TEST_ASSERT( get2 >= 0 );
798 get[1] = get2;
799 get_ret[1] = get2_ret;
800 TEST_ASSERT( get2_ret <= get2 );
801
802 input_len = 0;
803 /* Calculate actual input and output lengths */
804 for( j = 0; j < ROUNDS; j++ )
805 {
806 if( put_ret[j] > 0 )
807 {
808 input_len += put_ret[j];
809 }
810 }
811 /* In order to always have a valid pointer we always allocate at least 1
812 * byte. */
813 if( input_len == 0 )
814 input_len = 1;
815 ASSERT_ALLOC( input, input_len );
816
817 output_len = 0;
818 for( j = 0; j < ROUNDS; j++ )
819 {
820 if( get_ret[j] > 0 )
821 {
822 output_len += get_ret[j];
823 }
824 }
825 TEST_ASSERT( output_len <= input_len );
826 /* In order to always have a valid pointer we always allocate at least 1
827 * byte. */
828 if( output_len == 0 )
829 output_len = 1;
830 ASSERT_ALLOC( output, output_len );
831
832 /* Fill up the buffer with structured data so that unwanted changes
833 * can be detected */
834 for( i = 0; i < input_len; i++ )
835 {
836 input[i] = i & 0xFF;
837 }
838
839 written = read = 0;
840 for( j = 0; j < ROUNDS; j++ )
841 {
842 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
843 input + written, put[j] ) );
844 written += put_ret[j];
845 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
846 output + read, get[j] ) );
847 read += get_ret[j];
848 TEST_ASSERT( read <= written );
849 if( get_ret[j] > 0 )
850 {
851 TEST_ASSERT( memcmp( output + read - get_ret[j],
852 input + read - get_ret[j], get_ret[j] )
853 == 0 );
854 }
855 }
856
857exit:
858
859 mbedtls_free( input );
860 mbedtls_free( output );
861 mbedtls_test_buffer_free( &buf );
862}
863/* END_CASE */
864
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]865/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]866 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
867 * correct and works as expected on unconnected sockets.
868 */
869
870/* BEGIN_CASE */
871void ssl_mock_sanity( )
872{
873 enum { MSGLEN = 105 };
874 unsigned char message[MSGLEN];
875 unsigned char received[MSGLEN];
876 mbedtls_mock_socket socket;
877
878 mbedtls_mock_socket_init( &socket );
879 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
880 mbedtls_mock_socket_close( &socket );
881 mbedtls_mock_socket_init( &socket );
882 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
883 mbedtls_mock_socket_close( &socket );
884
885 mbedtls_mock_socket_init( &socket );
886 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
887 mbedtls_mock_socket_close( &socket );
888 mbedtls_mock_socket_init( &socket );
889 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
890 mbedtls_mock_socket_close( &socket );
891
892exit:
893
894 mbedtls_mock_socket_close( &socket );
895}
896/* END_CASE */
897
898/*
899 * Test if the implementation of `mbedtls_mock_socket` related functions can
900 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]901 */
902
903/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]904void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]905{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]906 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]907 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]908 unsigned char message[MSGLEN];
909 unsigned char received[MSGLEN];
910 mbedtls_mock_socket client;
911 mbedtls_mock_socket server;
912 size_t written, read;
913 int send_ret, recv_ret;
914 mbedtls_ssl_send_t *send;
915 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]916 unsigned i;
917
918 if( blocking == 0 )
919 {
920 send = mbedtls_mock_tcp_send_nb;
921 recv = mbedtls_mock_tcp_recv_nb;
922 }
923 else
924 {
925 send = mbedtls_mock_tcp_send_b;
926 recv = mbedtls_mock_tcp_recv_b;
927 }
928
929 mbedtls_mock_socket_init( &client );
930 mbedtls_mock_socket_init( &server );
931
932 /* Fill up the buffer with structured data so that unwanted changes
933 * can be detected */
934 for( i = 0; i < MSGLEN; i++ )
935 {
936 message[i] = i & 0xFF;
937 }
938
939 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]940 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]941
942 /* Send the message to the server */
943 send_ret = recv_ret = 1;
944 written = read = 0;
945 while( send_ret != 0 || recv_ret != 0 )
946 {
947 send_ret = send( &client, message + written, MSGLEN - written );
948
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]949 TEST_ASSERT( send_ret >= 0 );
950 TEST_ASSERT( send_ret <= BUFLEN );
951 written += send_ret;
952
953 /* If the buffer is full we can test blocking and non-blocking send */
954 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]955 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]956 int blocking_ret = send( &client, message , 1 );
957 if ( blocking )
958 {
959 TEST_ASSERT( blocking_ret == 0 );
960 }
961 else
962 {
963 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
964 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]965 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]966
967 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]968
969 /* The result depends on whether any data was sent */
970 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]971 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]972 TEST_ASSERT( recv_ret > 0 );
973 TEST_ASSERT( recv_ret <= BUFLEN );
974 read += recv_ret;
975 }
976 else if( blocking )
977 {
978 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]979 }
980 else
981 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]982 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
983 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]984 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]985
986 /* If the buffer is empty we can test blocking and non-blocking read */
987 if ( recv_ret == BUFLEN )
988 {
989 int blocking_ret = recv( &server, received, 1 );
990 if ( blocking )
991 {
992 TEST_ASSERT( blocking_ret == 0 );
993 }
994 else
995 {
996 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
997 }
998 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]999 }
1000 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1001
1002exit:
1003
1004 mbedtls_mock_socket_close( &client );
1005 mbedtls_mock_socket_close( &server );
1006}
1007/* END_CASE */
1008
1009/*
1010 * Test if the implementation of `mbedtls_mock_socket` related functions can
1011 * send messages in both direction at the same time (with the I/O calls
1012 * interleaving).
1013 */
1014
1015/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1016void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1017{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1018 enum { ROUNDS = 2 };
1019 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1020 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1021 unsigned char message[ROUNDS][MSGLEN];
1022 unsigned char received[ROUNDS][MSGLEN];
1023 mbedtls_mock_socket client;
1024 mbedtls_mock_socket server;
1025 size_t written[ROUNDS];
1026 size_t read[ROUNDS];
1027 int send_ret[ROUNDS];
1028 int recv_ret[ROUNDS];
1029 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1030 mbedtls_ssl_send_t *send;
1031 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1032
1033 if( blocking == 0 )
1034 {
1035 send = mbedtls_mock_tcp_send_nb;
1036 recv = mbedtls_mock_tcp_recv_nb;
1037 }
1038 else
1039 {
1040 send = mbedtls_mock_tcp_send_b;
1041 recv = mbedtls_mock_tcp_recv_b;
1042 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1043
1044 mbedtls_mock_socket_init( &client );
1045 mbedtls_mock_socket_init( &server );
1046
1047 /* Fill up the buffers with structured data so that unwanted changes
1048 * can be detected */
1049 for( i = 0; i < ROUNDS; i++ )
1050 {
1051 for( j = 0; j < MSGLEN; j++ )
1052 {
1053 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1054 }
1055 }
1056
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1057 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1058 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1059
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1060 /* Send the message from both sides, interleaving. */
1061 progress = 1;
1062 for( i = 0; i < ROUNDS; i++ )
1063 {
1064 written[i] = 0;
1065 read[i] = 0;
1066 }
1067 /* This loop does not stop as long as there was a successful write or read
1068 * of at least one byte on either side. */
1069 while( progress != 0 )
1070 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1071 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1072
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1073 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1074 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1075 /* First sending is from the client */
1076 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1077
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1078 send_ret[i] = send( socket, message[i] + written[i],
1079 MSGLEN - written[i] );
1080 TEST_ASSERT( send_ret[i] >= 0 );
1081 TEST_ASSERT( send_ret[i] <= BUFLEN );
1082 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1083
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1084 /* If the buffer is full we can test blocking and non-blocking
1085 * send */
1086 if ( send_ret[i] == BUFLEN )
1087 {
1088 int blocking_ret = send( socket, message[i] , 1 );
1089 if ( blocking )
1090 {
1091 TEST_ASSERT( blocking_ret == 0 );
1092 }
1093 else
1094 {
1095 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1096 }
1097 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1098 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1099
1100 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1101 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1102 /* First receiving is from the server */
1103 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
1104
1105 recv_ret[i] = recv( socket, received[i] + read[i],
1106 MSGLEN - read[i] );
1107
1108 /* The result depends on whether any data was sent */
1109 if ( send_ret[i] > 0 )
1110 {
1111 TEST_ASSERT( recv_ret[i] > 0 );
1112 TEST_ASSERT( recv_ret[i] <= BUFLEN );
1113 read[i] += recv_ret[i];
1114 }
1115 else if( blocking )
1116 {
1117 TEST_ASSERT( recv_ret[i] == 0 );
1118 }
1119 else
1120 {
1121 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
1122 recv_ret[i] = 0;
1123 }
1124
1125 /* If the buffer is empty we can test blocking and non-blocking
1126 * read */
1127 if ( recv_ret[i] == BUFLEN )
1128 {
1129 int blocking_ret = recv( socket, received[i], 1 );
1130 if ( blocking )
1131 {
1132 TEST_ASSERT( blocking_ret == 0 );
1133 }
1134 else
1135 {
1136 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1137 }
1138 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1139 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1140
1141 progress = 0;
1142 for( i = 0; i < ROUNDS; i++ )
1143 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame^]1144 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1145 }
1146 }
1147
1148 for( i = 0; i < ROUNDS; i++ )
1149 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1150
1151exit:
1152
1153 mbedtls_mock_socket_close( &client );
1154 mbedtls_mock_socket_close( &server );
1155}
1156/* END_CASE */
1157
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1158/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1159void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1160{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1161 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1162 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1163 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1164
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]1165 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1166 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]1167
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]1168 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
1169 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]1170 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
1171 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1172 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1173
1174 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1175 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1176 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1177 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1178 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1179 }
1180
1181 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1182 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1183 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1184
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1185 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1186 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1187}
1188/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1189
1190/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
1191void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
1192{
1193 mbedtls_ssl_context ssl;
1194 mbedtls_ssl_init( &ssl );
1195
1196 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
1197 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
1198
1199 mbedtls_ssl_free( &ssl );
1200}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]1201/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1202
1203/* BEGIN_CASE */
1204void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1205 int etm, int tag_mode, int ver,
1206 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1207{
1208 /*
1209 * Test several record encryptions and decryptions
1210 * with plenty of space before and after the data
1211 * within the record buffer.
1212 */
1213
1214 int ret;
1215 int num_records = 16;
1216 mbedtls_ssl_context ssl; /* ONLY for debugging */
1217
1218 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1219 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1220 size_t const buflen = 512;
1221 mbedtls_record rec, rec_backup;
1222
1223 mbedtls_ssl_init( &ssl );
1224 mbedtls_ssl_transform_init( &t0 );
1225 mbedtls_ssl_transform_init( &t1 );
1226 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1227 etm, tag_mode, ver,
1228 (size_t) cid0_len,
1229 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1230
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1231 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1232
1233 while( num_records-- > 0 )
1234 {
1235 mbedtls_ssl_transform *t_dec, *t_enc;
1236 /* Take turns in who's sending and who's receiving. */
1237 if( num_records % 3 == 0 )
1238 {
1239 t_dec = &t0;
1240 t_enc = &t1;
1241 }
1242 else
1243 {
1244 t_dec = &t1;
1245 t_enc = &t0;
1246 }
1247
1248 /*
1249 * The record header affects the transformation in two ways:
1250 * 1) It determines the AEAD additional data
1251 * 2) The record counter sometimes determines the IV.
1252 *
1253 * Apart from that, the fields don't have influence.
1254 * In particular, it is currently not the responsibility
1255 * of ssl_encrypt/decrypt_buf to check if the transform
1256 * version matches the record version, or that the
1257 * type is sensible.
1258 */
1259
1260 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
1261 rec.type = 42;
1262 rec.ver[0] = num_records;
1263 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1264#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1265 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1266#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1267
1268 rec.buf = buf;
1269 rec.buf_len = buflen;
1270 rec.data_offset = 16;
1271 /* Make sure to vary the length to exercise different
1272 * paddings. */
1273 rec.data_len = 1 + num_records;
1274
1275 memset( rec.buf + rec.data_offset, 42, rec.data_len );
1276
1277 /* Make a copy for later comparison */
1278 rec_backup = rec;
1279
1280 /* Encrypt record */
1281 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
1282 rnd_std_rand, NULL );
1283 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1284 if( ret != 0 )
1285 {
1286 continue;
1287 }
1288
1289 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1290 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
1291 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1292
1293 /* Compare results */
1294 TEST_ASSERT( rec.type == rec_backup.type );
1295 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
1296 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
1297 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
1298 TEST_ASSERT( rec.data_len == rec_backup.data_len );
1299 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
1300 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
1301 rec_backup.buf + rec_backup.data_offset,
1302 rec.data_len ) == 0 );
1303 }
1304
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1305exit:
1306
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1307 /* Cleanup */
1308 mbedtls_ssl_free( &ssl );
1309 mbedtls_ssl_transform_free( &t0 );
1310 mbedtls_ssl_transform_free( &t1 );
1311
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1312 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1313}
1314/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1315
1316/* BEGIN_CASE */
1317void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1318 int etm, int tag_mode, int ver,
1319 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1320{
1321 /*
1322 * Test pairs of encryption and decryption with an increasing
1323 * amount of space in the record buffer - in more detail:
1324 * 1) Try to encrypt with 0, 1, 2, ... bytes available
1325 * in front of the plaintext, and expect the encryption
1326 * to succeed starting from some offset. Always keep
1327 * enough space in the end of the buffer.
1328 * 2) Try to encrypt with 0, 1, 2, ... bytes available
1329 * at the end of the plaintext, and expect the encryption
1330 * to succeed starting from some offset. Always keep
1331 * enough space at the beginning of the buffer.
1332 * 3) Try to encrypt with 0, 1, 2, ... bytes available
1333 * both at the front and end of the plaintext,
1334 * and expect the encryption to succeed starting from
1335 * some offset.
1336 *
1337 * If encryption succeeds, check that decryption succeeds
1338 * and yields the original record.
1339 */
1340
1341 mbedtls_ssl_context ssl; /* ONLY for debugging */
1342
1343 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1344 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1345 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1346 mbedtls_record rec, rec_backup;
1347
1348 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1349 int mode; /* Mode 1, 2 or 3 as explained above */
1350 size_t offset; /* Available space at beginning/end/both */
1351 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1352
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1353 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
1354 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1355
1356 int seen_success; /* Indicates if in the current mode we've
1357 * already seen a successful test. */
1358
1359 mbedtls_ssl_init( &ssl );
1360 mbedtls_ssl_transform_init( &t0 );
1361 mbedtls_ssl_transform_init( &t1 );
1362 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1363 etm, tag_mode, ver,
1364 (size_t) cid0_len,
1365 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1366
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1367 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1368
1369 for( mode=1; mode <= 3; mode++ )
1370 {
1371 seen_success = 0;
1372 for( offset=0; offset <= threshold; offset++ )
1373 {
1374 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]1375 t_dec = &t0;
1376 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1377
1378 memset( rec.ctr, offset, sizeof( rec.ctr ) );
1379 rec.type = 42;
1380 rec.ver[0] = offset;
1381 rec.ver[1] = offset;
1382 rec.buf = buf;
1383 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1384#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1385 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1386#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1387
1388 switch( mode )
1389 {
1390 case 1: /* Space in the beginning */
1391 rec.data_offset = offset;
1392 rec.data_len = buflen - offset - default_post_padding;
1393 break;
1394
1395 case 2: /* Space in the end */
1396 rec.data_offset = default_pre_padding;
1397 rec.data_len = buflen - default_pre_padding - offset;
1398 break;
1399
1400 case 3: /* Space in the beginning and end */
1401 rec.data_offset = offset;
1402 rec.data_len = buflen - 2 * offset;
1403 break;
1404
1405 default:
1406 TEST_ASSERT( 0 );
1407 break;
1408 }
1409
1410 memset( rec.buf + rec.data_offset, 42, rec.data_len );
1411
1412 /* Make a copy for later comparison */
1413 rec_backup = rec;
1414
1415 /* Encrypt record */
1416 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
1417
1418 if( ( mode == 1 || mode == 2 ) && seen_success )
1419 {
1420 TEST_ASSERT( ret == 0 );
1421 }
1422 else
1423 {
1424 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1425 if( ret == 0 )
1426 seen_success = 1;
1427 }
1428
1429 if( ret != 0 )
1430 continue;
1431
1432 /* Decrypt record with t_dec */
1433 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
1434
1435 /* Compare results */
1436 TEST_ASSERT( rec.type == rec_backup.type );
1437 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
1438 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
1439 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
1440 TEST_ASSERT( rec.data_len == rec_backup.data_len );
1441 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
1442 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
1443 rec_backup.buf + rec_backup.data_offset,
1444 rec.data_len ) == 0 );
1445 }
1446
1447 TEST_ASSERT( seen_success == 1 );
1448 }
1449
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1450exit:
1451
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1452 /* Cleanup */
1453 mbedtls_ssl_free( &ssl );
1454 mbedtls_ssl_transform_free( &t0 );
1455 mbedtls_ssl_transform_free( &t1 );
1456
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1457 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1458}
1459/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1460
1461/* BEGIN_CASE */
1462void ssl_tls_prf( int type, data_t * secret, data_t * random,
1463 char *label, data_t *result_hex_str, int exp_ret )
1464{
1465 unsigned char *output;
1466
1467 output = mbedtls_calloc( 1, result_hex_str->len );
1468 if( output == NULL )
1469 goto exit;
1470
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]1471#if defined(MBEDTLS_USE_PSA_CRYPTO)
1472 TEST_ASSERT( psa_crypto_init() == 0 );
1473#endif
1474
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1475 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
1476 label, random->x, random->len,
1477 output, result_hex_str->len ) == exp_ret );
1478
1479 if( exp_ret == 0 )
1480 {
1481 TEST_ASSERT( hexcmp( output, result_hex_str->x,
1482 result_hex_str->len, result_hex_str->len ) == 0 );
1483 }
1484exit:
1485
1486 mbedtls_free( output );
1487}
1488/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1489
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1490/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1491void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1492{
1493 mbedtls_ssl_session original, restored;
1494 unsigned char *buf = NULL;
1495 size_t len;
1496
1497 /*
1498 * Test that a save-load pair is the identity
1499 */
1500
1501 mbedtls_ssl_session_init( &original );
1502 mbedtls_ssl_session_init( &restored );
1503
1504 /* Prepare a dummy session to work on */
1505 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
1506
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1507 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1508 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
1509 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1510 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
1511 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
1512 == 0 );
1513
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1514 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1515 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
1516
1517 /*
1518 * Make sure both session structures are identical
1519 */
1520#if defined(MBEDTLS_HAVE_TIME)
1521 TEST_ASSERT( original.start == restored.start );
1522#endif
1523 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
1524 TEST_ASSERT( original.compression == restored.compression );
1525 TEST_ASSERT( original.id_len == restored.id_len );
1526 TEST_ASSERT( memcmp( original.id,
1527 restored.id, sizeof( original.id ) ) == 0 );
1528 TEST_ASSERT( memcmp( original.master,
1529 restored.master, sizeof( original.master ) ) == 0 );
1530
1531#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1532#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1533 TEST_ASSERT( ( original.peer_cert == NULL ) ==
1534 ( restored.peer_cert == NULL ) );
1535 if( original.peer_cert != NULL )
1536 {
1537 TEST_ASSERT( original.peer_cert->raw.len ==
1538 restored.peer_cert->raw.len );
1539 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
1540 restored.peer_cert->raw.p,
1541 original.peer_cert->raw.len ) == 0 );
1542 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1543#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1544 TEST_ASSERT( original.peer_cert_digest_type ==
1545 restored.peer_cert_digest_type );
1546 TEST_ASSERT( original.peer_cert_digest_len ==
1547 restored.peer_cert_digest_len );
1548 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
1549 ( restored.peer_cert_digest == NULL ) );
1550 if( original.peer_cert_digest != NULL )
1551 {
1552 TEST_ASSERT( memcmp( original.peer_cert_digest,
1553 restored.peer_cert_digest,
1554 original.peer_cert_digest_len ) == 0 );
1555 }
1556#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1557#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1558 TEST_ASSERT( original.verify_result == restored.verify_result );
1559
1560#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1561 TEST_ASSERT( original.ticket_len == restored.ticket_len );
1562 if( original.ticket_len != 0 )
1563 {
1564 TEST_ASSERT( original.ticket != NULL );
1565 TEST_ASSERT( restored.ticket != NULL );
1566 TEST_ASSERT( memcmp( original.ticket,
1567 restored.ticket, original.ticket_len ) == 0 );
1568 }
1569 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
1570#endif
1571
1572#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1573 TEST_ASSERT( original.mfl_code == restored.mfl_code );
1574#endif
1575
1576#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1577 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
1578#endif
1579
1580#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1581 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
1582#endif
1583
1584exit:
1585 mbedtls_ssl_session_free( &original );
1586 mbedtls_ssl_session_free( &restored );
1587 mbedtls_free( buf );
1588}
1589/* END_CASE */
1590
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]1591/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1592void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1593{
1594 mbedtls_ssl_session session;
1595 unsigned char *buf1 = NULL, *buf2 = NULL;
1596 size_t len0, len1, len2;
1597
1598 /*
1599 * Test that a load-save pair is the identity
1600 */
1601
1602 mbedtls_ssl_session_init( &session );
1603
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1604 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1605 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1606
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1607 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1608 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
1609 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1610
1611 /* Allocate first buffer */
1612 buf1 = mbedtls_calloc( 1, len0 );
1613 TEST_ASSERT( buf1 != NULL );
1614
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1615 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1616 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
1617 == 0 );
1618 TEST_ASSERT( len0 == len1 );
1619 mbedtls_ssl_session_free( &session );
1620
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1621 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1622 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1623
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1624 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1625 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]1626 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1627 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
1628 == 0 );
1629
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1630 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1631 TEST_ASSERT( len1 == len2 );
1632 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
1633
1634exit:
1635 mbedtls_ssl_session_free( &session );
1636 mbedtls_free( buf1 );
1637 mbedtls_free( buf2 );
1638}
1639/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1640
1641/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1642void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1643{
1644 mbedtls_ssl_session session;
1645 unsigned char *buf = NULL;
1646 size_t good_len, bad_len, test_len;
1647
1648 /*
1649 * Test that session_save() fails cleanly on small buffers
1650 */
1651
1652 mbedtls_ssl_session_init( &session );
1653
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1654 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1655 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1656 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1657 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1658
1659 /* Try all possible bad lengths */
1660 for( bad_len = 1; bad_len < good_len; bad_len++ )
1661 {
1662 /* Allocate exact size so that asan/valgrind can detect any overwrite */
1663 mbedtls_free( buf );
1664 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
1665 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
1666 &test_len )
1667 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1668 TEST_ASSERT( test_len == good_len );
1669 }
1670
1671exit:
1672 mbedtls_ssl_session_free( &session );
1673 mbedtls_free( buf );
1674}
1675/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1676
1677/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1678void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1679{
1680 mbedtls_ssl_session session;
1681 unsigned char *good_buf = NULL, *bad_buf = NULL;
1682 size_t good_len, bad_len;
1683
1684 /*
1685 * Test that session_load() fails cleanly on small buffers
1686 */
1687
1688 mbedtls_ssl_session_init( &session );
1689
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1690 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1691 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1692 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1693 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1694 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
1695 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
1696 &good_len ) == 0 );
1697 mbedtls_ssl_session_free( &session );
1698
1699 /* Try all possible bad lengths */
1700 for( bad_len = 0; bad_len < good_len; bad_len++ )
1701 {
1702 /* Allocate exact size so that asan/valgrind can detect any overread */
1703 mbedtls_free( bad_buf );
1704 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
1705 TEST_ASSERT( bad_buf != NULL );
1706 memcpy( bad_buf, good_buf, bad_len );
1707
1708 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
1709 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1710 }
1711
1712exit:
1713 mbedtls_ssl_session_free( &session );
1714 mbedtls_free( good_buf );
1715 mbedtls_free( bad_buf );
1716}
1717/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1718
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1719/* BEGIN_CASE */
1720void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1721 int corrupt_minor,
1722 int corrupt_patch,
1723 int corrupt_config )
1724{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1725 unsigned char serialized_session[ 2048 ];
1726 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1727 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1728 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1729 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
1730 corrupt_minor == 1,
1731 corrupt_patch == 1,
1732 corrupt_config == 1,
1733 corrupt_config == 1 };
1734
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1735 mbedtls_ssl_session_init( &session );
1736
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1737 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1738 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1739 serialized_session,
1740 sizeof( serialized_session ),
1741 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1742
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1743 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1744
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1745 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1746 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1747 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1748 serialized_session,
1749 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1750 mbedtls_ssl_session_free( &session );
1751
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1752 /* Go through the bytes in the serialized session header and
1753 * corrupt them bit-by-bit. */
1754 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1755 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1756 int cur_bit;
1757 unsigned char * const byte = &serialized_session[ cur_byte ];
1758
1759 if( should_corrupt_byte[ cur_byte ] == 0 )
1760 continue;
1761
1762 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
1763 {
1764 unsigned char const corrupted_bit = 0x1u << cur_bit;
1765 /* Modify a single bit in the serialized session. */
1766 *byte ^= corrupted_bit;
1767
1768 /* Attempt to deserialize */
1769 TEST_ASSERT( mbedtls_ssl_session_load( &session,
1770 serialized_session,
1771 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]1772 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1773
1774 /* Undo the change */
1775 *byte ^= corrupted_bit;
1776 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1777 }
1778
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1779}
1780/* END_CASE */