TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6a7f01c237612960f35a052e65aaabd607565aca / . / tests / suites / test_suite_ssl.function
blob: 88e405bf7ac6b2398c0b8ed7c350cf8411e4a035 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
6#include <mbedtls/certs.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]7#include <mbedtls/timing.h>
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]8
9/*
10 * Buffer structure for custom I/O callbacks.
11 */
12
13typedef struct mbedtls_test_buffer
14{
15 size_t start;
16 size_t content_length;
17 size_t capacity;
18 unsigned char *buffer;
19} mbedtls_test_buffer;
20
21/*
22 * Initialises \p buf. After calling this function it is safe to call
23 * `mbedtls_test_buffer_free()` on \p buf.
24 */
25void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
26{
27 memset( buf, 0, sizeof( *buf ) );
28}
29
30/*
31 * Sets up \p buf. After calling this function it is safe to call
32 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
33 */
34int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
35{
36 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
37 sizeof(unsigned char) );
38 if( NULL == buf->buffer )
39 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
40 buf->capacity = capacity;
41
42 return 0;
43}
44
45void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
46{
47 if( buf->buffer != NULL )
48 mbedtls_free( buf->buffer );
49
50 memset( buf, 0, sizeof( *buf ) );
51}
52
53/*
54 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
55 *
56 * \p buf must have been initialized and set up by calling
57 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
58 *
59 * \retval \p input_len, if the data fits.
60 * \retval 0 <= value < \p input_len, if the data does not fit.
61 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
62 * zero and \p input is NULL.
63 */
64int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]65 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]66{
67 size_t overflow = 0;
68
69 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
70 return -1;
71
72 /* Reduce input_len to a number that fits in the buffer. */
73 if ( ( buf->content_length + input_len ) > buf->capacity )
74 {
75 input_len = buf->capacity - buf->content_length;
76 }
77
78 if( input == NULL )
79 {
80 return ( input_len == 0 ) ? 0 : -1;
81 }
82
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]83 /* Check if the buffer has not come full circle and free space is not in
84 * the middle */
85 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]86 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]87
88 /* Calculate the number of bytes that need to be placed at lower memory
89 * address */
90 if( buf->start + buf->content_length + input_len
91 > buf->capacity )
92 {
93 overflow = ( buf->start + buf->content_length + input_len )
94 % buf->capacity;
95 }
96
97 memcpy( buf->buffer + buf->start + buf->content_length, input,
98 input_len - overflow );
99 memcpy( buf->buffer, input + input_len - overflow, overflow );
100
101 }
102 else
103 {
104 /* The buffer has come full circle and free space is in the middle */
105 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
106 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]107 }
108
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]109 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]110 return input_len;
111}
112
113/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]114 * Gets \p output_len bytes from the ring buffer \p buf into the
115 * \p output buffer. The output buffer can be NULL, in this case a part of the
116 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]117 *
118 * \p buf must have been initialized and set up by calling
119 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
120 *
121 * \retval \p output_len, if the data is available.
122 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]123 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]124 */
125int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
126 unsigned char* output, size_t output_len )
127{
128 size_t overflow = 0;
129
130 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
131 return -1;
132
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]133 if( output == NULL && output_len == 0 )
134 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]135
136 if( buf->content_length < output_len )
137 output_len = buf->content_length;
138
139 /* Calculate the number of bytes that need to be drawn from lower memory
140 * address */
141 if( buf->start + output_len > buf->capacity )
142 {
143 overflow = ( buf->start + output_len ) % buf->capacity;
144 }
145
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]146 if( output != NULL )
147 {
148 memcpy( output, buf->buffer + buf->start, output_len - overflow );
149 memcpy( output + output_len - overflow, buf->buffer, overflow );
150 }
151
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]152 buf->content_length -= output_len;
153 buf->start = ( buf->start + output_len ) % buf->capacity;
154
155 return output_len;
156}
157
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]158/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]159 * Errors used in the message transport mock tests
160 */
161 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]162 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
163
164/*
165 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
166 */
167typedef struct mbedtls_test_message_queue
168{
169 size_t *messages;
170 int pos;
171 int num;
172 int capacity;
173} mbedtls_test_message_queue;
174
175/*
176 * Setup and free functions for the message metadata queue.
177 *
178 * \p capacity describes the number of message metadata chunks that can be held
179 * within the queue.
180 *
181 * \retval 0, if a metadata queue of a given length can be allocated.
182 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
183 */
184int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
185 size_t capacity )
186{
187 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
188 if( NULL == queue->messages )
189 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
190
191 queue->capacity = capacity;
192 queue->pos = 0;
193 queue->num = 0;
194
195 return 0;
196}
197
198void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
199{
200 if( queue == NULL )
201 return;
202
203 if( queue->messages != NULL )
204 mbedtls_free( queue->messages );
205
206 memset( queue, 0, sizeof( *queue ) );
207}
208
209/*
210 * Push message length information onto the message metadata queue.
211 * This will become the last element to leave it (fifo).
212 *
213 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]214 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]215 * \retval \p len, if the push was successful.
216 */
217int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
218 size_t len )
219{
220 int place;
221 if( queue == NULL )
222 return MBEDTLS_TEST_ERROR_ARG_NULL;
223
224 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]225 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]226
227 place = ( queue->pos + queue->num ) % queue->capacity;
228 queue->messages[place] = len;
229 queue->num++;
230 return len;
231}
232
233/*
234 * Pop information about the next message length from the queue. This will be
235 * the oldest inserted message length(fifo). \p msg_len can be null, in which
236 * case the data will be popped from the queue but not copied anywhere.
237 *
238 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]239 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]240 * \retval message length, if the pop was successful, up to the given
241 \p buf_len.
242 */
243int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
244 size_t buf_len )
245{
246 size_t message_length;
247 if( queue == NULL )
248 return MBEDTLS_TEST_ERROR_ARG_NULL;
249 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]250 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]251
252 message_length = queue->messages[queue->pos];
253 queue->messages[queue->pos] = 0;
254 queue->num--;
255 queue->pos++;
256 queue->pos %= queue->capacity;
257 if( queue->pos < 0 )
258 queue->pos += queue->capacity;
259
260 return ( message_length > buf_len ) ? buf_len : message_length;
261}
262
263/*
264 * Take a peek on the info about the next message length from the queue.
265 * This will be the oldest inserted message length(fifo).
266 *
267 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]268 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]269 * \retval 0, if the peek was successful.
270 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
271 * too small to fit the message. In this case the \p msg_len will be
272 * set to the full message length so that the
273 * caller knows what portion of the message can be dropped.
274 */
275int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
276 size_t buf_len, size_t* msg_len )
277{
278 if( queue == NULL || msg_len == NULL )
279 return MBEDTLS_TEST_ERROR_ARG_NULL;
280 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]281 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]282
283 *msg_len = queue->messages[queue->pos];
284 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
285}
286/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]287 * Context for the I/O callbacks simulating network connection.
288 */
289
290#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
291
292typedef struct mbedtls_mock_socket
293{
294 int status;
295 mbedtls_test_buffer *input;
296 mbedtls_test_buffer *output;
297 struct mbedtls_mock_socket *peer;
298} mbedtls_mock_socket;
299
300/*
301 * Setup and teardown functions for mock sockets.
302 */
303void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
304{
305 memset( socket, 0, sizeof( *socket ) );
306}
307
308/*
309 * Closes the socket \p socket.
310 *
311 * \p socket must have been previously initialized by calling
312 * mbedtls_mock_socket_init().
313 *
314 * This function frees all allocated resources and both sockets are aware of the
315 * new connection state.
316 *
317 * That is, this function does not simulate half-open TCP connections and the
318 * phenomenon that when closing a UDP connection the peer is not aware of the
319 * connection having been closed.
320 */
321void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
322{
323 if( socket == NULL )
324 return;
325
326 if( socket->input != NULL )
327 {
328 mbedtls_test_buffer_free( socket->input );
329 mbedtls_free( socket->input );
330 }
331
332 if( socket->output != NULL )
333 {
334 mbedtls_test_buffer_free( socket->output );
335 mbedtls_free( socket->output );
336 }
337
338 if( socket->peer != NULL )
339 memset( socket->peer, 0, sizeof( *socket->peer ) );
340
341 memset( socket, 0, sizeof( *socket ) );
342}
343
344/*
345 * Establishes a connection between \p peer1 and \p peer2.
346 *
347 * \p peer1 and \p peer2 must have been previously initialized by calling
348 * mbedtls_mock_socket_init().
349 *
350 * The capacites of the internal buffers are set to \p bufsize. Setting this to
351 * the correct value allows for simulation of MTU, sanity testing the mock
352 * implementation and mocking TCP connections with lower memory cost.
353 */
354int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
355 mbedtls_mock_socket* peer2,
356 size_t bufsize )
357{
358 int ret = -1;
359
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]360 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]361 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
362 if( peer1->output == NULL )
363 {
364 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
365 goto exit;
366 }
367 mbedtls_test_buffer_init( peer1->output );
368 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
369 {
370 goto exit;
371 }
372
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]373 peer2->output =
374 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
375 if( peer2->output == NULL )
376 {
377 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
378 goto exit;
379 }
380 mbedtls_test_buffer_init( peer2->output );
381 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
382 {
383 goto exit;
384 }
385
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]386 peer1->peer = peer2;
387 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]388 peer1->input = peer2->output;
389 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]390
391 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
392 ret = 0;
393
394exit:
395
396 if( ret != 0 )
397 {
398 mbedtls_mock_socket_close( peer1 );
399 mbedtls_mock_socket_close( peer2 );
400 }
401
402 return ret;
403}
404
405/*
406 * Callbacks for simulating blocking I/O over connection-oriented transport.
407 */
408
409int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
410{
411 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
412
413 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
414 return -1;
415
416 return mbedtls_test_buffer_put( socket->output, buf, len );
417}
418
419int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
420{
421 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
422
423 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
424 return -1;
425
426 return mbedtls_test_buffer_get( socket->input, buf, len );
427}
428
429/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]430 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
431 */
432
433int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
434{
435 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
436
437 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
438 return -1;
439
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]440 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]441 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]442 return MBEDTLS_ERR_SSL_WANT_WRITE;
443 }
444
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]445 return mbedtls_test_buffer_put( socket->output, buf, len );
446}
447
448int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
449{
450 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
451
452 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
453 return -1;
454
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]455 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]456 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]457 return MBEDTLS_ERR_SSL_WANT_READ;
458 }
459
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]460 return mbedtls_test_buffer_get( socket->input, buf, len );
461}
462
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]463/* Errors used in the message socket mocks */
464
465#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
466#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
467#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
468
469/*
470 * Structure used as an addon, or a wrapper, around the mocked sockets.
471 * Contains an input queue, to which the other socket pushes metadata,
472 * and an output queue, to which this one pushes metadata. This context is
473 * considered as an owner of the input queue only, which is initialized and
474 * freed in the respective setup and free calls.
475 */
476typedef struct mbedtls_test_message_socket_context
477{
478 mbedtls_test_message_queue* queue_input;
479 mbedtls_test_message_queue* queue_output;
480 mbedtls_mock_socket* socket;
481} mbedtls_test_message_socket_context;
482
483/*
484 * Setup a given mesasge socket context including initialization of
485 * input/output queues to a chosen capacity of messages. Also set the
486 * corresponding mock socket.
487 *
488 * \retval 0, if everything succeeds.
489 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
490 * queue failed.
491 */
492int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
493 mbedtls_test_message_queue* queue_output,
494 size_t queue_capacity,
495 mbedtls_mock_socket* socket,
496 mbedtls_test_message_socket_context* ctx )
497{
498 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
499 if( ret != 0 )
500 return ret;
501 ctx->queue_input = queue_input;
502 ctx->queue_output = queue_output;
503 ctx->socket = socket;
504 mbedtls_mock_socket_init( socket );
505
506 return 0;
507}
508
509/*
510 * Close a given message socket context, along with the socket itself. Free the
511 * memory allocated by the input queue.
512 */
513void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
514{
515 if( ctx == NULL )
516 return;
517
518 mbedtls_test_message_queue_free( ctx->queue_input );
519 mbedtls_mock_socket_close( ctx->socket );
520 memset( ctx, 0, sizeof( *ctx ) );
521}
522
523/*
524 * Send one message through a given message socket context.
525 *
526 * \retval \p len, if everything succeeds.
527 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
528 * elements or the context itself is null.
529 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]530 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]531 *
532 * This function will also return any error from
533 * mbedtls_test_message_queue_push_info.
534 */
535int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
536{
537 mbedtls_test_message_queue* queue;
538 mbedtls_mock_socket* socket;
539 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
540
541 if( context == NULL || context->socket == NULL
542 || context->queue_output == NULL )
543 {
544 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
545 }
546
547 queue = context->queue_output;
548 socket = context->socket;
549
550 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]551 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]552
553 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
554 return MBEDTLS_TEST_ERROR_SEND_FAILED;
555
556 return mbedtls_test_message_queue_push_info( queue, len );
557}
558
559/*
560 * Receive one message from a given message socket context and return message
561 * length or an error.
562 *
563 * \retval message length, if everything succeeds.
564 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
565 * elements or the context itself is null.
566 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
567 *
568 * This function will also return any error other than
569 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
570 */
571int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
572{
573 mbedtls_test_message_queue* queue;
574 mbedtls_mock_socket* socket;
575 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
576 size_t drop_len;
577 size_t msg_len;
578 int ret;
579
580 if( context == NULL || context->socket == NULL
581 || context->queue_input == NULL )
582 {
583 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
584 }
585
586 queue = context->queue_input;
587 socket = context->socket;
588
589 /* Peek first, so that in case of a socket error the data remains in
590 * the queue. */
591 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
592 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
593 {
594 /* Calculate how much to drop */
595 drop_len = msg_len - buf_len;
596
597 /* Set the requested message len to be buffer length */
598 msg_len = buf_len;
599 } else if( ret != 0 )
600 {
601 return ret;
602 }
603
604 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
605 return MBEDTLS_TEST_ERROR_RECV_FAILED;
606
607 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
608 {
609 /* Drop the remaining part of the message */
610 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
611 {
612 /* Inconsistent state - part of the message was read,
613 * and a part couldn't. Not much we can do here, but it should not
614 * happen in test environment, unless forced manually. */
615 }
616 }
617 mbedtls_test_message_queue_pop_info( queue, buf_len );
618
619 return msg_len;
620}
621
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]622#if defined(MBEDTLS_X509_CRT_PARSE_C)
623
624/*
625 * Structure with endpoint's certificates for SSL communication tests.
626 */
627typedef struct mbedtls_endpoint_certificate
628{
629 mbedtls_x509_crt ca_cert;
630 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]631 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]632} mbedtls_endpoint_certificate;
633
634/*
635 * Endpoint structure for SSL communication tests.
636 */
637typedef struct mbedtls_endpoint
638{
639 const char *name;
640 mbedtls_ssl_context ssl;
641 mbedtls_ssl_config conf;
642 mbedtls_ctr_drbg_context ctr_drbg;
643 mbedtls_entropy_context entropy;
644 mbedtls_mock_socket socket;
645 mbedtls_endpoint_certificate cert;
646} mbedtls_endpoint;
647
648/*
649 * Initializes \p ep_cert structure and assigns it to endpoint
650 * represented by \p ep.
651 *
652 * \retval 0 on success, otherwise error code.
653 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]654int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]655{
656 int i = 0;
657 int ret = -1;
658 mbedtls_endpoint_certificate *cert;
659
660 if( ep == NULL )
661 {
662 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
663 }
664
665 cert = &( ep->cert );
666 mbedtls_x509_crt_init( &( cert->ca_cert ) );
667 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]668 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]669
670 /* Load the trusted CA */
671
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]672 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
673 {
674 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
675 (const unsigned char *) mbedtls_test_cas_der[i],
676 mbedtls_test_cas_der_len[i] );
677 TEST_ASSERT( ret == 0 );
678 }
679
680 /* Load own certificate and private key */
681
682 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
683 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]684 if( pk_alg == MBEDTLS_PK_RSA )
685 {
686 ret = mbedtls_x509_crt_parse( &( cert->cert ),
687 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
688 mbedtls_test_srv_crt_rsa_sha256_der_len );
689 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]690
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]691 ret = mbedtls_pk_parse_key( &( cert->pkey ),
692 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
693 mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
694 TEST_ASSERT( ret == 0 );
695 }
696 else
697 {
698 ret = mbedtls_x509_crt_parse( &( cert->cert ),
699 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
700 mbedtls_test_srv_crt_ec_der_len );
701 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]702
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]703 ret = mbedtls_pk_parse_key( &( cert->pkey ),
704 (const unsigned char*) mbedtls_test_srv_key_ec_der,
705 mbedtls_test_srv_key_ec_der_len, NULL, 0 );
706 TEST_ASSERT( ret == 0 );
707 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]708 }
709 else
710 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]711 if( pk_alg == MBEDTLS_PK_RSA )
712 {
713 ret = mbedtls_x509_crt_parse( &( cert->cert ),
714 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
715 mbedtls_test_cli_crt_rsa_der_len );
716 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]717
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]718 ret = mbedtls_pk_parse_key( &( cert->pkey ),
719 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
720 mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
721 TEST_ASSERT( ret == 0 );
722 }
723 else
724 {
725 ret = mbedtls_x509_crt_parse( &( cert->cert ),
726 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
727 mbedtls_test_cli_crt_ec_len );
728 TEST_ASSERT( ret == 0 );
729
730 ret = mbedtls_pk_parse_key( &( cert->pkey ),
731 (const unsigned char *) mbedtls_test_cli_key_ec_der,
732 mbedtls_test_cli_key_ec_der_len, NULL, 0 );
733 TEST_ASSERT( ret == 0 );
734 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]735 }
736
737 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
738
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]739 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
740 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]741 TEST_ASSERT( ret == 0 );
742
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]743exit:
744 if( ret != 0 )
745 {
746 mbedtls_x509_crt_free( &( cert->ca_cert ) );
747 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]748 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]749 }
750
751 return ret;
752}
753
754/*
755 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
756 * after calling this function even if it fails.
757 *
758 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
759 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]760 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
761 * MBEDTLS_PK_ECDSA are supported.
762 * \p dtls_context - in case of DTLS - this is the context handling metadata.
763 * \p input_queue - used only in case of DTLS.
764 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]765 *
766 * \retval 0 on success, otherwise error code.
767 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]768int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
769 mbedtls_test_message_socket_context *dtls_context,
770 mbedtls_test_message_queue *input_queue,
771 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]772{
773 int ret = -1;
774
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]775 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]776 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]777
778 if( ep == NULL )
779 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]780
781 memset( ep, 0, sizeof( *ep ) );
782
783 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
784
785 mbedtls_ssl_init( &( ep->ssl ) );
786 mbedtls_ssl_config_init( &( ep->conf ) );
787 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
788 mbedtls_ssl_conf_rng( &( ep->conf ),
789 mbedtls_ctr_drbg_random,
790 &( ep->ctr_drbg ) );
791 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]792 if( dtls_context != NULL )
793 {
794 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
795 100, &( ep->socket ),
796 dtls_context ) == 0 );
797 }
798 else
799 {
800 mbedtls_mock_socket_init( &( ep->socket ) );
801 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]802
803 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
804 &( ep->entropy ), (const unsigned char *) ( ep->name ),
805 strlen( ep->name ) );
806 TEST_ASSERT( ret == 0 );
807
808 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]809 if( dtls_context != NULL )
810 {
811 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
812 mbedtls_mock_tcp_send_msg,
813 mbedtls_mock_tcp_recv_msg,
814 NULL );
815 }
816 else
817 {
818 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
819 mbedtls_mock_tcp_send_nb,
820 mbedtls_mock_tcp_recv_nb,
821 NULL );
822 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]823
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]824 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]825 ( dtls_context != NULL ) ?
826 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
827 MBEDTLS_SSL_TRANSPORT_STREAM,
828 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]829 TEST_ASSERT( ret == 0 );
830
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]831 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
832 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]833
834#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
835 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
836 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
837#endif
838
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]839 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]840 TEST_ASSERT( ret == 0 );
841
842exit:
843 return ret;
844}
845
846/*
847 * Deinitializes certificates from endpoint represented by \p ep.
848 */
849void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
850{
851 mbedtls_endpoint_certificate *cert = &( ep->cert );
852 mbedtls_x509_crt_free( &( cert->ca_cert ) );
853 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]854 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]855}
856
857/*
858 * Deinitializes endpoint represented by \p ep.
859 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]860void mbedtls_endpoint_free( mbedtls_endpoint *ep,
861 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]862{
863 mbedtls_endpoint_certificate_free( ep );
864
865 mbedtls_ssl_free( &( ep->ssl ) );
866 mbedtls_ssl_config_free( &( ep->conf ) );
867 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
868 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]869
870 if( context != NULL )
871 {
872 mbedtls_message_socket_close( context );
873 }
874 else
875 {
876 mbedtls_mock_socket_close( &( ep->socket ) );
877 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]878}
879
880/*
881 * This function moves ssl handshake from \p ssl to prescribed \p state.
882 * /p second_ssl is used as second endpoint and their sockets have to be
883 * connected before calling this function.
884 *
885 * \retval 0 on success, otherwise error code.
886 */
887int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
888 mbedtls_ssl_context *second_ssl,
889 int state )
890{
891 enum { BUFFSIZE = 1024 };
892 int max_steps = 1000;
893 int ret = 0;
894
895 if( ssl == NULL || second_ssl == NULL )
896 {
897 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
898 }
899
900 /* Perform communication via connected sockets */
901 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
902 {
903 /* If /p second_ssl ends the handshake procedure before /p ssl then
904 * there is no need to call the next step */
905 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
906 {
907 ret = mbedtls_ssl_handshake_step( second_ssl );
908 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
909 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
910 {
911 return ret;
912 }
913 }
914
915 /* We only care about the \p ssl state and returns, so we call it last,
916 * to leave the iteration as soon as the state is as expected. */
917 ret = mbedtls_ssl_handshake_step( ssl );
918 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
919 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
920 {
921 return ret;
922 }
923 }
924
925 return ( max_steps >= 0 ) ? ret : -1;
926}
927
928#endif /* MBEDTLS_X509_CRT_PARSE_C */
929
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]930/*
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]931 * Write application data. Increase write counter and fragments counter if
932 * necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]933 */
934int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]935 int buf_len, int *written,
936 int *fragments, const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]937{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]938 int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
939 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]940 {
941 (*fragments)++;
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]942 *written += ret;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]943 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]944
945 if( expected_fragments == 0 )
946 {
947 /* Used for DTLS and the message size larger than MFL. In that case
948 * the message can not be fragmented and the library should return
949 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
950 * to prevent a dead loop inside mbedtls_exchange_data(). */
951 return ret;
952 }
953 else if( expected_fragments == 1 )
954 {
955 /* Used for TLS/DTLS and the message size lower than MFL */
956 TEST_ASSERT( ret == buf_len ||
957 ret == MBEDTLS_ERR_SSL_WANT_READ ||
958 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
959 }
960 else
961 {
962 /* Used for TLS and the message size larger than MFL */
963 TEST_ASSERT( expected_fragments > 1 );
964 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
965 ret == MBEDTLS_ERR_SSL_WANT_READ ||
966 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
967 }
968
969 return 0;
970
971exit:
972 /* Some of the tests failed */
973 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]974}
975
976/*
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]977 * Read application data and increase read counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]978 */
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]979int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
980 int buf_len, int *read,
981 const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]982{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]983 int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
984 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]985 {
986 *read += ret;
987 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]988
989 if( expected_fragments == 0 )
990 {
991 TEST_ASSERT( ret == 0 );
992 }
993 else if( expected_fragments == 1 )
994 {
995 TEST_ASSERT( ret == buf_len ||
996 ret == MBEDTLS_ERR_SSL_WANT_READ ||
997 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
998 }
999 else
1000 {
1001 TEST_ASSERT( expected_fragments > 1 );
1002 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1003 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1004 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1005 }
1006
1007 return 0;
1008
1009exit:
1010 /* Some of the tests failed */
1011 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1012}
1013
1014/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1015 * Helper function setting up inverse record transformations
1016 * using given cipher, hash, EtM mode, authentication tag length,
1017 * and version.
1018 */
1019
1020#define CHK( x ) \
1021 do \
1022 { \
1023 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1024 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1025 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1026 goto cleanup; \
1027 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1028 } while( 0 )
1029
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1030void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
1031 int* forced_ciphersuite )
1032{
1033 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1034 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
1035 forced_ciphersuite[1] = 0;
1036
1037 ciphersuite_info =
1038 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
1039
1040 TEST_ASSERT( ciphersuite_info != NULL );
1041 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
1042 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
1043
1044 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
1045 {
1046 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
1047 }
1048 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
1049 {
1050 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
1051 }
1052
1053 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
1054
1055exit:
1056 return;
1057}
1058
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1059int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1060 const unsigned char *name, size_t name_len )
1061{
1062 (void) p_info;
1063 (void) ssl;
1064 (void) name;
1065 (void) name_len;
1066
1067 return ( 0 );
1068}
1069
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1070#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1071#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1072#else
1073#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1074#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1075
1076static int build_transforms( mbedtls_ssl_transform *t_in,
1077 mbedtls_ssl_transform *t_out,
1078 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1079 int etm, int tag_mode, int ver,
1080 size_t cid0_len,
1081 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1082{
1083 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1084 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1085
1086 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1087 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1088 unsigned char iv_enc[16], iv_dec[16];
1089
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1090#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1091 unsigned char cid0[ SSL_CID_LEN_MIN ];
1092 unsigned char cid1[ SSL_CID_LEN_MIN ];
1093
1094 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1095 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1096#else
1097 ((void) cid0_len);
1098 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1099#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1100
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1101 maclen = 0;
1102
1103 /* Pick cipher */
1104 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1105 CHK( cipher_info != NULL );
1106 CHK( cipher_info->iv_size <= 16 );
1107 CHK( cipher_info->key_bitlen % 8 == 0 );
1108
1109 /* Pick keys */
1110 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1111 /* Allocate `keylen + 1` bytes to ensure that we get
1112 * a non-NULL pointers from `mbedtls_calloc` even if
1113 * `keylen == 0` in the case of the NULL cipher. */
1114 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1115 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1116 memset( key0, 0x1, keylen );
1117 memset( key1, 0x2, keylen );
1118
1119 /* Setup cipher contexts */
1120 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1121 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1122 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1123 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1124
1125#if defined(MBEDTLS_CIPHER_MODE_CBC)
1126 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1127 {
1128 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1129 MBEDTLS_PADDING_NONE ) == 0 );
1130 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1131 MBEDTLS_PADDING_NONE ) == 0 );
1132 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1133 MBEDTLS_PADDING_NONE ) == 0 );
1134 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1135 MBEDTLS_PADDING_NONE ) == 0 );
1136 }
1137#endif /* MBEDTLS_CIPHER_MODE_CBC */
1138
1139 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1140 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1141 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1142 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1143 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1144 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1145 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1146 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1147
1148 /* Setup MAC contexts */
1149#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
1150 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1151 cipher_info->mode == MBEDTLS_MODE_STREAM )
1152 {
1153 mbedtls_md_info_t const *md_info;
1154 unsigned char *md0, *md1;
1155
1156 /* Pick hash */
1157 md_info = mbedtls_md_info_from_type( hash_id );
1158 CHK( md_info != NULL );
1159
1160 /* Pick hash keys */
1161 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1162 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1163 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1164 memset( md0, 0x5, maclen );
1165 memset( md1, 0x6, maclen );
1166
1167 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1168 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1169 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1170 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1171
1172 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
1173 {
1174 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1175 md0, maclen ) == 0 );
1176 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1177 md1, maclen ) == 0 );
1178 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1179 md1, maclen ) == 0 );
1180 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1181 md0, maclen ) == 0 );
1182 }
1183#if defined(MBEDTLS_SSL_PROTO_SSL3)
1184 else
1185 {
1186 memcpy( &t_in->mac_enc, md0, maclen );
1187 memcpy( &t_in->mac_dec, md1, maclen );
1188 memcpy( &t_out->mac_enc, md1, maclen );
1189 memcpy( &t_out->mac_dec, md0, maclen );
1190 }
1191#endif
1192
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1193 mbedtls_free( md0 );
1194 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1195 }
1196#else
1197 ((void) hash_id);
1198#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
1199
1200
1201 /* Pick IV's (regardless of whether they
1202 * are being used by the transform). */
1203 ivlen = cipher_info->iv_size;
1204 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1205 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1206
1207 /*
1208 * Setup transforms
1209 */
1210
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1211#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1212 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1213 t_out->encrypt_then_mac = etm;
1214 t_in->encrypt_then_mac = etm;
1215#else
1216 ((void) etm);
1217#endif
1218
1219 t_out->minor_ver = ver;
1220 t_in->minor_ver = ver;
1221 t_out->ivlen = ivlen;
1222 t_in->ivlen = ivlen;
1223
1224 switch( cipher_info->mode )
1225 {
1226 case MBEDTLS_MODE_GCM:
1227 case MBEDTLS_MODE_CCM:
1228 t_out->fixed_ivlen = 4;
1229 t_in->fixed_ivlen = 4;
1230 t_out->maclen = 0;
1231 t_in->maclen = 0;
1232 switch( tag_mode )
1233 {
1234 case 0: /* Full tag */
1235 t_out->taglen = 16;
1236 t_in->taglen = 16;
1237 break;
1238 case 1: /* Partial tag */
1239 t_out->taglen = 8;
1240 t_in->taglen = 8;
1241 break;
1242 default:
1243 return( 1 );
1244 }
1245 break;
1246
1247 case MBEDTLS_MODE_CHACHAPOLY:
1248 t_out->fixed_ivlen = 12;
1249 t_in->fixed_ivlen = 12;
1250 t_out->maclen = 0;
1251 t_in->maclen = 0;
1252 switch( tag_mode )
1253 {
1254 case 0: /* Full tag */
1255 t_out->taglen = 16;
1256 t_in->taglen = 16;
1257 break;
1258 case 1: /* Partial tag */
1259 t_out->taglen = 8;
1260 t_in->taglen = 8;
1261 break;
1262 default:
1263 return( 1 );
1264 }
1265 break;
1266
1267 case MBEDTLS_MODE_STREAM:
1268 case MBEDTLS_MODE_CBC:
1269 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1270 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1271 t_out->taglen = 0;
1272 t_in->taglen = 0;
1273 switch( tag_mode )
1274 {
1275 case 0: /* Full tag */
1276 t_out->maclen = maclen;
1277 t_in->maclen = maclen;
1278 break;
1279 case 1: /* Partial tag */
1280 t_out->maclen = 10;
1281 t_in->maclen = 10;
1282 break;
1283 default:
1284 return( 1 );
1285 }
1286 break;
1287 default:
1288 return( 1 );
1289 break;
1290 }
1291
1292 /* Setup IV's */
1293
1294 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1295 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1296 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1297 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1298
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1299#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1300 /* Add CID */
1301 memcpy( &t_in->in_cid, cid0, cid0_len );
1302 memcpy( &t_in->out_cid, cid1, cid1_len );
1303 t_in->in_cid_len = cid0_len;
1304 t_in->out_cid_len = cid1_len;
1305 memcpy( &t_out->in_cid, cid1, cid1_len );
1306 memcpy( &t_out->out_cid, cid0, cid0_len );
1307 t_out->in_cid_len = cid1_len;
1308 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1309#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1310
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1311cleanup:
1312
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1313 mbedtls_free( key0 );
1314 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1315
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1316 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1317}
1318
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1319/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1320 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1321 * Choose dummy values, mostly non-0 to distinguish from the init default.
1322 */
1323static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1324 int ticket_len,
1325 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1326{
1327#if defined(MBEDTLS_HAVE_TIME)
1328 session->start = mbedtls_time( NULL ) - 42;
1329#endif
1330 session->ciphersuite = 0xabcd;
1331 session->compression = 1;
1332 session->id_len = sizeof( session->id );
1333 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1334 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1335
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1336#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1337 if( strlen( crt_file ) != 0 )
1338 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1339 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1340 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1341
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1342 mbedtls_x509_crt_init( &tmp_crt );
1343 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1344 if( ret != 0 )
1345 return( ret );
1346
1347#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1348 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1349 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1350 if( session->peer_cert == NULL )
1351 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1352 *session->peer_cert = tmp_crt;
1353 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1354#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1355 /* Calculate digest of temporary CRT. */
1356 session->peer_cert_digest =
1357 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1358 if( session->peer_cert_digest == NULL )
1359 return( -1 );
1360 ret = mbedtls_md( mbedtls_md_info_from_type(
1361 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1362 tmp_crt.raw.p, tmp_crt.raw.len,
1363 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1364 if( ret != 0 )
1365 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1366 session->peer_cert_digest_type =
1367 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1368 session->peer_cert_digest_len =
1369 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1370#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1371
1372 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1373 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1374#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1375 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1376#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1377 session->verify_result = 0xdeadbeef;
1378
1379#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1380 if( ticket_len != 0 )
1381 {
1382 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1383 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1384 return( -1 );
1385 memset( session->ticket, 33, ticket_len );
1386 }
1387 session->ticket_len = ticket_len;
1388 session->ticket_lifetime = 86401;
1389#else
1390 (void) ticket_len;
1391#endif
1392
1393#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1394 session->mfl_code = 1;
1395#endif
1396#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1397 session->trunc_hmac = 1;
1398#endif
1399#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1400 session->encrypt_then_mac = 1;
1401#endif
1402
1403 return( 0 );
1404}
1405
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]1406/*
1407 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1408 * message was sent in the correct number of fragments.
1409 *
1410 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1411 * of them must be initialized and connected beforehand.
1412 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1413 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1414 * fragments the message should be sent.
1415 * expected_fragments is 0: can be used for DTLS testing while the message
1416 * size is larger than MFL. In that case the message
1417 * cannot be fragmented and sent to the second endpoint.
1418 * This value can be used for negative tests.
1419 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1420 * message size is below MFL
1421 * expected_fragments > 1: can be used for TLS testing while the message
1422 * size is larger than MFL
1423 *
1424 * \retval 0 on success, otherwise error code.
1425 */
1426int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
1427 int msg_len_1, const int expected_fragments_1,
1428 mbedtls_ssl_context *ssl_2,
1429 int msg_len_2, const int expected_fragments_2 )
1430{
1431 unsigned char *msg_buf_1 = malloc( msg_len_1 );
1432 unsigned char *msg_buf_2 = malloc( msg_len_2 );
1433 unsigned char *in_buf_1 = malloc( msg_len_2 );
1434 unsigned char *in_buf_2 = malloc( msg_len_1 );
1435 int msg_type, ret = -1;
1436
1437 /* Perform this test with two message types. At first use a message
1438 * consisting of only 0x00 for the client and only 0xFF for the server.
1439 * At the second time use message with generated data */
1440 for( msg_type = 0; msg_type < 2; msg_type++ )
1441 {
1442 int written_1 = 0;
1443 int written_2 = 0;
1444 int read_1 = 0;
1445 int read_2 = 0;
1446 int fragments_1 = 0;
1447 int fragments_2 = 0;
1448
1449 if( msg_type == 0 )
1450 {
1451 memset( msg_buf_1, 0x00, msg_len_1 );
1452 memset( msg_buf_2, 0xff, msg_len_2 );
1453 }
1454 else
1455 {
1456 int i, j = 0;
1457 for( i = 0; i < msg_len_1; i++ )
1458 {
1459 msg_buf_1[i] = j++ & 0xFF;
1460 }
1461 for( i = 0; i < msg_len_2; i++ )
1462 {
1463 msg_buf_2[i] = ( j -= 5 ) & 0xFF;
1464 }
1465 }
1466
1467 while( read_1 < msg_len_2 || read_2 < msg_len_1 )
1468 {
1469 /* ssl_1 sending */
1470 if( msg_len_1 > written_1 )
1471 {
1472 ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
1473 msg_len_1, &written_1,
1474 &fragments_1,
1475 expected_fragments_1 );
1476 if( expected_fragments_1 == 0 )
1477 {
1478 /* This error is expected when the message is too large and
1479 * cannot be fragmented */
1480 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1481 msg_len_1 = 0;
1482 }
1483 else
1484 {
1485 TEST_ASSERT( ret == 0 );
1486 }
1487 }
1488
1489 /* ssl_2 sending */
1490 if( msg_len_2 > written_2 )
1491 {
1492 ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
1493 msg_len_2, &written_2,
1494 &fragments_2,
1495 expected_fragments_2 );
1496 if( expected_fragments_2 == 0 )
1497 {
1498 /* This error is expected when the message is too large and
1499 * cannot be fragmented */
1500 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1501 msg_len_2 = 0;
1502 }
1503 else
1504 {
1505 TEST_ASSERT( ret == 0 );
1506 }
1507 }
1508
1509 /* ssl_1 reading */
1510 if( read_1 < msg_len_2 )
1511 {
1512 ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
1513 msg_len_2, &read_1,
1514 expected_fragments_1 );
1515 TEST_ASSERT( ret == 0 );
1516 }
1517
1518 /* ssl_2 reading */
1519 if( read_2 < msg_len_1 )
1520 {
1521 ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
1522 msg_len_1, &read_2,
1523 expected_fragments_2 );
1524 TEST_ASSERT( ret == 0 );
1525 }
1526 }
1527
1528 ret = -1;
1529 TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
1530 TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
1531 TEST_ASSERT( fragments_1 == expected_fragments_1 );
1532 TEST_ASSERT( fragments_2 == expected_fragments_2 );
1533 }
1534
1535 ret = 0;
1536
1537exit:
1538 free( msg_buf_1 );
1539 free( in_buf_1 );
1540 free( msg_buf_2 );
1541 free( in_buf_2 );
1542
1543 return ret;
1544}
1545
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1546/* END_HEADER */
1547
1548/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1549 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1550 * END_DEPENDENCIES
1551 */
1552
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1553/* BEGIN_CASE */
1554void test_callback_buffer_sanity()
1555{
1556 enum { MSGLEN = 10 };
1557 mbedtls_test_buffer buf;
1558 unsigned char input[MSGLEN];
1559 unsigned char output[MSGLEN];
1560
1561 memset( input, 0, sizeof(input) );
1562
1563 /* Make sure calling put and get on NULL buffer results in error. */
1564 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
1565 == -1 );
1566 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
1567 == -1 );
1568 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1569
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1570 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
1571 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
1572
1573 /* Make sure calling put and get on a buffer that hasn't been set up results
1574 * in eror. */
1575 mbedtls_test_buffer_init( &buf );
1576
1577 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
1578 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
1579 == -1 );
1580 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1581
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1582 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
1583 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
1584
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1585 /* Make sure calling put and get on NULL input only results in
1586 * error if the length is not zero, and that a NULL output is valid for data
1587 * dropping.
1588 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1589
1590 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
1591
1592 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
1593 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1594 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1595 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
1596 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
1597
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]1598 /* Make sure calling put several times in the row is safe */
1599
1600 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
1601 == sizeof( input ) );
1602 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
1603 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
1604 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
1605 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
1606
1607
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1608exit:
1609
1610 mbedtls_test_buffer_free( &buf );
1611}
1612/* END_CASE */
1613
1614/*
1615 * Test if the implementation of `mbedtls_test_buffer` related functions is
1616 * correct and works as expected.
1617 *
1618 * That is
1619 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
1620 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1621 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
1622 * bytes.
1623 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1624 * - All of the bytes we got match the bytes we put in in a FIFO manner.
1625 */
1626
1627/* BEGIN_CASE */
1628void test_callback_buffer( int size, int put1, int put1_ret,
1629 int get1, int get1_ret, int put2, int put2_ret,
1630 int get2, int get2_ret )
1631{
1632 enum { ROUNDS = 2 };
1633 size_t put[ROUNDS];
1634 int put_ret[ROUNDS];
1635 size_t get[ROUNDS];
1636 int get_ret[ROUNDS];
1637 mbedtls_test_buffer buf;
1638 unsigned char* input = NULL;
1639 size_t input_len;
1640 unsigned char* output = NULL;
1641 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1642 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1643
1644 mbedtls_test_buffer_init( &buf );
1645 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
1646
1647 /* Check the sanity of input parameters and initialise local variables. That
1648 * is, ensure that the amount of data is not negative and that we are not
1649 * expecting more to put or get than we actually asked for. */
1650 TEST_ASSERT( put1 >= 0 );
1651 put[0] = put1;
1652 put_ret[0] = put1_ret;
1653 TEST_ASSERT( put1_ret <= put1 );
1654 TEST_ASSERT( put2 >= 0 );
1655 put[1] = put2;
1656 put_ret[1] = put2_ret;
1657 TEST_ASSERT( put2_ret <= put2 );
1658
1659 TEST_ASSERT( get1 >= 0 );
1660 get[0] = get1;
1661 get_ret[0] = get1_ret;
1662 TEST_ASSERT( get1_ret <= get1 );
1663 TEST_ASSERT( get2 >= 0 );
1664 get[1] = get2;
1665 get_ret[1] = get2_ret;
1666 TEST_ASSERT( get2_ret <= get2 );
1667
1668 input_len = 0;
1669 /* Calculate actual input and output lengths */
1670 for( j = 0; j < ROUNDS; j++ )
1671 {
1672 if( put_ret[j] > 0 )
1673 {
1674 input_len += put_ret[j];
1675 }
1676 }
1677 /* In order to always have a valid pointer we always allocate at least 1
1678 * byte. */
1679 if( input_len == 0 )
1680 input_len = 1;
1681 ASSERT_ALLOC( input, input_len );
1682
1683 output_len = 0;
1684 for( j = 0; j < ROUNDS; j++ )
1685 {
1686 if( get_ret[j] > 0 )
1687 {
1688 output_len += get_ret[j];
1689 }
1690 }
1691 TEST_ASSERT( output_len <= input_len );
1692 /* In order to always have a valid pointer we always allocate at least 1
1693 * byte. */
1694 if( output_len == 0 )
1695 output_len = 1;
1696 ASSERT_ALLOC( output, output_len );
1697
1698 /* Fill up the buffer with structured data so that unwanted changes
1699 * can be detected */
1700 for( i = 0; i < input_len; i++ )
1701 {
1702 input[i] = i & 0xFF;
1703 }
1704
1705 written = read = 0;
1706 for( j = 0; j < ROUNDS; j++ )
1707 {
1708 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
1709 input + written, put[j] ) );
1710 written += put_ret[j];
1711 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
1712 output + read, get[j] ) );
1713 read += get_ret[j];
1714 TEST_ASSERT( read <= written );
1715 if( get_ret[j] > 0 )
1716 {
1717 TEST_ASSERT( memcmp( output + read - get_ret[j],
1718 input + read - get_ret[j], get_ret[j] )
1719 == 0 );
1720 }
1721 }
1722
1723exit:
1724
1725 mbedtls_free( input );
1726 mbedtls_free( output );
1727 mbedtls_test_buffer_free( &buf );
1728}
1729/* END_CASE */
1730
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1731/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1732 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
1733 * correct and works as expected on unconnected sockets.
1734 */
1735
1736/* BEGIN_CASE */
1737void ssl_mock_sanity( )
1738{
1739 enum { MSGLEN = 105 };
1740 unsigned char message[MSGLEN];
1741 unsigned char received[MSGLEN];
1742 mbedtls_mock_socket socket;
1743
1744 mbedtls_mock_socket_init( &socket );
1745 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
1746 mbedtls_mock_socket_close( &socket );
1747 mbedtls_mock_socket_init( &socket );
1748 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
1749 mbedtls_mock_socket_close( &socket );
1750
1751 mbedtls_mock_socket_init( &socket );
1752 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
1753 mbedtls_mock_socket_close( &socket );
1754 mbedtls_mock_socket_init( &socket );
1755 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
1756 mbedtls_mock_socket_close( &socket );
1757
1758exit:
1759
1760 mbedtls_mock_socket_close( &socket );
1761}
1762/* END_CASE */
1763
1764/*
1765 * Test if the implementation of `mbedtls_mock_socket` related functions can
1766 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1767 */
1768
1769/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1770void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1771{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1772 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1773 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1774 unsigned char message[MSGLEN];
1775 unsigned char received[MSGLEN];
1776 mbedtls_mock_socket client;
1777 mbedtls_mock_socket server;
1778 size_t written, read;
1779 int send_ret, recv_ret;
1780 mbedtls_ssl_send_t *send;
1781 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1782 unsigned i;
1783
1784 if( blocking == 0 )
1785 {
1786 send = mbedtls_mock_tcp_send_nb;
1787 recv = mbedtls_mock_tcp_recv_nb;
1788 }
1789 else
1790 {
1791 send = mbedtls_mock_tcp_send_b;
1792 recv = mbedtls_mock_tcp_recv_b;
1793 }
1794
1795 mbedtls_mock_socket_init( &client );
1796 mbedtls_mock_socket_init( &server );
1797
1798 /* Fill up the buffer with structured data so that unwanted changes
1799 * can be detected */
1800 for( i = 0; i < MSGLEN; i++ )
1801 {
1802 message[i] = i & 0xFF;
1803 }
1804
1805 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1806 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1807
1808 /* Send the message to the server */
1809 send_ret = recv_ret = 1;
1810 written = read = 0;
1811 while( send_ret != 0 || recv_ret != 0 )
1812 {
1813 send_ret = send( &client, message + written, MSGLEN - written );
1814
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1815 TEST_ASSERT( send_ret >= 0 );
1816 TEST_ASSERT( send_ret <= BUFLEN );
1817 written += send_ret;
1818
1819 /* If the buffer is full we can test blocking and non-blocking send */
1820 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1821 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1822 int blocking_ret = send( &client, message , 1 );
1823 if ( blocking )
1824 {
1825 TEST_ASSERT( blocking_ret == 0 );
1826 }
1827 else
1828 {
1829 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1830 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1831 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1832
1833 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1834
1835 /* The result depends on whether any data was sent */
1836 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1837 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1838 TEST_ASSERT( recv_ret > 0 );
1839 TEST_ASSERT( recv_ret <= BUFLEN );
1840 read += recv_ret;
1841 }
1842 else if( blocking )
1843 {
1844 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1845 }
1846 else
1847 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1848 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
1849 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1850 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1851
1852 /* If the buffer is empty we can test blocking and non-blocking read */
1853 if ( recv_ret == BUFLEN )
1854 {
1855 int blocking_ret = recv( &server, received, 1 );
1856 if ( blocking )
1857 {
1858 TEST_ASSERT( blocking_ret == 0 );
1859 }
1860 else
1861 {
1862 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1863 }
1864 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1865 }
1866 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1867
1868exit:
1869
1870 mbedtls_mock_socket_close( &client );
1871 mbedtls_mock_socket_close( &server );
1872}
1873/* END_CASE */
1874
1875/*
1876 * Test if the implementation of `mbedtls_mock_socket` related functions can
1877 * send messages in both direction at the same time (with the I/O calls
1878 * interleaving).
1879 */
1880
1881/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1882void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1883{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1884 enum { ROUNDS = 2 };
1885 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1886 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1887 unsigned char message[ROUNDS][MSGLEN];
1888 unsigned char received[ROUNDS][MSGLEN];
1889 mbedtls_mock_socket client;
1890 mbedtls_mock_socket server;
1891 size_t written[ROUNDS];
1892 size_t read[ROUNDS];
1893 int send_ret[ROUNDS];
1894 int recv_ret[ROUNDS];
1895 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1896 mbedtls_ssl_send_t *send;
1897 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1898
1899 if( blocking == 0 )
1900 {
1901 send = mbedtls_mock_tcp_send_nb;
1902 recv = mbedtls_mock_tcp_recv_nb;
1903 }
1904 else
1905 {
1906 send = mbedtls_mock_tcp_send_b;
1907 recv = mbedtls_mock_tcp_recv_b;
1908 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1909
1910 mbedtls_mock_socket_init( &client );
1911 mbedtls_mock_socket_init( &server );
1912
1913 /* Fill up the buffers with structured data so that unwanted changes
1914 * can be detected */
1915 for( i = 0; i < ROUNDS; i++ )
1916 {
1917 for( j = 0; j < MSGLEN; j++ )
1918 {
1919 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1920 }
1921 }
1922
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1923 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1924 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1925
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1926 /* Send the message from both sides, interleaving. */
1927 progress = 1;
1928 for( i = 0; i < ROUNDS; i++ )
1929 {
1930 written[i] = 0;
1931 read[i] = 0;
1932 }
1933 /* This loop does not stop as long as there was a successful write or read
1934 * of at least one byte on either side. */
1935 while( progress != 0 )
1936 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1937 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1938
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1939 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1940 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1941 /* First sending is from the client */
1942 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1943
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1944 send_ret[i] = send( socket, message[i] + written[i],
1945 MSGLEN - written[i] );
1946 TEST_ASSERT( send_ret[i] >= 0 );
1947 TEST_ASSERT( send_ret[i] <= BUFLEN );
1948 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1949
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1950 /* If the buffer is full we can test blocking and non-blocking
1951 * send */
1952 if ( send_ret[i] == BUFLEN )
1953 {
1954 int blocking_ret = send( socket, message[i] , 1 );
1955 if ( blocking )
1956 {
1957 TEST_ASSERT( blocking_ret == 0 );
1958 }
1959 else
1960 {
1961 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1962 }
1963 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1964 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1965
1966 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1967 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1968 /* First receiving is from the server */
1969 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
1970
1971 recv_ret[i] = recv( socket, received[i] + read[i],
1972 MSGLEN - read[i] );
1973
1974 /* The result depends on whether any data was sent */
1975 if ( send_ret[i] > 0 )
1976 {
1977 TEST_ASSERT( recv_ret[i] > 0 );
1978 TEST_ASSERT( recv_ret[i] <= BUFLEN );
1979 read[i] += recv_ret[i];
1980 }
1981 else if( blocking )
1982 {
1983 TEST_ASSERT( recv_ret[i] == 0 );
1984 }
1985 else
1986 {
1987 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
1988 recv_ret[i] = 0;
1989 }
1990
1991 /* If the buffer is empty we can test blocking and non-blocking
1992 * read */
1993 if ( recv_ret[i] == BUFLEN )
1994 {
1995 int blocking_ret = recv( socket, received[i], 1 );
1996 if ( blocking )
1997 {
1998 TEST_ASSERT( blocking_ret == 0 );
1999 }
2000 else
2001 {
2002 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2003 }
2004 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2005 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2006
2007 progress = 0;
2008 for( i = 0; i < ROUNDS; i++ )
2009 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2010 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2011 }
2012 }
2013
2014 for( i = 0; i < ROUNDS; i++ )
2015 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
2016
2017exit:
2018
2019 mbedtls_mock_socket_close( &client );
2020 mbedtls_mock_socket_close( &server );
2021}
2022/* END_CASE */
2023
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2024/* BEGIN_CASE */
2025void ssl_message_queue_sanity( )
2026{
2027 mbedtls_test_message_queue queue;
2028
2029 /* Trying to push/pull to an empty queue */
2030 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
2031 == MBEDTLS_TEST_ERROR_ARG_NULL );
2032 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
2033 == MBEDTLS_TEST_ERROR_ARG_NULL );
2034
2035 mbedtls_test_message_queue_setup( &queue, 3 );
2036 TEST_ASSERT( queue.capacity == 3 );
2037 TEST_ASSERT( queue.num == 0 );
2038
2039exit:
2040 mbedtls_test_message_queue_free( &queue );
2041}
2042/* END_CASE */
2043
2044/* BEGIN_CASE */
2045void ssl_message_queue_basic( )
2046{
2047 mbedtls_test_message_queue queue;
2048
2049 mbedtls_test_message_queue_setup( &queue, 3 );
2050
2051 /* Sanity test - 3 pushes and 3 pops with sufficient space */
2052 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2053 TEST_ASSERT( queue.capacity == 3 );
2054 TEST_ASSERT( queue.num == 1 );
2055 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2056 TEST_ASSERT( queue.capacity == 3 );
2057 TEST_ASSERT( queue.num == 2 );
2058 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2059 TEST_ASSERT( queue.capacity == 3 );
2060 TEST_ASSERT( queue.num == 3 );
2061
2062 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2063 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2064 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2065
2066exit:
2067 mbedtls_test_message_queue_free( &queue );
2068}
2069/* END_CASE */
2070
2071/* BEGIN_CASE */
2072void ssl_message_queue_overflow_underflow( )
2073{
2074 mbedtls_test_message_queue queue;
2075
2076 mbedtls_test_message_queue_setup( &queue, 3 );
2077
2078 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
2079 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2080 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2081 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2082 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2083 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2084
2085 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2086 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2087 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2088
2089 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2090 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2091
2092exit:
2093 mbedtls_test_message_queue_free( &queue );
2094}
2095/* END_CASE */
2096
2097/* BEGIN_CASE */
2098void ssl_message_queue_interleaved( )
2099{
2100 mbedtls_test_message_queue queue;
2101
2102 mbedtls_test_message_queue_setup( &queue, 3 );
2103
2104 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
2105 * (to wrap around the buffer) */
2106 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2107 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2108
2109 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2110
2111 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2112 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
2113
2114 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2115 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2116
2117 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
2118 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
2119
2120 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
2121
2122 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
2123
2124 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
2125
2126exit:
2127 mbedtls_test_message_queue_free( &queue );
2128}
2129/* END_CASE */
2130
2131/* BEGIN_CASE */
2132void ssl_message_queue_insufficient_buffer( )
2133{
2134 mbedtls_test_message_queue queue;
2135 size_t message_len = 10;
2136 size_t buffer_len = 5;
2137
2138 mbedtls_test_message_queue_setup( &queue, 1 );
2139
2140 /* Popping without a sufficient buffer */
2141 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
2142 == (int) message_len );
2143 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
2144 == (int) buffer_len );
2145exit:
2146 mbedtls_test_message_queue_free( &queue );
2147}
2148/* END_CASE */
2149
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2150/* BEGIN_CASE */
2151void ssl_message_mock_uninitialized( )
2152{
2153 enum { MSGLEN = 10 };
2154 unsigned char message[MSGLEN], received[MSGLEN];
2155 mbedtls_mock_socket client, server;
2156 mbedtls_test_message_queue server_queue, client_queue;
2157 mbedtls_test_message_socket_context server_context, client_context;
2158
2159 /* Send with a NULL context */
2160 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
2161 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2162
2163 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
2164 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2165
2166 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2167 &server,
2168 &server_context ) == 0 );
2169
2170 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2171 &client,
2172 &client_context ) == 0 );
2173
2174 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
2175 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2176
2177 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2178 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2179
2180 /* Push directly to a queue to later simulate a disconnected behavior */
2181 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
2182 == MSGLEN );
2183
2184 /* Test if there's an error when trying to read from a disconnected
2185 * socket */
2186 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2187 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2188 exit:
2189 mbedtls_message_socket_close( &server_context );
2190 mbedtls_message_socket_close( &client_context );
2191}
2192/* END_CASE */
2193
2194/* BEGIN_CASE */
2195void ssl_message_mock_basic( )
2196{
2197 enum { MSGLEN = 10 };
2198 unsigned char message[MSGLEN], received[MSGLEN];
2199 mbedtls_mock_socket client, server;
2200 unsigned i;
2201 mbedtls_test_message_queue server_queue, client_queue;
2202 mbedtls_test_message_socket_context server_context, client_context;
2203
2204 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2205 &server,
2206 &server_context ) == 0 );
2207
2208 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2209 &client,
2210 &client_context ) == 0 );
2211
2212 /* Fill up the buffer with structured data so that unwanted changes
2213 * can be detected */
2214 for( i = 0; i < MSGLEN; i++ )
2215 {
2216 message[i] = i & 0xFF;
2217 }
2218 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2219 MSGLEN ) );
2220
2221 /* Send the message to the server */
2222 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2223 MSGLEN ) == MSGLEN );
2224
2225 /* Read from the server */
2226 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2227 == MSGLEN );
2228
2229 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2230 memset( received, 0, MSGLEN );
2231
2232 /* Send the message to the client */
2233 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2234 MSGLEN ) == MSGLEN );
2235
2236 /* Read from the client */
2237 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2238 == MSGLEN );
2239 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2240
2241 exit:
2242 mbedtls_message_socket_close( &server_context );
2243 mbedtls_message_socket_close( &client_context );
2244}
2245/* END_CASE */
2246
2247/* BEGIN_CASE */
2248void ssl_message_mock_queue_overflow_underflow( )
2249{
2250 enum { MSGLEN = 10 };
2251 unsigned char message[MSGLEN], received[MSGLEN];
2252 mbedtls_mock_socket client, server;
2253 unsigned i;
2254 mbedtls_test_message_queue server_queue, client_queue;
2255 mbedtls_test_message_socket_context server_context, client_context;
2256
2257 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2258 &server,
2259 &server_context ) == 0 );
2260
2261 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2262 &client,
2263 &client_context ) == 0 );
2264
2265 /* Fill up the buffer with structured data so that unwanted changes
2266 * can be detected */
2267 for( i = 0; i < MSGLEN; i++ )
2268 {
2269 message[i] = i & 0xFF;
2270 }
2271 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2272 MSGLEN*2 ) );
2273
2274 /* Send three message to the server, last one with an error */
2275 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2276 MSGLEN - 1 ) == MSGLEN - 1 );
2277
2278 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2279 MSGLEN ) == MSGLEN );
2280
2281 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2282 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2283 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2284
2285 /* Read three messages from the server, last one with an error */
2286 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2287 MSGLEN - 1 ) == MSGLEN - 1 );
2288
2289 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2290 == MSGLEN );
2291
2292 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2293
2294 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2295 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2296
2297 exit:
2298 mbedtls_message_socket_close( &server_context );
2299 mbedtls_message_socket_close( &client_context );
2300}
2301/* END_CASE */
2302
2303/* BEGIN_CASE */
2304void ssl_message_mock_socket_overflow( )
2305{
2306 enum { MSGLEN = 10 };
2307 unsigned char message[MSGLEN], received[MSGLEN];
2308 mbedtls_mock_socket client, server;
2309 unsigned i;
2310 mbedtls_test_message_queue server_queue, client_queue;
2311 mbedtls_test_message_socket_context server_context, client_context;
2312
2313 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2314 &server,
2315 &server_context ) == 0 );
2316
2317 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2318 &client,
2319 &client_context ) == 0 );
2320
2321 /* Fill up the buffer with structured data so that unwanted changes
2322 * can be detected */
2323 for( i = 0; i < MSGLEN; i++ )
2324 {
2325 message[i] = i & 0xFF;
2326 }
2327 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2328 MSGLEN ) );
2329
2330 /* Send two message to the server, second one with an error */
2331 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2332 MSGLEN ) == MSGLEN );
2333
2334 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2335 MSGLEN )
2336 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2337
2338 /* Read the only message from the server */
2339 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2340 == MSGLEN );
2341
2342 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2343
2344 exit:
2345 mbedtls_message_socket_close( &server_context );
2346 mbedtls_message_socket_close( &client_context );
2347}
2348/* END_CASE */
2349
2350/* BEGIN_CASE */
2351void ssl_message_mock_truncated( )
2352{
2353 enum { MSGLEN = 10 };
2354 unsigned char message[MSGLEN], received[MSGLEN];
2355 mbedtls_mock_socket client, server;
2356 unsigned i;
2357 mbedtls_test_message_queue server_queue, client_queue;
2358 mbedtls_test_message_socket_context server_context, client_context;
2359
2360 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2361 &server,
2362 &server_context ) == 0 );
2363
2364 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2365 &client,
2366 &client_context ) == 0 );
2367
2368 memset( received, 0, MSGLEN );
2369 /* Fill up the buffer with structured data so that unwanted changes
2370 * can be detected */
2371 for( i = 0; i < MSGLEN; i++ )
2372 {
2373 message[i] = i & 0xFF;
2374 }
2375 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2376 2 * MSGLEN ) );
2377
2378 /* Send two messages to the server, the second one small enough to fit in the
2379 * receiver's buffer. */
2380 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2381 MSGLEN ) == MSGLEN );
2382 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2383 MSGLEN / 2 ) == MSGLEN / 2 );
2384 /* Read a truncated message from the server */
2385 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2386 == MSGLEN/2 );
2387
2388 /* Test that the first half of the message is valid, and second one isn't */
2389 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2390 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2391 != 0 );
2392 memset( received, 0, MSGLEN );
2393
2394 /* Read a full message from the server */
2395 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2396 == MSGLEN / 2 );
2397
2398 /* Test that the first half of the message is valid */
2399 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2400
2401 exit:
2402 mbedtls_message_socket_close( &server_context );
2403 mbedtls_message_socket_close( &client_context );
2404}
2405/* END_CASE */
2406
2407/* BEGIN_CASE */
2408void ssl_message_mock_socket_read_error( )
2409{
2410 enum { MSGLEN = 10 };
2411 unsigned char message[MSGLEN], received[MSGLEN];
2412 mbedtls_mock_socket client, server;
2413 unsigned i;
2414 mbedtls_test_message_queue server_queue, client_queue;
2415 mbedtls_test_message_socket_context server_context, client_context;
2416
2417 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2418 &server,
2419 &server_context ) == 0 );
2420
2421 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2422 &client,
2423 &client_context ) == 0 );
2424
2425 /* Fill up the buffer with structured data so that unwanted changes
2426 * can be detected */
2427 for( i = 0; i < MSGLEN; i++ )
2428 {
2429 message[i] = i & 0xFF;
2430 }
2431 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2432 MSGLEN ) );
2433
2434 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2435 MSGLEN ) == MSGLEN );
2436
2437 /* Force a read error by disconnecting the socket by hand */
2438 server.status = 0;
2439 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2440 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2441 /* Return to a valid state */
2442 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2443
2444 memset( received, 0, sizeof( received ) );
2445
2446 /* Test that even though the server tried to read once disconnected, the
2447 * continuity is preserved */
2448 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2449 == MSGLEN );
2450
2451 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2452
2453 exit:
2454 mbedtls_message_socket_close( &server_context );
2455 mbedtls_message_socket_close( &client_context );
2456}
2457/* END_CASE */
2458
2459/* BEGIN_CASE */
2460void ssl_message_mock_interleaved_one_way( )
2461{
2462 enum { MSGLEN = 10 };
2463 unsigned char message[MSGLEN], received[MSGLEN];
2464 mbedtls_mock_socket client, server;
2465 unsigned i;
2466 mbedtls_test_message_queue server_queue, client_queue;
2467 mbedtls_test_message_socket_context server_context, client_context;
2468
2469 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2470 &server,
2471 &server_context ) == 0 );
2472
2473 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2474 &client,
2475 &client_context ) == 0 );
2476
2477 /* Fill up the buffer with structured data so that unwanted changes
2478 * can be detected */
2479 for( i = 0; i < MSGLEN; i++ )
2480 {
2481 message[i] = i & 0xFF;
2482 }
2483 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2484 MSGLEN*3 ) );
2485
2486 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
2487 * (to wrap around the buffer) */
2488 for( i = 0; i < 2; i++ )
2489 {
2490 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2491 MSGLEN ) == MSGLEN );
2492
2493 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2494 MSGLEN ) == MSGLEN );
2495
2496 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2497 MSGLEN ) == MSGLEN );
2498 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2499 memset( received, 0, sizeof( received ) );
2500 }
2501
2502 for( i = 0; i < 2; i++ )
2503 {
2504 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2505 MSGLEN ) == MSGLEN );
2506
2507 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2508 }
2509 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2510 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2511 exit:
2512 mbedtls_message_socket_close( &server_context );
2513 mbedtls_message_socket_close( &client_context );
2514}
2515/* END_CASE */
2516
2517/* BEGIN_CASE */
2518void ssl_message_mock_interleaved_two_ways( )
2519{
2520 enum { MSGLEN = 10 };
2521 unsigned char message[MSGLEN], received[MSGLEN];
2522 mbedtls_mock_socket client, server;
2523 unsigned i;
2524 mbedtls_test_message_queue server_queue, client_queue;
2525 mbedtls_test_message_socket_context server_context, client_context;
2526
2527 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2528 &server,
2529 &server_context ) == 0 );
2530
2531 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2532 &client,
2533 &client_context ) == 0 );
2534
2535 /* Fill up the buffer with structured data so that unwanted changes
2536 * can be detected */
2537 for( i = 0; i < MSGLEN; i++ )
2538 {
2539 message[i] = i & 0xFF;
2540 }
2541 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2542 MSGLEN*3 ) );
2543
2544 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
2545 * (to wrap around the buffer) both ways. */
2546 for( i = 0; i < 2; i++ )
2547 {
2548 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2549 MSGLEN ) == MSGLEN );
2550
2551 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2552 MSGLEN ) == MSGLEN );
2553
2554 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2555 MSGLEN ) == MSGLEN );
2556
2557 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2558 MSGLEN ) == MSGLEN );
2559
2560 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2561 MSGLEN ) == MSGLEN );
2562
2563 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2564
2565 memset( received, 0, sizeof( received ) );
2566
2567 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2568 MSGLEN ) == MSGLEN );
2569
2570 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2571
2572 memset( received, 0, sizeof( received ) );
2573 }
2574
2575 for( i = 0; i < 2; i++ )
2576 {
2577 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2578 MSGLEN ) == MSGLEN );
2579
2580 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2581 memset( received, 0, sizeof( received ) );
2582
2583 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2584 MSGLEN ) == MSGLEN );
2585
2586 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2587 memset( received, 0, sizeof( received ) );
2588 }
2589
2590 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2591 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2592
2593 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2594 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2595 exit:
2596 mbedtls_message_socket_close( &server_context );
2597 mbedtls_message_socket_close( &client_context );
2598}
2599/* END_CASE */
2600
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2601/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]2602void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2603{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2604 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2605 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2606 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2607
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2608 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2609 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2610
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]2611 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
2612 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]2613 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2614 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2615 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2616
2617 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2618 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2619 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2620 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2621 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2622 }
2623
2624 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2625 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2626 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2627
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2628 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2629 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2630}
2631/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]2632
2633/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
2634void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
2635{
2636 mbedtls_ssl_context ssl;
2637 mbedtls_ssl_init( &ssl );
2638
2639 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
2640 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
2641
2642 mbedtls_ssl_free( &ssl );
2643}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]2644/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2645
2646/* BEGIN_CASE */
2647void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2648 int etm, int tag_mode, int ver,
2649 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2650{
2651 /*
2652 * Test several record encryptions and decryptions
2653 * with plenty of space before and after the data
2654 * within the record buffer.
2655 */
2656
2657 int ret;
2658 int num_records = 16;
2659 mbedtls_ssl_context ssl; /* ONLY for debugging */
2660
2661 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2662 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2663 size_t const buflen = 512;
2664 mbedtls_record rec, rec_backup;
2665
2666 mbedtls_ssl_init( &ssl );
2667 mbedtls_ssl_transform_init( &t0 );
2668 mbedtls_ssl_transform_init( &t1 );
2669 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2670 etm, tag_mode, ver,
2671 (size_t) cid0_len,
2672 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2673
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2674 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2675
2676 while( num_records-- > 0 )
2677 {
2678 mbedtls_ssl_transform *t_dec, *t_enc;
2679 /* Take turns in who's sending and who's receiving. */
2680 if( num_records % 3 == 0 )
2681 {
2682 t_dec = &t0;
2683 t_enc = &t1;
2684 }
2685 else
2686 {
2687 t_dec = &t1;
2688 t_enc = &t0;
2689 }
2690
2691 /*
2692 * The record header affects the transformation in two ways:
2693 * 1) It determines the AEAD additional data
2694 * 2) The record counter sometimes determines the IV.
2695 *
2696 * Apart from that, the fields don't have influence.
2697 * In particular, it is currently not the responsibility
2698 * of ssl_encrypt/decrypt_buf to check if the transform
2699 * version matches the record version, or that the
2700 * type is sensible.
2701 */
2702
2703 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
2704 rec.type = 42;
2705 rec.ver[0] = num_records;
2706 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2707#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2708 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2709#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2710
2711 rec.buf = buf;
2712 rec.buf_len = buflen;
2713 rec.data_offset = 16;
2714 /* Make sure to vary the length to exercise different
2715 * paddings. */
2716 rec.data_len = 1 + num_records;
2717
2718 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2719
2720 /* Make a copy for later comparison */
2721 rec_backup = rec;
2722
2723 /* Encrypt record */
2724 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
2725 rnd_std_rand, NULL );
2726 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2727 if( ret != 0 )
2728 {
2729 continue;
2730 }
2731
2732 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2733 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
2734 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2735
2736 /* Compare results */
2737 TEST_ASSERT( rec.type == rec_backup.type );
2738 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2739 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2740 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2741 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2742 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2743 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2744 rec_backup.buf + rec_backup.data_offset,
2745 rec.data_len ) == 0 );
2746 }
2747
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2748exit:
2749
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2750 /* Cleanup */
2751 mbedtls_ssl_free( &ssl );
2752 mbedtls_ssl_transform_free( &t0 );
2753 mbedtls_ssl_transform_free( &t1 );
2754
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2755 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2756}
2757/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2758
2759/* BEGIN_CASE */
2760void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2761 int etm, int tag_mode, int ver,
2762 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2763{
2764 /*
2765 * Test pairs of encryption and decryption with an increasing
2766 * amount of space in the record buffer - in more detail:
2767 * 1) Try to encrypt with 0, 1, 2, ... bytes available
2768 * in front of the plaintext, and expect the encryption
2769 * to succeed starting from some offset. Always keep
2770 * enough space in the end of the buffer.
2771 * 2) Try to encrypt with 0, 1, 2, ... bytes available
2772 * at the end of the plaintext, and expect the encryption
2773 * to succeed starting from some offset. Always keep
2774 * enough space at the beginning of the buffer.
2775 * 3) Try to encrypt with 0, 1, 2, ... bytes available
2776 * both at the front and end of the plaintext,
2777 * and expect the encryption to succeed starting from
2778 * some offset.
2779 *
2780 * If encryption succeeds, check that decryption succeeds
2781 * and yields the original record.
2782 */
2783
2784 mbedtls_ssl_context ssl; /* ONLY for debugging */
2785
2786 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2787 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2788 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2789 mbedtls_record rec, rec_backup;
2790
2791 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2792 int mode; /* Mode 1, 2 or 3 as explained above */
2793 size_t offset; /* Available space at beginning/end/both */
2794 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2795
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2796 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
2797 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2798
2799 int seen_success; /* Indicates if in the current mode we've
2800 * already seen a successful test. */
2801
2802 mbedtls_ssl_init( &ssl );
2803 mbedtls_ssl_transform_init( &t0 );
2804 mbedtls_ssl_transform_init( &t1 );
2805 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2806 etm, tag_mode, ver,
2807 (size_t) cid0_len,
2808 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2809
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2810 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2811
2812 for( mode=1; mode <= 3; mode++ )
2813 {
2814 seen_success = 0;
2815 for( offset=0; offset <= threshold; offset++ )
2816 {
2817 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]2818 t_dec = &t0;
2819 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2820
2821 memset( rec.ctr, offset, sizeof( rec.ctr ) );
2822 rec.type = 42;
2823 rec.ver[0] = offset;
2824 rec.ver[1] = offset;
2825 rec.buf = buf;
2826 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2827#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2828 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2829#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2830
2831 switch( mode )
2832 {
2833 case 1: /* Space in the beginning */
2834 rec.data_offset = offset;
2835 rec.data_len = buflen - offset - default_post_padding;
2836 break;
2837
2838 case 2: /* Space in the end */
2839 rec.data_offset = default_pre_padding;
2840 rec.data_len = buflen - default_pre_padding - offset;
2841 break;
2842
2843 case 3: /* Space in the beginning and end */
2844 rec.data_offset = offset;
2845 rec.data_len = buflen - 2 * offset;
2846 break;
2847
2848 default:
2849 TEST_ASSERT( 0 );
2850 break;
2851 }
2852
2853 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2854
2855 /* Make a copy for later comparison */
2856 rec_backup = rec;
2857
2858 /* Encrypt record */
2859 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
2860
2861 if( ( mode == 1 || mode == 2 ) && seen_success )
2862 {
2863 TEST_ASSERT( ret == 0 );
2864 }
2865 else
2866 {
2867 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2868 if( ret == 0 )
2869 seen_success = 1;
2870 }
2871
2872 if( ret != 0 )
2873 continue;
2874
2875 /* Decrypt record with t_dec */
2876 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
2877
2878 /* Compare results */
2879 TEST_ASSERT( rec.type == rec_backup.type );
2880 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2881 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2882 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2883 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2884 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2885 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2886 rec_backup.buf + rec_backup.data_offset,
2887 rec.data_len ) == 0 );
2888 }
2889
2890 TEST_ASSERT( seen_success == 1 );
2891 }
2892
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2893exit:
2894
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2895 /* Cleanup */
2896 mbedtls_ssl_free( &ssl );
2897 mbedtls_ssl_transform_free( &t0 );
2898 mbedtls_ssl_transform_free( &t1 );
2899
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2900 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2901}
2902/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2903
2904/* BEGIN_CASE */
2905void ssl_tls_prf( int type, data_t * secret, data_t * random,
2906 char *label, data_t *result_hex_str, int exp_ret )
2907{
2908 unsigned char *output;
2909
2910 output = mbedtls_calloc( 1, result_hex_str->len );
2911 if( output == NULL )
2912 goto exit;
2913
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]2914#if defined(MBEDTLS_USE_PSA_CRYPTO)
2915 TEST_ASSERT( psa_crypto_init() == 0 );
2916#endif
2917
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2918 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
2919 label, random->x, random->len,
2920 output, result_hex_str->len ) == exp_ret );
2921
2922 if( exp_ret == 0 )
2923 {
2924 TEST_ASSERT( hexcmp( output, result_hex_str->x,
2925 result_hex_str->len, result_hex_str->len ) == 0 );
2926 }
2927exit:
2928
2929 mbedtls_free( output );
2930}
2931/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2932
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2933/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2934void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2935{
2936 mbedtls_ssl_session original, restored;
2937 unsigned char *buf = NULL;
2938 size_t len;
2939
2940 /*
2941 * Test that a save-load pair is the identity
2942 */
2943
2944 mbedtls_ssl_session_init( &original );
2945 mbedtls_ssl_session_init( &restored );
2946
2947 /* Prepare a dummy session to work on */
2948 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
2949
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2950 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2951 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
2952 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2953 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
2954 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
2955 == 0 );
2956
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2957 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2958 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
2959
2960 /*
2961 * Make sure both session structures are identical
2962 */
2963#if defined(MBEDTLS_HAVE_TIME)
2964 TEST_ASSERT( original.start == restored.start );
2965#endif
2966 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
2967 TEST_ASSERT( original.compression == restored.compression );
2968 TEST_ASSERT( original.id_len == restored.id_len );
2969 TEST_ASSERT( memcmp( original.id,
2970 restored.id, sizeof( original.id ) ) == 0 );
2971 TEST_ASSERT( memcmp( original.master,
2972 restored.master, sizeof( original.master ) ) == 0 );
2973
2974#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2975#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2976 TEST_ASSERT( ( original.peer_cert == NULL ) ==
2977 ( restored.peer_cert == NULL ) );
2978 if( original.peer_cert != NULL )
2979 {
2980 TEST_ASSERT( original.peer_cert->raw.len ==
2981 restored.peer_cert->raw.len );
2982 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
2983 restored.peer_cert->raw.p,
2984 original.peer_cert->raw.len ) == 0 );
2985 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2986#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2987 TEST_ASSERT( original.peer_cert_digest_type ==
2988 restored.peer_cert_digest_type );
2989 TEST_ASSERT( original.peer_cert_digest_len ==
2990 restored.peer_cert_digest_len );
2991 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
2992 ( restored.peer_cert_digest == NULL ) );
2993 if( original.peer_cert_digest != NULL )
2994 {
2995 TEST_ASSERT( memcmp( original.peer_cert_digest,
2996 restored.peer_cert_digest,
2997 original.peer_cert_digest_len ) == 0 );
2998 }
2999#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
3000#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]3001 TEST_ASSERT( original.verify_result == restored.verify_result );
3002
3003#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
3004 TEST_ASSERT( original.ticket_len == restored.ticket_len );
3005 if( original.ticket_len != 0 )
3006 {
3007 TEST_ASSERT( original.ticket != NULL );
3008 TEST_ASSERT( restored.ticket != NULL );
3009 TEST_ASSERT( memcmp( original.ticket,
3010 restored.ticket, original.ticket_len ) == 0 );
3011 }
3012 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
3013#endif
3014
3015#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3016 TEST_ASSERT( original.mfl_code == restored.mfl_code );
3017#endif
3018
3019#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
3020 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
3021#endif
3022
3023#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
3024 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
3025#endif
3026
3027exit:
3028 mbedtls_ssl_session_free( &original );
3029 mbedtls_ssl_session_free( &restored );
3030 mbedtls_free( buf );
3031}
3032/* END_CASE */
3033
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]3034/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3035void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3036{
3037 mbedtls_ssl_session session;
3038 unsigned char *buf1 = NULL, *buf2 = NULL;
3039 size_t len0, len1, len2;
3040
3041 /*
3042 * Test that a load-save pair is the identity
3043 */
3044
3045 mbedtls_ssl_session_init( &session );
3046
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]3047 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3048 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]3049
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3050 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3051 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
3052 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3053
3054 /* Allocate first buffer */
3055 buf1 = mbedtls_calloc( 1, len0 );
3056 TEST_ASSERT( buf1 != NULL );
3057
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3058 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3059 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
3060 == 0 );
3061 TEST_ASSERT( len0 == len1 );
3062 mbedtls_ssl_session_free( &session );
3063
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3064 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]3065 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3066
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3067 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3068 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]3069 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3070 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
3071 == 0 );
3072
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3073 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]3074 TEST_ASSERT( len1 == len2 );
3075 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
3076
3077exit:
3078 mbedtls_ssl_session_free( &session );
3079 mbedtls_free( buf1 );
3080 mbedtls_free( buf2 );
3081}
3082/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]3083
3084/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3085void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]3086{
3087 mbedtls_ssl_session session;
3088 unsigned char *buf = NULL;
3089 size_t good_len, bad_len, test_len;
3090
3091 /*
3092 * Test that session_save() fails cleanly on small buffers
3093 */
3094
3095 mbedtls_ssl_session_init( &session );
3096
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3097 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3098 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]3099 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
3100 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3101
3102 /* Try all possible bad lengths */
3103 for( bad_len = 1; bad_len < good_len; bad_len++ )
3104 {
3105 /* Allocate exact size so that asan/valgrind can detect any overwrite */
3106 mbedtls_free( buf );
3107 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
3108 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
3109 &test_len )
3110 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3111 TEST_ASSERT( test_len == good_len );
3112 }
3113
3114exit:
3115 mbedtls_ssl_session_free( &session );
3116 mbedtls_free( buf );
3117}
3118/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]3119
3120/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3121void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]3122{
3123 mbedtls_ssl_session session;
3124 unsigned char *good_buf = NULL, *bad_buf = NULL;
3125 size_t good_len, bad_len;
3126
3127 /*
3128 * Test that session_load() fails cleanly on small buffers
3129 */
3130
3131 mbedtls_ssl_session_init( &session );
3132
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]3133 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]3134 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]3135 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
3136 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3137 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
3138 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
3139 &good_len ) == 0 );
3140 mbedtls_ssl_session_free( &session );
3141
3142 /* Try all possible bad lengths */
3143 for( bad_len = 0; bad_len < good_len; bad_len++ )
3144 {
3145 /* Allocate exact size so that asan/valgrind can detect any overread */
3146 mbedtls_free( bad_buf );
3147 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
3148 TEST_ASSERT( bad_buf != NULL );
3149 memcpy( bad_buf, good_buf, bad_len );
3150
3151 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
3152 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
3153 }
3154
3155exit:
3156 mbedtls_ssl_session_free( &session );
3157 mbedtls_free( good_buf );
3158 mbedtls_free( bad_buf );
3159}
3160/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3161
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3162/* BEGIN_CASE */
3163void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3164 int corrupt_minor,
3165 int corrupt_patch,
3166 int corrupt_config )
3167{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3168 unsigned char serialized_session[ 2048 ];
3169 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3170 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3171 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3172 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
3173 corrupt_minor == 1,
3174 corrupt_patch == 1,
3175 corrupt_config == 1,
3176 corrupt_config == 1 };
3177
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3178 mbedtls_ssl_session_init( &session );
3179
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3180 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3181 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3182 serialized_session,
3183 sizeof( serialized_session ),
3184 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3185
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3186 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3187
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3188 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3189 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3190 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]3191 serialized_session,
3192 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3193 mbedtls_ssl_session_free( &session );
3194
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3195 /* Go through the bytes in the serialized session header and
3196 * corrupt them bit-by-bit. */
3197 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3198 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3199 int cur_bit;
3200 unsigned char * const byte = &serialized_session[ cur_byte ];
3201
3202 if( should_corrupt_byte[ cur_byte ] == 0 )
3203 continue;
3204
3205 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
3206 {
3207 unsigned char const corrupted_bit = 0x1u << cur_bit;
3208 /* Modify a single bit in the serialized session. */
3209 *byte ^= corrupted_bit;
3210
3211 /* Attempt to deserialize */
3212 TEST_ASSERT( mbedtls_ssl_session_load( &session,
3213 serialized_session,
3214 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]3215 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3216
3217 /* Undo the change */
3218 *byte ^= corrupted_bit;
3219 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3220 }
3221
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3222}
3223/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3224
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3225/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3226void mbedtls_endpoint_sanity( int endpoint_type )
3227{
3228 enum { BUFFSIZE = 1024 };
3229 mbedtls_endpoint ep;
3230 int ret = -1;
3231
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3232 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
3233 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3234 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3235
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3236 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3237 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3238
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3239 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
3240 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3241 TEST_ASSERT( ret == 0 );
3242
3243exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3244 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3245}
3246/* END_CASE */
3247
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3248/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3249void move_handshake_to_state(int endpoint_type, int state, int need_pass)
3250{
3251 enum { BUFFSIZE = 1024 };
3252 mbedtls_endpoint base_ep, second_ep;
3253 int ret = -1;
3254
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3255 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
3256 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3257 TEST_ASSERT( ret == 0 );
3258
3259 ret = mbedtls_endpoint_init( &second_ep,
3260 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3261 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3262 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3263 TEST_ASSERT( ret == 0 );
3264
3265 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
3266 &(second_ep.socket),
3267 BUFFSIZE );
3268 TEST_ASSERT( ret == 0 );
3269
3270 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
3271 &(second_ep.ssl),
3272 state );
3273 if( need_pass )
3274 {
3275 TEST_ASSERT( ret == 0 );
3276 TEST_ASSERT( base_ep.ssl.state == state );
3277 }
3278 else
3279 {
3280 TEST_ASSERT( ret != 0 );
3281 TEST_ASSERT( base_ep.ssl.state != state );
3282 }
3283
3284exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3285 mbedtls_endpoint_free( &base_ep, NULL );
3286 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3287}
3288/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3289
3290/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3291void handshake( const char *cipher, int version, int pk_alg,
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3292 data_t *psk_str, int dtls, int serialize )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3293{
3294 /* forced_ciphersuite needs to last until the end of the handshake */
3295 int forced_ciphersuite[2];
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3296 enum { BUFFSIZE = 16384 };
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3297 mbedtls_endpoint client, server;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3298#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3299 const char *psk_identity = "foo";
3300#else
3301 (void) psk_str;
3302#endif
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3303#if defined(MBEDTLS_TIMING_C)
3304 mbedtls_timing_delay_context timer_client, timer_server;
3305#endif
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3306#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3307 enum { MSGLEN = 5 };
3308 unsigned char *context_buf = NULL;
3309 size_t context_buf_len;
3310 unsigned char cli_buf[MSGLEN];
3311 unsigned char srv_buf[MSGLEN];
3312#else
3313 (void) serialize;
3314#endif
3315
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3316 mbedtls_test_message_queue server_queue, client_queue;
3317 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3318
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3319 /* Client side */
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3320 if( dtls != 0 )
3321 {
3322 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
3323 pk_alg, &client_context,
3324 &client_queue,
3325 &server_queue ) == 0 );
3326#if defined(MBEDTLS_TIMING_C)
3327 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
3328 mbedtls_timing_set_delay,
3329 mbedtls_timing_get_delay );
3330#endif
3331 }
3332 else
3333 {
3334 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
3335 pk_alg, NULL, NULL, NULL ) == 0 );
3336 }
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3337 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3338 version );
3339 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3340 version );
3341
3342 if( strlen( cipher ) > 0 )
3343 {
3344 set_ciphersuite( &client.conf, cipher, forced_ciphersuite );
3345 }
3346 /* Server side */
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3347 if( dtls != 0 )
3348 {
3349 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
3350 pk_alg, &server_context,
3351 &server_queue,
3352 &client_queue) == 0 );
3353#if defined(MBEDTLS_TIMING_C)
3354 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
3355 mbedtls_timing_set_delay,
3356 mbedtls_timing_get_delay );
3357#endif
3358 }
3359 else
3360 {
3361 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
3362 pk_alg, NULL, NULL, NULL ) == 0 );
3363 }
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3364 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3365 version );
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3366#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3367 if( psk_str->len > 0 )
3368 {
3369 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x,
3370 psk_str->len,
3371 (const unsigned char *) psk_identity,
3372 strlen( psk_identity ) ) == 0 );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3373
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3374 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x,
3375 psk_str->len,
3376 (const unsigned char *) psk_identity,
3377 strlen( psk_identity ) ) == 0 );
3378
3379 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
3380 }
3381#endif
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3382 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
3383 &(server.socket),
3384 BUFFSIZE ) == 0 );
3385
3386 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
3387 &(server.ssl),
3388 MBEDTLS_SSL_HANDSHAKE_OVER )
3389 == 0 );
3390 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3391 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3392
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3393#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3394 if( dtls == 0 || serialize == 0 )
3395 {
3396 /* Serialization works with DTLS only.
3397 * Skip if these options are misused. */
3398 goto exit;
3399 }
3400
3401 memset( cli_buf, 'X', MSGLEN );
3402 memset( srv_buf, 'Y', MSGLEN );
3403
3404 /* Make sure that writing/reading works */
3405 TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN );
3406 TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN );
3407 TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 );
3408
3409 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
3410 0, &context_buf_len )
3411 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3412
3413 context_buf = mbedtls_calloc( 1, context_buf_len );
3414 TEST_ASSERT( context_buf != NULL );
3415
3416 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
3417 context_buf_len,
3418 &context_buf_len ) == 0 );
3419
3420 mbedtls_ssl_free( &(server.ssl) );
3421 mbedtls_ssl_init( &(server.ssl) );
3422
3423 TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
3424
3425 mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
3426 mbedtls_mock_tcp_send_msg,
3427 mbedtls_mock_tcp_recv_msg,
3428 NULL );
3429
3430#if defined(MBEDTLS_TIMING_C)
3431 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
3432 mbedtls_timing_set_delay,
3433 mbedtls_timing_get_delay );
3434#endif
3435 TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
3436 context_buf_len ) == 0 );
3437
3438 /* Retest writing/reading */
3439 memset( cli_buf, 'X', MSGLEN );
3440 memset( srv_buf, 'Y', MSGLEN );
3441
3442 TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN );
3443 TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN );
3444 TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 );
3445#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
3446
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3447exit:
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3448 mbedtls_endpoint_free( &client, dtls != 0 ? &client_context : NULL );
3449 mbedtls_endpoint_free( &server, dtls != 0 ? &server_context : NULL );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]3450#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3451 if( dtls != 0 && serialize != 0 )
3452 {
3453 mbedtls_free( context_buf );
3454 }
3455#endif
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3456}
3457/* END_CASE */
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3458
3459/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
3460void send_application_data( int mfl, int cli_msg_len, int srv_msg_len,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]3461 const int expected_cli_fragments,
3462 const int expected_srv_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3463{
3464 enum { BUFFSIZE = 2048 };
3465 mbedtls_endpoint server, client;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3466 int ret = -1;
3467
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3468 ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
3469 NULL, NULL, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3470 TEST_ASSERT( ret == 0 );
3471
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3472 ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
3473 NULL, NULL, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3474 TEST_ASSERT( ret == 0 );
3475
3476#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3477 ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
3478 TEST_ASSERT( ret == 0 );
3479
3480 ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
3481 TEST_ASSERT( ret == 0 );
3482#else
3483 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
3484#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
3485
3486 ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
3487 BUFFSIZE );
3488 TEST_ASSERT( ret == 0 );
3489
3490 ret = mbedtls_move_handshake_to_state( &(client.ssl),
3491 &(server.ssl),
3492 MBEDTLS_SSL_HANDSHAKE_OVER );
3493 TEST_ASSERT( ret == 0 );
3494 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3495 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3496
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]3497 /* Start data exchanging test */
3498 ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments,
3499 &(server.ssl), srv_msg_len, expected_srv_fragments );
3500 TEST_ASSERT( ret == 0 );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3501
3502exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3503 mbedtls_endpoint_free( &client, NULL );
3504 mbedtls_endpoint_free( &server, NULL );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame^]3505}
3506/* END_CASE */
3507
3508/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
3509void send_application_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
3510 const int expected_cli_fragments,
3511 const int expected_srv_fragments )
3512{
3513 enum { BUFFSIZE = 17000 };
3514#if defined(MBEDTLS_TIMING_C)
3515 mbedtls_timing_delay_context timer_client, timer_server;
3516#endif
3517 mbedtls_endpoint server, client;
3518 mbedtls_test_message_queue server_queue, client_queue;
3519 mbedtls_test_message_socket_context server_context, client_context;
3520 int ret = -1;
3521
3522 /* Initializing endpoints and communication */
3523 ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
3524 &server_context, &server_queue, &client_queue );
3525 TEST_ASSERT( ret == 0 );
3526
3527 ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
3528 &client_context, &client_queue, &server_queue );
3529 TEST_ASSERT( ret == 0 );
3530
3531#if defined(MBEDTLS_TIMING_C)
3532 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
3533 mbedtls_timing_set_delay,
3534 mbedtls_timing_get_delay );
3535
3536 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
3537 mbedtls_timing_set_delay,
3538 mbedtls_timing_get_delay );
3539#endif /* MBEDTLS_TIMING_C */
3540
3541#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3542 ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
3543 TEST_ASSERT( ret == 0 );
3544
3545 ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
3546 TEST_ASSERT( ret == 0 );
3547#else
3548 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
3549#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
3550
3551 ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
3552 BUFFSIZE );
3553 TEST_ASSERT( ret == 0 );
3554
3555 ret = mbedtls_move_handshake_to_state( &(client.ssl),
3556 &(server.ssl),
3557 MBEDTLS_SSL_HANDSHAKE_OVER );
3558 TEST_ASSERT( ret == 0 );
3559 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3560 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3561
3562 /* Start data exchanging test */
3563 ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments,
3564 &(server.ssl), srv_msg_len, expected_srv_fragments );
3565 TEST_ASSERT( ret == 0 );
3566
3567
3568exit:
3569 mbedtls_endpoint_free( &client, &client_context );
3570 mbedtls_endpoint_free( &server, &server_context );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3571}
3572/* END_CASE */