TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / bc483dea846d27fbfeaa8daa07d1dcbd8f9d0b52 / . / tests / suites / test_suite_ssl.function
blob: 349035d1c50b17339aec9a5cfc150f5e5bf3e5fc [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]4
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]5
6/*
7 * Buffer structure for custom I/O callbacks.
8 */
9
10typedef struct mbedtls_test_buffer
11{
12 size_t start;
13 size_t content_length;
14 size_t capacity;
15 unsigned char *buffer;
16} mbedtls_test_buffer;
17
18/*
19 * Initialises \p buf. After calling this function it is safe to call
20 * `mbedtls_test_buffer_free()` on \p buf.
21 */
22void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
23{
24 memset( buf, 0, sizeof( *buf ) );
25}
26
27/*
28 * Sets up \p buf. After calling this function it is safe to call
29 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
30 */
31int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
32{
33 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
34 sizeof(unsigned char) );
35 if( NULL == buf->buffer )
36 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
37 buf->capacity = capacity;
38
39 return 0;
40}
41
42void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
43{
44 if( buf->buffer != NULL )
45 mbedtls_free( buf->buffer );
46
47 memset( buf, 0, sizeof( *buf ) );
48}
49
50/*
51 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
52 *
53 * \p buf must have been initialized and set up by calling
54 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
55 *
56 * \retval \p input_len, if the data fits.
57 * \retval 0 <= value < \p input_len, if the data does not fit.
58 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
59 * zero and \p input is NULL.
60 */
61int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
62 const unsigned char* input, size_t input_len )
63{
64 size_t overflow = 0;
65
66 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
67 return -1;
68
69 /* Reduce input_len to a number that fits in the buffer. */
70 if ( ( buf->content_length + input_len ) > buf->capacity )
71 {
72 input_len = buf->capacity - buf->content_length;
73 }
74
75 if( input == NULL )
76 {
77 return ( input_len == 0 ) ? 0 : -1;
78 }
79
80 /* Calculate the number of bytes that need to be placed at lower memory
81 * address */
82 if( buf->start + buf->content_length + input_len
83 > buf->capacity )
84 {
85 overflow = ( buf->start + buf->content_length + input_len )
86 % buf->capacity;
87 }
88
89 memcpy( buf->buffer + buf->start + buf->content_length, input,
90 input_len - overflow );
91 memcpy( buf->buffer, input + input_len - overflow, overflow );
92 buf->content_length += input_len;
93
94 return input_len;
95}
96
97/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]98 * Gets \p output_len bytes from the ring buffer \p buf into the
99 * \p output buffer. The output buffer can be NULL, in this case a part of the
100 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]101 *
102 * \p buf must have been initialized and set up by calling
103 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
104 *
105 * \retval \p output_len, if the data is available.
106 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]107 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]108 */
109int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
110 unsigned char* output, size_t output_len )
111{
112 size_t overflow = 0;
113
114 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
115 return -1;
116
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]117 if( output == NULL && output_len == 0 )
118 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]119
120 if( buf->content_length < output_len )
121 output_len = buf->content_length;
122
123 /* Calculate the number of bytes that need to be drawn from lower memory
124 * address */
125 if( buf->start + output_len > buf->capacity )
126 {
127 overflow = ( buf->start + output_len ) % buf->capacity;
128 }
129
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]130 if( output != NULL )
131 {
132 memcpy( output, buf->buffer + buf->start, output_len - overflow );
133 memcpy( output + output_len - overflow, buf->buffer, overflow );
134 }
135
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]136 buf->content_length -= output_len;
137 buf->start = ( buf->start + output_len ) % buf->capacity;
138
139 return output_len;
140}
141
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]142/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]143 * Errors used in the message transport mock tests
144 */
145 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
146 #define MBEDTLS_TEST_ERROR_QUEUE_FULL -22
147 #define MBEDTLS_TEST_ERROR_QUEUE_EMPTY -33
148 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
149
150/*
151 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
152 */
153typedef struct mbedtls_test_message_queue
154{
155 size_t *messages;
156 int pos;
157 int num;
158 int capacity;
159} mbedtls_test_message_queue;
160
161/*
162 * Setup and free functions for the message metadata queue.
163 *
164 * \p capacity describes the number of message metadata chunks that can be held
165 * within the queue.
166 *
167 * \retval 0, if a metadata queue of a given length can be allocated.
168 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
169 */
170int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
171 size_t capacity )
172{
173 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
174 if( NULL == queue->messages )
175 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
176
177 queue->capacity = capacity;
178 queue->pos = 0;
179 queue->num = 0;
180
181 return 0;
182}
183
184void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
185{
186 if( queue == NULL )
187 return;
188
189 if( queue->messages != NULL )
190 mbedtls_free( queue->messages );
191
192 memset( queue, 0, sizeof( *queue ) );
193}
194
195/*
196 * Push message length information onto the message metadata queue.
197 * This will become the last element to leave it (fifo).
198 *
199 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
200 * \retval MBEDTLS_TEST_ERROR_QUEUE_FULL, if the queue is full.
201 * \retval \p len, if the push was successful.
202 */
203int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
204 size_t len )
205{
206 int place;
207 if( queue == NULL )
208 return MBEDTLS_TEST_ERROR_ARG_NULL;
209
210 if( queue->num >= queue->capacity )
211 return MBEDTLS_TEST_ERROR_QUEUE_FULL;
212
213 place = ( queue->pos + queue->num ) % queue->capacity;
214 queue->messages[place] = len;
215 queue->num++;
216 return len;
217}
218
219/*
220 * Pop information about the next message length from the queue. This will be
221 * the oldest inserted message length(fifo). \p msg_len can be null, in which
222 * case the data will be popped from the queue but not copied anywhere.
223 *
224 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
225 * \retval MBEDTLS_TEST_ERROR_QUEUE_EMPTY, if the queue is empty.
226 * \retval message length, if the pop was successful, up to the given
227 \p buf_len.
228 */
229int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
230 size_t buf_len )
231{
232 size_t message_length;
233 if( queue == NULL )
234 return MBEDTLS_TEST_ERROR_ARG_NULL;
235 if( queue->num == 0 )
236 return MBEDTLS_TEST_ERROR_QUEUE_EMPTY;
237
238 message_length = queue->messages[queue->pos];
239 queue->messages[queue->pos] = 0;
240 queue->num--;
241 queue->pos++;
242 queue->pos %= queue->capacity;
243 if( queue->pos < 0 )
244 queue->pos += queue->capacity;
245
246 return ( message_length > buf_len ) ? buf_len : message_length;
247}
248
249/*
250 * Take a peek on the info about the next message length from the queue.
251 * This will be the oldest inserted message length(fifo).
252 *
253 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
254 * \retval MBEDTLS_TEST_ERROR_QUEUE_EMPTY, if the queue is empty.
255 * \retval 0, if the peek was successful.
256 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
257 * too small to fit the message. In this case the \p msg_len will be
258 * set to the full message length so that the
259 * caller knows what portion of the message can be dropped.
260 */
261int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
262 size_t buf_len, size_t* msg_len )
263{
264 if( queue == NULL || msg_len == NULL )
265 return MBEDTLS_TEST_ERROR_ARG_NULL;
266 if( queue->num == 0 )
267 return MBEDTLS_TEST_ERROR_QUEUE_EMPTY;
268
269 *msg_len = queue->messages[queue->pos];
270 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
271}
272/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]273 * Context for the I/O callbacks simulating network connection.
274 */
275
276#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
277
278typedef struct mbedtls_mock_socket
279{
280 int status;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]281 uint32_t blocking_pattern;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]282 mbedtls_test_buffer *input;
283 mbedtls_test_buffer *output;
284 struct mbedtls_mock_socket *peer;
285} mbedtls_mock_socket;
286
287/*
288 * Setup and teardown functions for mock sockets.
289 */
290void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
291{
292 memset( socket, 0, sizeof( *socket ) );
293}
294
295/*
296 * Closes the socket \p socket.
297 *
298 * \p socket must have been previously initialized by calling
299 * mbedtls_mock_socket_init().
300 *
301 * This function frees all allocated resources and both sockets are aware of the
302 * new connection state.
303 *
304 * That is, this function does not simulate half-open TCP connections and the
305 * phenomenon that when closing a UDP connection the peer is not aware of the
306 * connection having been closed.
307 */
308void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
309{
310 if( socket == NULL )
311 return;
312
313 if( socket->input != NULL )
314 {
315 mbedtls_test_buffer_free( socket->input );
316 mbedtls_free( socket->input );
317 }
318
319 if( socket->output != NULL )
320 {
321 mbedtls_test_buffer_free( socket->output );
322 mbedtls_free( socket->output );
323 }
324
325 if( socket->peer != NULL )
326 memset( socket->peer, 0, sizeof( *socket->peer ) );
327
328 memset( socket, 0, sizeof( *socket ) );
329}
330
331/*
332 * Establishes a connection between \p peer1 and \p peer2.
333 *
334 * \p peer1 and \p peer2 must have been previously initialized by calling
335 * mbedtls_mock_socket_init().
336 *
337 * The capacites of the internal buffers are set to \p bufsize. Setting this to
338 * the correct value allows for simulation of MTU, sanity testing the mock
339 * implementation and mocking TCP connections with lower memory cost.
340 */
341int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
342 mbedtls_mock_socket* peer2,
343 size_t bufsize )
344{
345 int ret = -1;
346
347 peer1->input = peer2->output =
348 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
349 if( peer1->input == NULL )
350 {
351 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
352 goto exit;
353 }
354 mbedtls_test_buffer_init( peer1->input );
355 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->input, bufsize ) ) )
356 {
357 goto exit;
358 }
359
360 peer1->output = peer2->input =
361 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
362 if( peer1->output == NULL )
363 {
364 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
365 goto exit;
366 }
367 mbedtls_test_buffer_init( peer1->output );
368 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
369 {
370 goto exit;
371 }
372
373 peer1->peer = peer2;
374 peer2->peer = peer1;
375
376 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
377 ret = 0;
378
379exit:
380
381 if( ret != 0 )
382 {
383 mbedtls_mock_socket_close( peer1 );
384 mbedtls_mock_socket_close( peer2 );
385 }
386
387 return ret;
388}
389
390/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]391 * Set the blocking pattern for the socket.
392 *
393 * For every bit of \p blocking_pattern set to one the socket will simulate a
394 * "would block" event. The bits are processed starting with the least
395 * significant bit and every call to a non-blocking I/O function consumes one.
396 *
397 * The behaviour of blocking I/O functions remains unchanged.
398 */
399int mbedtls_mock_socket_set_block( mbedtls_mock_socket* socket,
400 uint32_t blocking_pattern )
401{
402 if( socket == NULL )
403 return -1;
404
405 socket->blocking_pattern = blocking_pattern;
406
407 return 0;
408}
409
410/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]411 * Callbacks for simulating blocking I/O over connection-oriented transport.
412 */
413
414int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
415{
416 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
417
418 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
419 return -1;
420
421 return mbedtls_test_buffer_put( socket->output, buf, len );
422}
423
424int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
425{
426 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
427
428 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
429 return -1;
430
431 return mbedtls_test_buffer_get( socket->input, buf, len );
432}
433
434/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]435 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
436 */
437
438int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
439{
440 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
441
442 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
443 return -1;
444
445 if( socket->blocking_pattern & 1 )
446 {
447 socket->blocking_pattern >>= 1;
448 return MBEDTLS_ERR_SSL_WANT_WRITE;
449 }
450
451 socket->blocking_pattern >>= 1;
452
453 return mbedtls_test_buffer_put( socket->output, buf, len );
454}
455
456int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
457{
458 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
459
460 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
461 return -1;
462
463 if( socket->blocking_pattern & 1 )
464 {
465 socket->blocking_pattern >>= 1;
466 return MBEDTLS_ERR_SSL_WANT_READ;
467 }
468
469 socket->blocking_pattern >>= 1;
470
471 return mbedtls_test_buffer_get( socket->input, buf, len );
472}
473
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame^]474/* Errors used in the message socket mocks */
475
476#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
477#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
478#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
479
480/*
481 * Structure used as an addon, or a wrapper, around the mocked sockets.
482 * Contains an input queue, to which the other socket pushes metadata,
483 * and an output queue, to which this one pushes metadata. This context is
484 * considered as an owner of the input queue only, which is initialized and
485 * freed in the respective setup and free calls.
486 */
487typedef struct mbedtls_test_message_socket_context
488{
489 mbedtls_test_message_queue* queue_input;
490 mbedtls_test_message_queue* queue_output;
491 mbedtls_mock_socket* socket;
492} mbedtls_test_message_socket_context;
493
494/*
495 * Setup a given mesasge socket context including initialization of
496 * input/output queues to a chosen capacity of messages. Also set the
497 * corresponding mock socket.
498 *
499 * \retval 0, if everything succeeds.
500 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
501 * queue failed.
502 */
503int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
504 mbedtls_test_message_queue* queue_output,
505 size_t queue_capacity,
506 mbedtls_mock_socket* socket,
507 mbedtls_test_message_socket_context* ctx )
508{
509 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
510 if( ret != 0 )
511 return ret;
512 ctx->queue_input = queue_input;
513 ctx->queue_output = queue_output;
514 ctx->socket = socket;
515 mbedtls_mock_socket_init( socket );
516
517 return 0;
518}
519
520/*
521 * Close a given message socket context, along with the socket itself. Free the
522 * memory allocated by the input queue.
523 */
524void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
525{
526 if( ctx == NULL )
527 return;
528
529 mbedtls_test_message_queue_free( ctx->queue_input );
530 mbedtls_mock_socket_close( ctx->socket );
531 memset( ctx, 0, sizeof( *ctx ) );
532}
533
534/*
535 * Send one message through a given message socket context.
536 *
537 * \retval \p len, if everything succeeds.
538 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
539 * elements or the context itself is null.
540 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
541 * \retval MBEDTLS_TEST_ERROR_QUEUE_FULL, if the output queue is full.
542 *
543 * This function will also return any error from
544 * mbedtls_test_message_queue_push_info.
545 */
546int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
547{
548 mbedtls_test_message_queue* queue;
549 mbedtls_mock_socket* socket;
550 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
551
552 if( context == NULL || context->socket == NULL
553 || context->queue_output == NULL )
554 {
555 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
556 }
557
558 queue = context->queue_output;
559 socket = context->socket;
560
561 if( queue->num >= queue->capacity )
562 return MBEDTLS_TEST_ERROR_QUEUE_FULL;
563
564 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
565 return MBEDTLS_TEST_ERROR_SEND_FAILED;
566
567 return mbedtls_test_message_queue_push_info( queue, len );
568}
569
570/*
571 * Receive one message from a given message socket context and return message
572 * length or an error.
573 *
574 * \retval message length, if everything succeeds.
575 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
576 * elements or the context itself is null.
577 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
578 *
579 * This function will also return any error other than
580 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
581 */
582int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
583{
584 mbedtls_test_message_queue* queue;
585 mbedtls_mock_socket* socket;
586 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
587 size_t drop_len;
588 size_t msg_len;
589 int ret;
590
591 if( context == NULL || context->socket == NULL
592 || context->queue_input == NULL )
593 {
594 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
595 }
596
597 queue = context->queue_input;
598 socket = context->socket;
599
600 /* Peek first, so that in case of a socket error the data remains in
601 * the queue. */
602 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
603 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
604 {
605 /* Calculate how much to drop */
606 drop_len = msg_len - buf_len;
607
608 /* Set the requested message len to be buffer length */
609 msg_len = buf_len;
610 } else if( ret != 0 )
611 {
612 return ret;
613 }
614
615 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
616 return MBEDTLS_TEST_ERROR_RECV_FAILED;
617
618 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
619 {
620 /* Drop the remaining part of the message */
621 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
622 {
623 /* Inconsistent state - part of the message was read,
624 * and a part couldn't. Not much we can do here, but it should not
625 * happen in test environment, unless forced manually. */
626 }
627 }
628 mbedtls_test_message_queue_pop_info( queue, buf_len );
629
630 return msg_len;
631}
632
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]633/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]634 * Helper function setting up inverse record transformations
635 * using given cipher, hash, EtM mode, authentication tag length,
636 * and version.
637 */
638
639#define CHK( x ) \
640 do \
641 { \
642 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]643 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]644 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]645 goto cleanup; \
646 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]647 } while( 0 )
648
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]649#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
650#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
651#else
652#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
653#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]654
655static int build_transforms( mbedtls_ssl_transform *t_in,
656 mbedtls_ssl_transform *t_out,
657 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]658 int etm, int tag_mode, int ver,
659 size_t cid0_len,
660 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]661{
662 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]663 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]664
665 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]666 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]667 unsigned char iv_enc[16], iv_dec[16];
668
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]669#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]670 unsigned char cid0[ SSL_CID_LEN_MIN ];
671 unsigned char cid1[ SSL_CID_LEN_MIN ];
672
673 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
674 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]675#else
676 ((void) cid0_len);
677 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]678#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]679
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]680 maclen = 0;
681
682 /* Pick cipher */
683 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
684 CHK( cipher_info != NULL );
685 CHK( cipher_info->iv_size <= 16 );
686 CHK( cipher_info->key_bitlen % 8 == 0 );
687
688 /* Pick keys */
689 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]690 /* Allocate `keylen + 1` bytes to ensure that we get
691 * a non-NULL pointers from `mbedtls_calloc` even if
692 * `keylen == 0` in the case of the NULL cipher. */
693 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
694 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]695 memset( key0, 0x1, keylen );
696 memset( key1, 0x2, keylen );
697
698 /* Setup cipher contexts */
699 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
700 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
701 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
702 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
703
704#if defined(MBEDTLS_CIPHER_MODE_CBC)
705 if( cipher_info->mode == MBEDTLS_MODE_CBC )
706 {
707 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
708 MBEDTLS_PADDING_NONE ) == 0 );
709 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
710 MBEDTLS_PADDING_NONE ) == 0 );
711 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
712 MBEDTLS_PADDING_NONE ) == 0 );
713 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
714 MBEDTLS_PADDING_NONE ) == 0 );
715 }
716#endif /* MBEDTLS_CIPHER_MODE_CBC */
717
718 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
719 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
720 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
721 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
722 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
723 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
724 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
725 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]726
727 /* Setup MAC contexts */
728#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
729 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
730 cipher_info->mode == MBEDTLS_MODE_STREAM )
731 {
732 mbedtls_md_info_t const *md_info;
733 unsigned char *md0, *md1;
734
735 /* Pick hash */
736 md_info = mbedtls_md_info_from_type( hash_id );
737 CHK( md_info != NULL );
738
739 /* Pick hash keys */
740 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]741 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
742 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]743 memset( md0, 0x5, maclen );
744 memset( md1, 0x6, maclen );
745
746 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
747 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
748 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
749 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
750
751 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
752 {
753 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
754 md0, maclen ) == 0 );
755 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
756 md1, maclen ) == 0 );
757 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
758 md1, maclen ) == 0 );
759 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
760 md0, maclen ) == 0 );
761 }
762#if defined(MBEDTLS_SSL_PROTO_SSL3)
763 else
764 {
765 memcpy( &t_in->mac_enc, md0, maclen );
766 memcpy( &t_in->mac_dec, md1, maclen );
767 memcpy( &t_out->mac_enc, md1, maclen );
768 memcpy( &t_out->mac_dec, md0, maclen );
769 }
770#endif
771
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]772 mbedtls_free( md0 );
773 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]774 }
775#else
776 ((void) hash_id);
777#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
778
779
780 /* Pick IV's (regardless of whether they
781 * are being used by the transform). */
782 ivlen = cipher_info->iv_size;
783 memset( iv_enc, 0x3, sizeof( iv_enc ) );
784 memset( iv_dec, 0x4, sizeof( iv_dec ) );
785
786 /*
787 * Setup transforms
788 */
789
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]790#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
791 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]792 t_out->encrypt_then_mac = etm;
793 t_in->encrypt_then_mac = etm;
794#else
795 ((void) etm);
796#endif
797
798 t_out->minor_ver = ver;
799 t_in->minor_ver = ver;
800 t_out->ivlen = ivlen;
801 t_in->ivlen = ivlen;
802
803 switch( cipher_info->mode )
804 {
805 case MBEDTLS_MODE_GCM:
806 case MBEDTLS_MODE_CCM:
807 t_out->fixed_ivlen = 4;
808 t_in->fixed_ivlen = 4;
809 t_out->maclen = 0;
810 t_in->maclen = 0;
811 switch( tag_mode )
812 {
813 case 0: /* Full tag */
814 t_out->taglen = 16;
815 t_in->taglen = 16;
816 break;
817 case 1: /* Partial tag */
818 t_out->taglen = 8;
819 t_in->taglen = 8;
820 break;
821 default:
822 return( 1 );
823 }
824 break;
825
826 case MBEDTLS_MODE_CHACHAPOLY:
827 t_out->fixed_ivlen = 12;
828 t_in->fixed_ivlen = 12;
829 t_out->maclen = 0;
830 t_in->maclen = 0;
831 switch( tag_mode )
832 {
833 case 0: /* Full tag */
834 t_out->taglen = 16;
835 t_in->taglen = 16;
836 break;
837 case 1: /* Partial tag */
838 t_out->taglen = 8;
839 t_in->taglen = 8;
840 break;
841 default:
842 return( 1 );
843 }
844 break;
845
846 case MBEDTLS_MODE_STREAM:
847 case MBEDTLS_MODE_CBC:
848 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
849 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
850 t_out->taglen = 0;
851 t_in->taglen = 0;
852 switch( tag_mode )
853 {
854 case 0: /* Full tag */
855 t_out->maclen = maclen;
856 t_in->maclen = maclen;
857 break;
858 case 1: /* Partial tag */
859 t_out->maclen = 10;
860 t_in->maclen = 10;
861 break;
862 default:
863 return( 1 );
864 }
865 break;
866 default:
867 return( 1 );
868 break;
869 }
870
871 /* Setup IV's */
872
873 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
874 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
875 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
876 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
877
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]878#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]879 /* Add CID */
880 memcpy( &t_in->in_cid, cid0, cid0_len );
881 memcpy( &t_in->out_cid, cid1, cid1_len );
882 t_in->in_cid_len = cid0_len;
883 t_in->out_cid_len = cid1_len;
884 memcpy( &t_out->in_cid, cid1, cid1_len );
885 memcpy( &t_out->out_cid, cid0, cid0_len );
886 t_out->in_cid_len = cid1_len;
887 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]888#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]889
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]890cleanup:
891
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]892 mbedtls_free( key0 );
893 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]894
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]895 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]896}
897
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]898/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]899 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]900 * Choose dummy values, mostly non-0 to distinguish from the init default.
901 */
902static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]903 int ticket_len,
904 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]905{
906#if defined(MBEDTLS_HAVE_TIME)
907 session->start = mbedtls_time( NULL ) - 42;
908#endif
909 session->ciphersuite = 0xabcd;
910 session->compression = 1;
911 session->id_len = sizeof( session->id );
912 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]913 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]914
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]915#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]916 if( strlen( crt_file ) != 0 )
917 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]918 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]919 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]920
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]921 mbedtls_x509_crt_init( &tmp_crt );
922 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
923 if( ret != 0 )
924 return( ret );
925
926#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
927 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]928 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
929 if( session->peer_cert == NULL )
930 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]931 *session->peer_cert = tmp_crt;
932 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
933#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
934 /* Calculate digest of temporary CRT. */
935 session->peer_cert_digest =
936 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
937 if( session->peer_cert_digest == NULL )
938 return( -1 );
939 ret = mbedtls_md( mbedtls_md_info_from_type(
940 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
941 tmp_crt.raw.p, tmp_crt.raw.len,
942 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]943 if( ret != 0 )
944 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]945 session->peer_cert_digest_type =
946 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
947 session->peer_cert_digest_len =
948 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
949#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
950
951 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]952 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]953#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]954 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]955#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]956 session->verify_result = 0xdeadbeef;
957
958#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
959 if( ticket_len != 0 )
960 {
961 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]962 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]963 return( -1 );
964 memset( session->ticket, 33, ticket_len );
965 }
966 session->ticket_len = ticket_len;
967 session->ticket_lifetime = 86401;
968#else
969 (void) ticket_len;
970#endif
971
972#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
973 session->mfl_code = 1;
974#endif
975#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
976 session->trunc_hmac = 1;
977#endif
978#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
979 session->encrypt_then_mac = 1;
980#endif
981
982 return( 0 );
983}
984
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]985/* END_HEADER */
986
987/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]988 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]989 * END_DEPENDENCIES
990 */
991
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]992/* BEGIN_CASE */
993void test_callback_buffer_sanity()
994{
995 enum { MSGLEN = 10 };
996 mbedtls_test_buffer buf;
997 unsigned char input[MSGLEN];
998 unsigned char output[MSGLEN];
999
1000 memset( input, 0, sizeof(input) );
1001
1002 /* Make sure calling put and get on NULL buffer results in error. */
1003 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
1004 == -1 );
1005 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
1006 == -1 );
1007 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1008
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1009 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
1010 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
1011
1012 /* Make sure calling put and get on a buffer that hasn't been set up results
1013 * in eror. */
1014 mbedtls_test_buffer_init( &buf );
1015
1016 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
1017 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
1018 == -1 );
1019 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1020
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1021 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
1022 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
1023
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1024 /* Make sure calling put and get on NULL input only results in
1025 * error if the length is not zero, and that a NULL output is valid for data
1026 * dropping.
1027 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1028
1029 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
1030
1031 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
1032 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1033 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1034 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
1035 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
1036
1037exit:
1038
1039 mbedtls_test_buffer_free( &buf );
1040}
1041/* END_CASE */
1042
1043/*
1044 * Test if the implementation of `mbedtls_test_buffer` related functions is
1045 * correct and works as expected.
1046 *
1047 * That is
1048 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
1049 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1050 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
1051 * bytes.
1052 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1053 * - All of the bytes we got match the bytes we put in in a FIFO manner.
1054 */
1055
1056/* BEGIN_CASE */
1057void test_callback_buffer( int size, int put1, int put1_ret,
1058 int get1, int get1_ret, int put2, int put2_ret,
1059 int get2, int get2_ret )
1060{
1061 enum { ROUNDS = 2 };
1062 size_t put[ROUNDS];
1063 int put_ret[ROUNDS];
1064 size_t get[ROUNDS];
1065 int get_ret[ROUNDS];
1066 mbedtls_test_buffer buf;
1067 unsigned char* input = NULL;
1068 size_t input_len;
1069 unsigned char* output = NULL;
1070 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1071 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1072
1073 mbedtls_test_buffer_init( &buf );
1074 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
1075
1076 /* Check the sanity of input parameters and initialise local variables. That
1077 * is, ensure that the amount of data is not negative and that we are not
1078 * expecting more to put or get than we actually asked for. */
1079 TEST_ASSERT( put1 >= 0 );
1080 put[0] = put1;
1081 put_ret[0] = put1_ret;
1082 TEST_ASSERT( put1_ret <= put1 );
1083 TEST_ASSERT( put2 >= 0 );
1084 put[1] = put2;
1085 put_ret[1] = put2_ret;
1086 TEST_ASSERT( put2_ret <= put2 );
1087
1088 TEST_ASSERT( get1 >= 0 );
1089 get[0] = get1;
1090 get_ret[0] = get1_ret;
1091 TEST_ASSERT( get1_ret <= get1 );
1092 TEST_ASSERT( get2 >= 0 );
1093 get[1] = get2;
1094 get_ret[1] = get2_ret;
1095 TEST_ASSERT( get2_ret <= get2 );
1096
1097 input_len = 0;
1098 /* Calculate actual input and output lengths */
1099 for( j = 0; j < ROUNDS; j++ )
1100 {
1101 if( put_ret[j] > 0 )
1102 {
1103 input_len += put_ret[j];
1104 }
1105 }
1106 /* In order to always have a valid pointer we always allocate at least 1
1107 * byte. */
1108 if( input_len == 0 )
1109 input_len = 1;
1110 ASSERT_ALLOC( input, input_len );
1111
1112 output_len = 0;
1113 for( j = 0; j < ROUNDS; j++ )
1114 {
1115 if( get_ret[j] > 0 )
1116 {
1117 output_len += get_ret[j];
1118 }
1119 }
1120 TEST_ASSERT( output_len <= input_len );
1121 /* In order to always have a valid pointer we always allocate at least 1
1122 * byte. */
1123 if( output_len == 0 )
1124 output_len = 1;
1125 ASSERT_ALLOC( output, output_len );
1126
1127 /* Fill up the buffer with structured data so that unwanted changes
1128 * can be detected */
1129 for( i = 0; i < input_len; i++ )
1130 {
1131 input[i] = i & 0xFF;
1132 }
1133
1134 written = read = 0;
1135 for( j = 0; j < ROUNDS; j++ )
1136 {
1137 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
1138 input + written, put[j] ) );
1139 written += put_ret[j];
1140 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
1141 output + read, get[j] ) );
1142 read += get_ret[j];
1143 TEST_ASSERT( read <= written );
1144 if( get_ret[j] > 0 )
1145 {
1146 TEST_ASSERT( memcmp( output + read - get_ret[j],
1147 input + read - get_ret[j], get_ret[j] )
1148 == 0 );
1149 }
1150 }
1151
1152exit:
1153
1154 mbedtls_free( input );
1155 mbedtls_free( output );
1156 mbedtls_test_buffer_free( &buf );
1157}
1158/* END_CASE */
1159
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1160/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1161 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
1162 * correct and works as expected on unconnected sockets.
1163 */
1164
1165/* BEGIN_CASE */
1166void ssl_mock_sanity( )
1167{
1168 enum { MSGLEN = 105 };
1169 unsigned char message[MSGLEN];
1170 unsigned char received[MSGLEN];
1171 mbedtls_mock_socket socket;
1172
1173 mbedtls_mock_socket_init( &socket );
1174 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
1175 mbedtls_mock_socket_close( &socket );
1176 mbedtls_mock_socket_init( &socket );
1177 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
1178 mbedtls_mock_socket_close( &socket );
1179
1180 mbedtls_mock_socket_init( &socket );
1181 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
1182 mbedtls_mock_socket_close( &socket );
1183 mbedtls_mock_socket_init( &socket );
1184 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
1185 mbedtls_mock_socket_close( &socket );
1186
1187exit:
1188
1189 mbedtls_mock_socket_close( &socket );
1190}
1191/* END_CASE */
1192
1193/*
1194 * Test if the implementation of `mbedtls_mock_socket` related functions can
1195 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1196 */
1197
1198/* BEGIN_CASE */
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1199void ssl_mock_tcp( int blocking, int client_pattern, int server_pattern )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1200{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1201 enum { MSGLEN = 105 };
1202 unsigned char message[MSGLEN];
1203 unsigned char received[MSGLEN];
1204 mbedtls_mock_socket client;
1205 mbedtls_mock_socket server;
1206 size_t written, read;
1207 int send_ret, recv_ret;
1208 mbedtls_ssl_send_t *send;
1209 mbedtls_ssl_recv_t *recv;
1210 uint32_t client_block = client_pattern;
1211 uint32_t server_block = server_pattern;
1212 unsigned i;
1213
1214 if( blocking == 0 )
1215 {
1216 send = mbedtls_mock_tcp_send_nb;
1217 recv = mbedtls_mock_tcp_recv_nb;
1218 }
1219 else
1220 {
1221 send = mbedtls_mock_tcp_send_b;
1222 recv = mbedtls_mock_tcp_recv_b;
1223 }
1224
1225 mbedtls_mock_socket_init( &client );
1226 mbedtls_mock_socket_init( &server );
1227
1228 /* Fill up the buffer with structured data so that unwanted changes
1229 * can be detected */
1230 for( i = 0; i < MSGLEN; i++ )
1231 {
1232 message[i] = i & 0xFF;
1233 }
1234
1235 /* Make sure that sending a message takes a few iterations. */
1236 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1237 MSGLEN / 5 ) );
1238 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) );
1239 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) );
1240
1241 /* Send the message to the server */
1242 send_ret = recv_ret = 1;
1243 written = read = 0;
1244 while( send_ret != 0 || recv_ret != 0 )
1245 {
1246 send_ret = send( &client, message + written, MSGLEN - written );
1247
1248 if( ( blocking == 0 ) && ( client_block & 1 ) )
1249 {
1250 TEST_ASSERT( send_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1251 }
1252 else
1253 {
1254 TEST_ASSERT( send_ret >= 0 );
1255 written += send_ret;
1256 }
1257 client_block >>= 1;
1258
1259 recv_ret = recv( &server, received + read, MSGLEN - read );
1260 if( ( blocking == 0 ) && ( server_block & 1 ) )
1261 {
1262 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
1263 }
1264 else
1265 {
1266 TEST_ASSERT( recv_ret >= 0 );
1267 read += recv_ret;
1268 }
1269 server_block >>= 1;
1270 }
1271 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1272
1273exit:
1274
1275 mbedtls_mock_socket_close( &client );
1276 mbedtls_mock_socket_close( &server );
1277}
1278/* END_CASE */
1279
1280/*
1281 * Test if the implementation of `mbedtls_mock_socket` related functions can
1282 * send messages in both direction at the same time (with the I/O calls
1283 * interleaving).
1284 */
1285
1286/* BEGIN_CASE */
1287void ssl_mock_tcp_interleaving( int blocking,
1288 int client_pattern, int server_pattern )
1289{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1290 enum { ROUNDS = 2 };
1291 enum { MSGLEN = 105 };
1292 unsigned char message[ROUNDS][MSGLEN];
1293 unsigned char received[ROUNDS][MSGLEN];
1294 mbedtls_mock_socket client;
1295 mbedtls_mock_socket server;
1296 size_t written[ROUNDS];
1297 size_t read[ROUNDS];
1298 int send_ret[ROUNDS];
1299 int recv_ret[ROUNDS];
1300 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1301 mbedtls_ssl_send_t *send;
1302 mbedtls_ssl_recv_t *recv;
1303 uint32_t client_block = client_pattern;
1304 uint32_t server_block = server_pattern;
1305
1306 if( blocking == 0 )
1307 {
1308 send = mbedtls_mock_tcp_send_nb;
1309 recv = mbedtls_mock_tcp_recv_nb;
1310 }
1311 else
1312 {
1313 send = mbedtls_mock_tcp_send_b;
1314 recv = mbedtls_mock_tcp_recv_b;
1315 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1316
1317 mbedtls_mock_socket_init( &client );
1318 mbedtls_mock_socket_init( &server );
1319
1320 /* Fill up the buffers with structured data so that unwanted changes
1321 * can be detected */
1322 for( i = 0; i < ROUNDS; i++ )
1323 {
1324 for( j = 0; j < MSGLEN; j++ )
1325 {
1326 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1327 }
1328 }
1329
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1330 /* Make sure that sending a message takes a few iterations. */
1331 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1332 MSGLEN / 5 ) );
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1333 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &client, client_block ) );
1334 TEST_ASSERT( 0 == mbedtls_mock_socket_set_block( &server, server_block ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1335
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1336 /* Send the message from both sides, interleaving. */
1337 progress = 1;
1338 for( i = 0; i < ROUNDS; i++ )
1339 {
1340 written[i] = 0;
1341 read[i] = 0;
1342 }
1343 /* This loop does not stop as long as there was a successful write or read
1344 * of at least one byte on either side. */
1345 while( progress != 0 )
1346 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1347 send_ret[0] = send( &client, message[0] + written[0],
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1348 MSGLEN - written[0] );
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1349 if( ( blocking == 0 ) && ( client_block & 1 ) )
1350 {
1351 TEST_ASSERT( send_ret[0] == MBEDTLS_ERR_SSL_WANT_WRITE );
1352 }
1353 else
1354 {
1355 TEST_ASSERT( send_ret[0] >= 0 );
1356 written[0] += send_ret[0];
1357 }
1358 client_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1359
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1360 send_ret[1] = send( &server, message[1] + written[1],
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1361 MSGLEN - written[1] );
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1362 if( ( blocking == 0 ) && ( server_block & 1 ) )
1363 {
1364 TEST_ASSERT( send_ret[1] == MBEDTLS_ERR_SSL_WANT_WRITE );
1365 }
1366 else
1367 {
1368 TEST_ASSERT( send_ret[1] >= 0 );
1369 written[1] += send_ret[1];
1370 }
1371 server_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1372
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1373 recv_ret[0] = recv( &server, received[0] + read[0],
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1374 MSGLEN - read[0] );
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1375 if( ( blocking == 0 ) && ( server_block & 1 ) )
1376 {
1377 TEST_ASSERT( recv_ret[0] == MBEDTLS_ERR_SSL_WANT_READ );
1378 }
1379 else
1380 {
1381 TEST_ASSERT( recv_ret[0] >= 0 );
1382 read[0] += recv_ret[0];
1383 }
1384 server_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1385
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1386 recv_ret[1] = recv( &client, received[1] + read[1],
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1387 MSGLEN - read[1] );
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1388 if( ( blocking == 0 ) && ( client_block & 1 ) )
1389 {
1390 TEST_ASSERT( recv_ret[1] == MBEDTLS_ERR_SSL_WANT_READ );
1391 }
1392 else
1393 {
1394 TEST_ASSERT( recv_ret[1] >= 0 );
1395 read[1] += recv_ret[1];
1396 }
1397 client_block >>= 1;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1398
1399 progress = 0;
1400 for( i = 0; i < ROUNDS; i++ )
1401 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1402 if( ( send_ret[i] > 0 ) ||
1403 ( send_ret[i] == MBEDTLS_ERR_SSL_WANT_WRITE ) )
1404 {
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1405 progress++;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1406 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1407
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1408 if( ( recv_ret[i] > 0 ) ||
1409 ( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ ) )
1410 {
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1411 progress++;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1412 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1413 }
1414 }
1415
1416 for( i = 0; i < ROUNDS; i++ )
1417 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1418
1419exit:
1420
1421 mbedtls_mock_socket_close( &client );
1422 mbedtls_mock_socket_close( &server );
1423}
1424/* END_CASE */
1425
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1426/* BEGIN_CASE */
1427void ssl_message_queue_sanity( )
1428{
1429 mbedtls_test_message_queue queue;
1430
1431 /* Trying to push/pull to an empty queue */
1432 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
1433 == MBEDTLS_TEST_ERROR_ARG_NULL );
1434 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
1435 == MBEDTLS_TEST_ERROR_ARG_NULL );
1436
1437 mbedtls_test_message_queue_setup( &queue, 3 );
1438 TEST_ASSERT( queue.capacity == 3 );
1439 TEST_ASSERT( queue.num == 0 );
1440
1441exit:
1442 mbedtls_test_message_queue_free( &queue );
1443}
1444/* END_CASE */
1445
1446/* BEGIN_CASE */
1447void ssl_message_queue_basic( )
1448{
1449 mbedtls_test_message_queue queue;
1450
1451 mbedtls_test_message_queue_setup( &queue, 3 );
1452
1453 /* Sanity test - 3 pushes and 3 pops with sufficient space */
1454 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1455 TEST_ASSERT( queue.capacity == 3 );
1456 TEST_ASSERT( queue.num == 1 );
1457 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1458 TEST_ASSERT( queue.capacity == 3 );
1459 TEST_ASSERT( queue.num == 2 );
1460 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1461 TEST_ASSERT( queue.capacity == 3 );
1462 TEST_ASSERT( queue.num == 3 );
1463
1464 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1465 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1466 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1467
1468exit:
1469 mbedtls_test_message_queue_free( &queue );
1470}
1471/* END_CASE */
1472
1473/* BEGIN_CASE */
1474void ssl_message_queue_overflow_underflow( )
1475{
1476 mbedtls_test_message_queue queue;
1477
1478 mbedtls_test_message_queue_setup( &queue, 3 );
1479
1480 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
1481 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1482 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1483 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1484 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
1485 == MBEDTLS_TEST_ERROR_QUEUE_FULL );
1486
1487 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1488 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1489 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1490
1491 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
1492 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1493
1494exit:
1495 mbedtls_test_message_queue_free( &queue );
1496}
1497/* END_CASE */
1498
1499/* BEGIN_CASE */
1500void ssl_message_queue_interleaved( )
1501{
1502 mbedtls_test_message_queue queue;
1503
1504 mbedtls_test_message_queue_setup( &queue, 3 );
1505
1506 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
1507 * (to wrap around the buffer) */
1508 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1509 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1510
1511 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1512
1513 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1514 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
1515
1516 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1517 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1518
1519 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
1520 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
1521
1522 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
1523
1524 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
1525
1526 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
1527
1528exit:
1529 mbedtls_test_message_queue_free( &queue );
1530}
1531/* END_CASE */
1532
1533/* BEGIN_CASE */
1534void ssl_message_queue_insufficient_buffer( )
1535{
1536 mbedtls_test_message_queue queue;
1537 size_t message_len = 10;
1538 size_t buffer_len = 5;
1539
1540 mbedtls_test_message_queue_setup( &queue, 1 );
1541
1542 /* Popping without a sufficient buffer */
1543 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
1544 == (int) message_len );
1545 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
1546 == (int) buffer_len );
1547exit:
1548 mbedtls_test_message_queue_free( &queue );
1549}
1550/* END_CASE */
1551
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame^]1552/* BEGIN_CASE */
1553void ssl_message_mock_uninitialized( )
1554{
1555 enum { MSGLEN = 10 };
1556 unsigned char message[MSGLEN], received[MSGLEN];
1557 mbedtls_mock_socket client, server;
1558 mbedtls_test_message_queue server_queue, client_queue;
1559 mbedtls_test_message_socket_context server_context, client_context;
1560
1561 /* Send with a NULL context */
1562 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
1563 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1564
1565 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
1566 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1567
1568 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1569 &server,
1570 &server_context ) == 0 );
1571
1572 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1573 &client,
1574 &client_context ) == 0 );
1575
1576 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
1577 == MBEDTLS_TEST_ERROR_SEND_FAILED );
1578
1579 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1580 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1581
1582 /* Push directly to a queue to later simulate a disconnected behavior */
1583 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
1584 == MSGLEN );
1585
1586 /* Test if there's an error when trying to read from a disconnected
1587 * socket */
1588 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1589 == MBEDTLS_TEST_ERROR_RECV_FAILED );
1590 exit:
1591 mbedtls_message_socket_close( &server_context );
1592 mbedtls_message_socket_close( &client_context );
1593}
1594/* END_CASE */
1595
1596/* BEGIN_CASE */
1597void ssl_message_mock_basic( )
1598{
1599 enum { MSGLEN = 10 };
1600 unsigned char message[MSGLEN], received[MSGLEN];
1601 mbedtls_mock_socket client, server;
1602 unsigned i;
1603 mbedtls_test_message_queue server_queue, client_queue;
1604 mbedtls_test_message_socket_context server_context, client_context;
1605
1606 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1607 &server,
1608 &server_context ) == 0 );
1609
1610 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1611 &client,
1612 &client_context ) == 0 );
1613
1614 /* Fill up the buffer with structured data so that unwanted changes
1615 * can be detected */
1616 for( i = 0; i < MSGLEN; i++ )
1617 {
1618 message[i] = i & 0xFF;
1619 }
1620 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1621 MSGLEN ) );
1622
1623 /* Send the message to the server */
1624 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1625 MSGLEN ) == MSGLEN );
1626
1627 /* Read from the server */
1628 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1629 == MSGLEN );
1630
1631 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1632 memset( received, 0, MSGLEN );
1633
1634 /* Send the message to the client */
1635 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
1636 MSGLEN ) == MSGLEN );
1637
1638 /* Read from the client */
1639 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
1640 == MSGLEN );
1641 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1642
1643 exit:
1644 mbedtls_message_socket_close( &server_context );
1645 mbedtls_message_socket_close( &client_context );
1646}
1647/* END_CASE */
1648
1649/* BEGIN_CASE */
1650void ssl_message_mock_queue_overflow_underflow( )
1651{
1652 enum { MSGLEN = 10 };
1653 unsigned char message[MSGLEN], received[MSGLEN];
1654 mbedtls_mock_socket client, server;
1655 unsigned i;
1656 mbedtls_test_message_queue server_queue, client_queue;
1657 mbedtls_test_message_socket_context server_context, client_context;
1658
1659 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
1660 &server,
1661 &server_context ) == 0 );
1662
1663 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
1664 &client,
1665 &client_context ) == 0 );
1666
1667 /* Fill up the buffer with structured data so that unwanted changes
1668 * can be detected */
1669 for( i = 0; i < MSGLEN; i++ )
1670 {
1671 message[i] = i & 0xFF;
1672 }
1673 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1674 MSGLEN*2 ) );
1675
1676 /* Send three message to the server, last one with an error */
1677 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1678 MSGLEN - 1 ) == MSGLEN - 1 );
1679
1680 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1681 MSGLEN ) == MSGLEN );
1682
1683 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1684 MSGLEN )
1685 == MBEDTLS_TEST_ERROR_QUEUE_FULL );
1686
1687 /* Read three messages from the server, last one with an error */
1688 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
1689 MSGLEN - 1 ) == MSGLEN - 1 );
1690
1691 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1692 == MSGLEN );
1693
1694 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1695
1696 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1697 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1698
1699 exit:
1700 mbedtls_message_socket_close( &server_context );
1701 mbedtls_message_socket_close( &client_context );
1702}
1703/* END_CASE */
1704
1705/* BEGIN_CASE */
1706void ssl_message_mock_socket_overflow( )
1707{
1708 enum { MSGLEN = 10 };
1709 unsigned char message[MSGLEN], received[MSGLEN];
1710 mbedtls_mock_socket client, server;
1711 unsigned i;
1712 mbedtls_test_message_queue server_queue, client_queue;
1713 mbedtls_test_message_socket_context server_context, client_context;
1714
1715 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
1716 &server,
1717 &server_context ) == 0 );
1718
1719 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
1720 &client,
1721 &client_context ) == 0 );
1722
1723 /* Fill up the buffer with structured data so that unwanted changes
1724 * can be detected */
1725 for( i = 0; i < MSGLEN; i++ )
1726 {
1727 message[i] = i & 0xFF;
1728 }
1729 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1730 MSGLEN ) );
1731
1732 /* Send two message to the server, second one with an error */
1733 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1734 MSGLEN ) == MSGLEN );
1735
1736 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1737 MSGLEN )
1738 == MBEDTLS_TEST_ERROR_SEND_FAILED );
1739
1740 /* Read the only message from the server */
1741 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1742 == MSGLEN );
1743
1744 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1745
1746 exit:
1747 mbedtls_message_socket_close( &server_context );
1748 mbedtls_message_socket_close( &client_context );
1749}
1750/* END_CASE */
1751
1752/* BEGIN_CASE */
1753void ssl_message_mock_truncated( )
1754{
1755 enum { MSGLEN = 10 };
1756 unsigned char message[MSGLEN], received[MSGLEN];
1757 mbedtls_mock_socket client, server;
1758 unsigned i;
1759 mbedtls_test_message_queue server_queue, client_queue;
1760 mbedtls_test_message_socket_context server_context, client_context;
1761
1762 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
1763 &server,
1764 &server_context ) == 0 );
1765
1766 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
1767 &client,
1768 &client_context ) == 0 );
1769
1770 memset( received, 0, MSGLEN );
1771 /* Fill up the buffer with structured data so that unwanted changes
1772 * can be detected */
1773 for( i = 0; i < MSGLEN; i++ )
1774 {
1775 message[i] = i & 0xFF;
1776 }
1777 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1778 2 * MSGLEN ) );
1779
1780 /* Send two messages to the server, the second one small enough to fit in the
1781 * receiver's buffer. */
1782 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1783 MSGLEN ) == MSGLEN );
1784 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1785 MSGLEN / 2 ) == MSGLEN / 2 );
1786 /* Read a truncated message from the server */
1787 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
1788 == MSGLEN/2 );
1789
1790 /* Test that the first half of the message is valid, and second one isn't */
1791 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
1792 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
1793 != 0 );
1794 memset( received, 0, MSGLEN );
1795
1796 /* Read a full message from the server */
1797 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
1798 == MSGLEN / 2 );
1799
1800 /* Test that the first half of the message is valid */
1801 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
1802
1803 exit:
1804 mbedtls_message_socket_close( &server_context );
1805 mbedtls_message_socket_close( &client_context );
1806}
1807/* END_CASE */
1808
1809/* BEGIN_CASE */
1810void ssl_message_mock_socket_read_error( )
1811{
1812 enum { MSGLEN = 10 };
1813 unsigned char message[MSGLEN], received[MSGLEN];
1814 mbedtls_mock_socket client, server;
1815 unsigned i;
1816 mbedtls_test_message_queue server_queue, client_queue;
1817 mbedtls_test_message_socket_context server_context, client_context;
1818
1819 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1820 &server,
1821 &server_context ) == 0 );
1822
1823 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1824 &client,
1825 &client_context ) == 0 );
1826
1827 /* Fill up the buffer with structured data so that unwanted changes
1828 * can be detected */
1829 for( i = 0; i < MSGLEN; i++ )
1830 {
1831 message[i] = i & 0xFF;
1832 }
1833 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1834 MSGLEN ) );
1835
1836 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1837 MSGLEN ) == MSGLEN );
1838
1839 /* Force a read error by disconnecting the socket by hand */
1840 server.status = 0;
1841 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1842 == MBEDTLS_TEST_ERROR_RECV_FAILED );
1843 /* Return to a valid state */
1844 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
1845
1846 memset( received, 0, sizeof( received ) );
1847
1848 /* Test that even though the server tried to read once disconnected, the
1849 * continuity is preserved */
1850 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1851 == MSGLEN );
1852
1853 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1854
1855 exit:
1856 mbedtls_message_socket_close( &server_context );
1857 mbedtls_message_socket_close( &client_context );
1858}
1859/* END_CASE */
1860
1861/* BEGIN_CASE */
1862void ssl_message_mock_interleaved_one_way( )
1863{
1864 enum { MSGLEN = 10 };
1865 unsigned char message[MSGLEN], received[MSGLEN];
1866 mbedtls_mock_socket client, server;
1867 unsigned i;
1868 mbedtls_test_message_queue server_queue, client_queue;
1869 mbedtls_test_message_socket_context server_context, client_context;
1870
1871 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
1872 &server,
1873 &server_context ) == 0 );
1874
1875 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
1876 &client,
1877 &client_context ) == 0 );
1878
1879 /* Fill up the buffer with structured data so that unwanted changes
1880 * can be detected */
1881 for( i = 0; i < MSGLEN; i++ )
1882 {
1883 message[i] = i & 0xFF;
1884 }
1885 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1886 MSGLEN*3 ) );
1887
1888 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
1889 * (to wrap around the buffer) */
1890 for( i = 0; i < 2; i++ )
1891 {
1892 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1893 MSGLEN ) == MSGLEN );
1894
1895 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1896 MSGLEN ) == MSGLEN );
1897
1898 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
1899 MSGLEN ) == MSGLEN );
1900 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1901 memset( received, 0, sizeof( received ) );
1902 }
1903
1904 for( i = 0; i < 2; i++ )
1905 {
1906 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
1907 MSGLEN ) == MSGLEN );
1908
1909 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1910 }
1911 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1912 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1913 exit:
1914 mbedtls_message_socket_close( &server_context );
1915 mbedtls_message_socket_close( &client_context );
1916}
1917/* END_CASE */
1918
1919/* BEGIN_CASE */
1920void ssl_message_mock_interleaved_two_ways( )
1921{
1922 enum { MSGLEN = 10 };
1923 unsigned char message[MSGLEN], received[MSGLEN];
1924 mbedtls_mock_socket client, server;
1925 unsigned i;
1926 mbedtls_test_message_queue server_queue, client_queue;
1927 mbedtls_test_message_socket_context server_context, client_context;
1928
1929 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
1930 &server,
1931 &server_context ) == 0 );
1932
1933 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
1934 &client,
1935 &client_context ) == 0 );
1936
1937 /* Fill up the buffer with structured data so that unwanted changes
1938 * can be detected */
1939 for( i = 0; i < MSGLEN; i++ )
1940 {
1941 message[i] = i & 0xFF;
1942 }
1943 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
1944 MSGLEN*3 ) );
1945
1946 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
1947 * (to wrap around the buffer) both ways. */
1948 for( i = 0; i < 2; i++ )
1949 {
1950 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1951 MSGLEN ) == MSGLEN );
1952
1953 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
1954 MSGLEN ) == MSGLEN );
1955
1956 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
1957 MSGLEN ) == MSGLEN );
1958
1959 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
1960 MSGLEN ) == MSGLEN );
1961
1962 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
1963 MSGLEN ) == MSGLEN );
1964
1965 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1966
1967 memset( received, 0, sizeof( received ) );
1968
1969 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
1970 MSGLEN ) == MSGLEN );
1971
1972 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1973
1974 memset( received, 0, sizeof( received ) );
1975 }
1976
1977 for( i = 0; i < 2; i++ )
1978 {
1979 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
1980 MSGLEN ) == MSGLEN );
1981
1982 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1983 memset( received, 0, sizeof( received ) );
1984
1985 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
1986 MSGLEN ) == MSGLEN );
1987
1988 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1989 memset( received, 0, sizeof( received ) );
1990 }
1991
1992 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1993 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1994
1995 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
1996 == MBEDTLS_TEST_ERROR_QUEUE_EMPTY );
1997 exit:
1998 mbedtls_message_socket_close( &server_context );
1999 mbedtls_message_socket_close( &client_context );
2000}
2001/* END_CASE */
2002
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2003/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]2004void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2005{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2006 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2007 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2008 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2009
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2010 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2011 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2012
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]2013 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
2014 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]2015 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2016 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2017 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2018
2019 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2020 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2021 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2022 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2023 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2024 }
2025
2026 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2027 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2028 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2029
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2030 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2031 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2032}
2033/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]2034
2035/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
2036void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
2037{
2038 mbedtls_ssl_context ssl;
2039 mbedtls_ssl_init( &ssl );
2040
2041 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
2042 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
2043
2044 mbedtls_ssl_free( &ssl );
2045}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]2046/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2047
2048/* BEGIN_CASE */
2049void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2050 int etm, int tag_mode, int ver,
2051 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2052{
2053 /*
2054 * Test several record encryptions and decryptions
2055 * with plenty of space before and after the data
2056 * within the record buffer.
2057 */
2058
2059 int ret;
2060 int num_records = 16;
2061 mbedtls_ssl_context ssl; /* ONLY for debugging */
2062
2063 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2064 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2065 size_t const buflen = 512;
2066 mbedtls_record rec, rec_backup;
2067
2068 mbedtls_ssl_init( &ssl );
2069 mbedtls_ssl_transform_init( &t0 );
2070 mbedtls_ssl_transform_init( &t1 );
2071 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2072 etm, tag_mode, ver,
2073 (size_t) cid0_len,
2074 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2075
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2076 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2077
2078 while( num_records-- > 0 )
2079 {
2080 mbedtls_ssl_transform *t_dec, *t_enc;
2081 /* Take turns in who's sending and who's receiving. */
2082 if( num_records % 3 == 0 )
2083 {
2084 t_dec = &t0;
2085 t_enc = &t1;
2086 }
2087 else
2088 {
2089 t_dec = &t1;
2090 t_enc = &t0;
2091 }
2092
2093 /*
2094 * The record header affects the transformation in two ways:
2095 * 1) It determines the AEAD additional data
2096 * 2) The record counter sometimes determines the IV.
2097 *
2098 * Apart from that, the fields don't have influence.
2099 * In particular, it is currently not the responsibility
2100 * of ssl_encrypt/decrypt_buf to check if the transform
2101 * version matches the record version, or that the
2102 * type is sensible.
2103 */
2104
2105 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
2106 rec.type = 42;
2107 rec.ver[0] = num_records;
2108 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2109#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2110 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2111#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2112
2113 rec.buf = buf;
2114 rec.buf_len = buflen;
2115 rec.data_offset = 16;
2116 /* Make sure to vary the length to exercise different
2117 * paddings. */
2118 rec.data_len = 1 + num_records;
2119
2120 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2121
2122 /* Make a copy for later comparison */
2123 rec_backup = rec;
2124
2125 /* Encrypt record */
2126 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
2127 rnd_std_rand, NULL );
2128 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2129 if( ret != 0 )
2130 {
2131 continue;
2132 }
2133
2134 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2135 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
2136 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2137
2138 /* Compare results */
2139 TEST_ASSERT( rec.type == rec_backup.type );
2140 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2141 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2142 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2143 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2144 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2145 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2146 rec_backup.buf + rec_backup.data_offset,
2147 rec.data_len ) == 0 );
2148 }
2149
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2150exit:
2151
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2152 /* Cleanup */
2153 mbedtls_ssl_free( &ssl );
2154 mbedtls_ssl_transform_free( &t0 );
2155 mbedtls_ssl_transform_free( &t1 );
2156
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2157 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2158}
2159/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2160
2161/* BEGIN_CASE */
2162void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2163 int etm, int tag_mode, int ver,
2164 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2165{
2166 /*
2167 * Test pairs of encryption and decryption with an increasing
2168 * amount of space in the record buffer - in more detail:
2169 * 1) Try to encrypt with 0, 1, 2, ... bytes available
2170 * in front of the plaintext, and expect the encryption
2171 * to succeed starting from some offset. Always keep
2172 * enough space in the end of the buffer.
2173 * 2) Try to encrypt with 0, 1, 2, ... bytes available
2174 * at the end of the plaintext, and expect the encryption
2175 * to succeed starting from some offset. Always keep
2176 * enough space at the beginning of the buffer.
2177 * 3) Try to encrypt with 0, 1, 2, ... bytes available
2178 * both at the front and end of the plaintext,
2179 * and expect the encryption to succeed starting from
2180 * some offset.
2181 *
2182 * If encryption succeeds, check that decryption succeeds
2183 * and yields the original record.
2184 */
2185
2186 mbedtls_ssl_context ssl; /* ONLY for debugging */
2187
2188 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2189 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2190 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2191 mbedtls_record rec, rec_backup;
2192
2193 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2194 int mode; /* Mode 1, 2 or 3 as explained above */
2195 size_t offset; /* Available space at beginning/end/both */
2196 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2197
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2198 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
2199 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2200
2201 int seen_success; /* Indicates if in the current mode we've
2202 * already seen a successful test. */
2203
2204 mbedtls_ssl_init( &ssl );
2205 mbedtls_ssl_transform_init( &t0 );
2206 mbedtls_ssl_transform_init( &t1 );
2207 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2208 etm, tag_mode, ver,
2209 (size_t) cid0_len,
2210 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2211
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2212 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2213
2214 for( mode=1; mode <= 3; mode++ )
2215 {
2216 seen_success = 0;
2217 for( offset=0; offset <= threshold; offset++ )
2218 {
2219 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]2220 t_dec = &t0;
2221 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2222
2223 memset( rec.ctr, offset, sizeof( rec.ctr ) );
2224 rec.type = 42;
2225 rec.ver[0] = offset;
2226 rec.ver[1] = offset;
2227 rec.buf = buf;
2228 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2229#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2230 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2231#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2232
2233 switch( mode )
2234 {
2235 case 1: /* Space in the beginning */
2236 rec.data_offset = offset;
2237 rec.data_len = buflen - offset - default_post_padding;
2238 break;
2239
2240 case 2: /* Space in the end */
2241 rec.data_offset = default_pre_padding;
2242 rec.data_len = buflen - default_pre_padding - offset;
2243 break;
2244
2245 case 3: /* Space in the beginning and end */
2246 rec.data_offset = offset;
2247 rec.data_len = buflen - 2 * offset;
2248 break;
2249
2250 default:
2251 TEST_ASSERT( 0 );
2252 break;
2253 }
2254
2255 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2256
2257 /* Make a copy for later comparison */
2258 rec_backup = rec;
2259
2260 /* Encrypt record */
2261 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
2262
2263 if( ( mode == 1 || mode == 2 ) && seen_success )
2264 {
2265 TEST_ASSERT( ret == 0 );
2266 }
2267 else
2268 {
2269 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2270 if( ret == 0 )
2271 seen_success = 1;
2272 }
2273
2274 if( ret != 0 )
2275 continue;
2276
2277 /* Decrypt record with t_dec */
2278 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
2279
2280 /* Compare results */
2281 TEST_ASSERT( rec.type == rec_backup.type );
2282 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2283 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2284 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2285 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2286 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2287 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2288 rec_backup.buf + rec_backup.data_offset,
2289 rec.data_len ) == 0 );
2290 }
2291
2292 TEST_ASSERT( seen_success == 1 );
2293 }
2294
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2295exit:
2296
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2297 /* Cleanup */
2298 mbedtls_ssl_free( &ssl );
2299 mbedtls_ssl_transform_free( &t0 );
2300 mbedtls_ssl_transform_free( &t1 );
2301
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2302 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2303}
2304/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2305
2306/* BEGIN_CASE */
2307void ssl_tls_prf( int type, data_t * secret, data_t * random,
2308 char *label, data_t *result_hex_str, int exp_ret )
2309{
2310 unsigned char *output;
2311
2312 output = mbedtls_calloc( 1, result_hex_str->len );
2313 if( output == NULL )
2314 goto exit;
2315
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]2316#if defined(MBEDTLS_USE_PSA_CRYPTO)
2317 TEST_ASSERT( psa_crypto_init() == 0 );
2318#endif
2319
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2320 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
2321 label, random->x, random->len,
2322 output, result_hex_str->len ) == exp_ret );
2323
2324 if( exp_ret == 0 )
2325 {
2326 TEST_ASSERT( hexcmp( output, result_hex_str->x,
2327 result_hex_str->len, result_hex_str->len ) == 0 );
2328 }
2329exit:
2330
2331 mbedtls_free( output );
2332}
2333/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2334
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2335/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2336void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2337{
2338 mbedtls_ssl_session original, restored;
2339 unsigned char *buf = NULL;
2340 size_t len;
2341
2342 /*
2343 * Test that a save-load pair is the identity
2344 */
2345
2346 mbedtls_ssl_session_init( &original );
2347 mbedtls_ssl_session_init( &restored );
2348
2349 /* Prepare a dummy session to work on */
2350 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
2351
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2352 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2353 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
2354 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2355 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
2356 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
2357 == 0 );
2358
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2359 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2360 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
2361
2362 /*
2363 * Make sure both session structures are identical
2364 */
2365#if defined(MBEDTLS_HAVE_TIME)
2366 TEST_ASSERT( original.start == restored.start );
2367#endif
2368 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
2369 TEST_ASSERT( original.compression == restored.compression );
2370 TEST_ASSERT( original.id_len == restored.id_len );
2371 TEST_ASSERT( memcmp( original.id,
2372 restored.id, sizeof( original.id ) ) == 0 );
2373 TEST_ASSERT( memcmp( original.master,
2374 restored.master, sizeof( original.master ) ) == 0 );
2375
2376#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2377#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2378 TEST_ASSERT( ( original.peer_cert == NULL ) ==
2379 ( restored.peer_cert == NULL ) );
2380 if( original.peer_cert != NULL )
2381 {
2382 TEST_ASSERT( original.peer_cert->raw.len ==
2383 restored.peer_cert->raw.len );
2384 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
2385 restored.peer_cert->raw.p,
2386 original.peer_cert->raw.len ) == 0 );
2387 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2388#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2389 TEST_ASSERT( original.peer_cert_digest_type ==
2390 restored.peer_cert_digest_type );
2391 TEST_ASSERT( original.peer_cert_digest_len ==
2392 restored.peer_cert_digest_len );
2393 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
2394 ( restored.peer_cert_digest == NULL ) );
2395 if( original.peer_cert_digest != NULL )
2396 {
2397 TEST_ASSERT( memcmp( original.peer_cert_digest,
2398 restored.peer_cert_digest,
2399 original.peer_cert_digest_len ) == 0 );
2400 }
2401#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2402#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2403 TEST_ASSERT( original.verify_result == restored.verify_result );
2404
2405#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2406 TEST_ASSERT( original.ticket_len == restored.ticket_len );
2407 if( original.ticket_len != 0 )
2408 {
2409 TEST_ASSERT( original.ticket != NULL );
2410 TEST_ASSERT( restored.ticket != NULL );
2411 TEST_ASSERT( memcmp( original.ticket,
2412 restored.ticket, original.ticket_len ) == 0 );
2413 }
2414 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
2415#endif
2416
2417#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2418 TEST_ASSERT( original.mfl_code == restored.mfl_code );
2419#endif
2420
2421#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2422 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
2423#endif
2424
2425#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2426 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
2427#endif
2428
2429exit:
2430 mbedtls_ssl_session_free( &original );
2431 mbedtls_ssl_session_free( &restored );
2432 mbedtls_free( buf );
2433}
2434/* END_CASE */
2435
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]2436/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2437void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2438{
2439 mbedtls_ssl_session session;
2440 unsigned char *buf1 = NULL, *buf2 = NULL;
2441 size_t len0, len1, len2;
2442
2443 /*
2444 * Test that a load-save pair is the identity
2445 */
2446
2447 mbedtls_ssl_session_init( &session );
2448
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2449 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2450 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2451
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2452 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2453 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
2454 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2455
2456 /* Allocate first buffer */
2457 buf1 = mbedtls_calloc( 1, len0 );
2458 TEST_ASSERT( buf1 != NULL );
2459
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2460 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2461 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
2462 == 0 );
2463 TEST_ASSERT( len0 == len1 );
2464 mbedtls_ssl_session_free( &session );
2465
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2466 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]2467 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2468
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2469 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2470 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]2471 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2472 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
2473 == 0 );
2474
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2475 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2476 TEST_ASSERT( len1 == len2 );
2477 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
2478
2479exit:
2480 mbedtls_ssl_session_free( &session );
2481 mbedtls_free( buf1 );
2482 mbedtls_free( buf2 );
2483}
2484/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2485
2486/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2487void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2488{
2489 mbedtls_ssl_session session;
2490 unsigned char *buf = NULL;
2491 size_t good_len, bad_len, test_len;
2492
2493 /*
2494 * Test that session_save() fails cleanly on small buffers
2495 */
2496
2497 mbedtls_ssl_session_init( &session );
2498
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2499 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2500 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2501 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2502 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2503
2504 /* Try all possible bad lengths */
2505 for( bad_len = 1; bad_len < good_len; bad_len++ )
2506 {
2507 /* Allocate exact size so that asan/valgrind can detect any overwrite */
2508 mbedtls_free( buf );
2509 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
2510 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
2511 &test_len )
2512 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2513 TEST_ASSERT( test_len == good_len );
2514 }
2515
2516exit:
2517 mbedtls_ssl_session_free( &session );
2518 mbedtls_free( buf );
2519}
2520/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2521
2522/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2523void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2524{
2525 mbedtls_ssl_session session;
2526 unsigned char *good_buf = NULL, *bad_buf = NULL;
2527 size_t good_len, bad_len;
2528
2529 /*
2530 * Test that session_load() fails cleanly on small buffers
2531 */
2532
2533 mbedtls_ssl_session_init( &session );
2534
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2535 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2536 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2537 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2538 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2539 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
2540 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
2541 &good_len ) == 0 );
2542 mbedtls_ssl_session_free( &session );
2543
2544 /* Try all possible bad lengths */
2545 for( bad_len = 0; bad_len < good_len; bad_len++ )
2546 {
2547 /* Allocate exact size so that asan/valgrind can detect any overread */
2548 mbedtls_free( bad_buf );
2549 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
2550 TEST_ASSERT( bad_buf != NULL );
2551 memcpy( bad_buf, good_buf, bad_len );
2552
2553 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
2554 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
2555 }
2556
2557exit:
2558 mbedtls_ssl_session_free( &session );
2559 mbedtls_free( good_buf );
2560 mbedtls_free( bad_buf );
2561}
2562/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2563
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2564/* BEGIN_CASE */
2565void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2566 int corrupt_minor,
2567 int corrupt_patch,
2568 int corrupt_config )
2569{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2570 unsigned char serialized_session[ 2048 ];
2571 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2572 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2573 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2574 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
2575 corrupt_minor == 1,
2576 corrupt_patch == 1,
2577 corrupt_config == 1,
2578 corrupt_config == 1 };
2579
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2580 mbedtls_ssl_session_init( &session );
2581
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2582 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2583 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2584 serialized_session,
2585 sizeof( serialized_session ),
2586 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2587
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2588 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2589
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2590 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2591 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2592 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2593 serialized_session,
2594 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2595 mbedtls_ssl_session_free( &session );
2596
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2597 /* Go through the bytes in the serialized session header and
2598 * corrupt them bit-by-bit. */
2599 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2600 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2601 int cur_bit;
2602 unsigned char * const byte = &serialized_session[ cur_byte ];
2603
2604 if( should_corrupt_byte[ cur_byte ] == 0 )
2605 continue;
2606
2607 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
2608 {
2609 unsigned char const corrupted_bit = 0x1u << cur_bit;
2610 /* Modify a single bit in the serialized session. */
2611 *byte ^= corrupted_bit;
2612
2613 /* Attempt to deserialize */
2614 TEST_ASSERT( mbedtls_ssl_session_load( &session,
2615 serialized_session,
2616 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]2617 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2618
2619 /* Undo the change */
2620 *byte ^= corrupted_bit;
2621 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2622 }
2623
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2624}
2625/* END_CASE */