TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d796e19d3b3ebca2652ccb561f3130ef18f9afac / . / tests / suites / test_suite_ssl.function
blob: a936d83a34cd9abc191ec4f6b1293d95beb07284 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]4
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]5
6/*
7 * Buffer structure for custom I/O callbacks.
8 */
9
10typedef struct mbedtls_test_buffer
11{
12 size_t start;
13 size_t content_length;
14 size_t capacity;
15 unsigned char *buffer;
16} mbedtls_test_buffer;
17
18/*
19 * Initialises \p buf. After calling this function it is safe to call
20 * `mbedtls_test_buffer_free()` on \p buf.
21 */
22void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
23{
24 memset( buf, 0, sizeof( *buf ) );
25}
26
27/*
28 * Sets up \p buf. After calling this function it is safe to call
29 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
30 */
31int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
32{
33 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
34 sizeof(unsigned char) );
35 if( NULL == buf->buffer )
36 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
37 buf->capacity = capacity;
38
39 return 0;
40}
41
42void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
43{
44 if( buf->buffer != NULL )
45 mbedtls_free( buf->buffer );
46
47 memset( buf, 0, sizeof( *buf ) );
48}
49
50/*
51 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
52 *
53 * \p buf must have been initialized and set up by calling
54 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
55 *
56 * \retval \p input_len, if the data fits.
57 * \retval 0 <= value < \p input_len, if the data does not fit.
58 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
59 * zero and \p input is NULL.
60 */
61int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
62 const unsigned char* input, size_t input_len )
63{
64 size_t overflow = 0;
65
66 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
67 return -1;
68
69 /* Reduce input_len to a number that fits in the buffer. */
70 if ( ( buf->content_length + input_len ) > buf->capacity )
71 {
72 input_len = buf->capacity - buf->content_length;
73 }
74
75 if( input == NULL )
76 {
77 return ( input_len == 0 ) ? 0 : -1;
78 }
79
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]80 /* Check if the buffer has not come full circle and free space is not in
81 * the middle */
82 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]83 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]84
85 /* Calculate the number of bytes that need to be placed at lower memory
86 * address */
87 if( buf->start + buf->content_length + input_len
88 > buf->capacity )
89 {
90 overflow = ( buf->start + buf->content_length + input_len )
91 % buf->capacity;
92 }
93
94 memcpy( buf->buffer + buf->start + buf->content_length, input,
95 input_len - overflow );
96 memcpy( buf->buffer, input + input_len - overflow, overflow );
97
98 }
99 else
100 {
101 /* The buffer has come full circle and free space is in the middle */
102 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
103 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]104 }
105
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]106 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]107 return input_len;
108}
109
110/*
111 * Gets \p output_len bytes from the \p output buffer into the ring buffer
112 * \p buf.
113 *
114 * \p buf must have been initialized and set up by calling
115 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
116 *
117 * \retval \p output_len, if the data is available.
118 * \retval 0 <= value < \p output_len, if the data is not available.
119 * \retval -1, if \buf is NULL, it hasn't been set up or \p output_len is not
120 * zero and \p output is NULL
121 */
122int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
123 unsigned char* output, size_t output_len )
124{
125 size_t overflow = 0;
126
127 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
128 return -1;
129
130 if( output == NULL )
131 {
132 return ( output_len == 0 ) ? 0 : -1;
133 }
134
135 if( buf->content_length < output_len )
136 output_len = buf->content_length;
137
138 /* Calculate the number of bytes that need to be drawn from lower memory
139 * address */
140 if( buf->start + output_len > buf->capacity )
141 {
142 overflow = ( buf->start + output_len ) % buf->capacity;
143 }
144
145 memcpy( output, buf->buffer + buf->start, output_len - overflow );
146 memcpy( output + output_len - overflow, buf->buffer, overflow );
147 buf->content_length -= output_len;
148 buf->start = ( buf->start + output_len ) % buf->capacity;
149
150 return output_len;
151}
152
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]153/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]154 * Context for the I/O callbacks simulating network connection.
155 */
156
157#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
158
159typedef struct mbedtls_mock_socket
160{
161 int status;
162 mbedtls_test_buffer *input;
163 mbedtls_test_buffer *output;
164 struct mbedtls_mock_socket *peer;
165} mbedtls_mock_socket;
166
167/*
168 * Setup and teardown functions for mock sockets.
169 */
170void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
171{
172 memset( socket, 0, sizeof( *socket ) );
173}
174
175/*
176 * Closes the socket \p socket.
177 *
178 * \p socket must have been previously initialized by calling
179 * mbedtls_mock_socket_init().
180 *
181 * This function frees all allocated resources and both sockets are aware of the
182 * new connection state.
183 *
184 * That is, this function does not simulate half-open TCP connections and the
185 * phenomenon that when closing a UDP connection the peer is not aware of the
186 * connection having been closed.
187 */
188void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
189{
190 if( socket == NULL )
191 return;
192
193 if( socket->input != NULL )
194 {
195 mbedtls_test_buffer_free( socket->input );
196 mbedtls_free( socket->input );
197 }
198
199 if( socket->output != NULL )
200 {
201 mbedtls_test_buffer_free( socket->output );
202 mbedtls_free( socket->output );
203 }
204
205 if( socket->peer != NULL )
206 memset( socket->peer, 0, sizeof( *socket->peer ) );
207
208 memset( socket, 0, sizeof( *socket ) );
209}
210
211/*
212 * Establishes a connection between \p peer1 and \p peer2.
213 *
214 * \p peer1 and \p peer2 must have been previously initialized by calling
215 * mbedtls_mock_socket_init().
216 *
217 * The capacites of the internal buffers are set to \p bufsize. Setting this to
218 * the correct value allows for simulation of MTU, sanity testing the mock
219 * implementation and mocking TCP connections with lower memory cost.
220 */
221int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
222 mbedtls_mock_socket* peer2,
223 size_t bufsize )
224{
225 int ret = -1;
226
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame^]227 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]228 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
229 if( peer1->output == NULL )
230 {
231 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
232 goto exit;
233 }
234 mbedtls_test_buffer_init( peer1->output );
235 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
236 {
237 goto exit;
238 }
239
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame^]240 peer2->output =
241 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
242 if( peer2->output == NULL )
243 {
244 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
245 goto exit;
246 }
247 mbedtls_test_buffer_init( peer2->output );
248 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
249 {
250 goto exit;
251 }
252
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]253 peer1->peer = peer2;
254 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame^]255 peer1->input = peer2->output;
256 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]257
258 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
259 ret = 0;
260
261exit:
262
263 if( ret != 0 )
264 {
265 mbedtls_mock_socket_close( peer1 );
266 mbedtls_mock_socket_close( peer2 );
267 }
268
269 return ret;
270}
271
272/*
273 * Callbacks for simulating blocking I/O over connection-oriented transport.
274 */
275
276int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
277{
278 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
279
280 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
281 return -1;
282
283 return mbedtls_test_buffer_put( socket->output, buf, len );
284}
285
286int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
287{
288 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
289
290 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
291 return -1;
292
293 return mbedtls_test_buffer_get( socket->input, buf, len );
294}
295
296/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]297 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
298 */
299
300int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
301{
302 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
303
304 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
305 return -1;
306
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]307 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]308 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]309 return MBEDTLS_ERR_SSL_WANT_WRITE;
310 }
311
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]312 return mbedtls_test_buffer_put( socket->output, buf, len );
313}
314
315int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
316{
317 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
318
319 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
320 return -1;
321
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]322 if( socket->input->content_length == 0)
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]323 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]324 return MBEDTLS_ERR_SSL_WANT_READ;
325 }
326
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]327 return mbedtls_test_buffer_get( socket->input, buf, len );
328}
329
330/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]331 * Helper function setting up inverse record transformations
332 * using given cipher, hash, EtM mode, authentication tag length,
333 * and version.
334 */
335
336#define CHK( x ) \
337 do \
338 { \
339 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]340 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]341 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]342 goto cleanup; \
343 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]344 } while( 0 )
345
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]346#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
347#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
348#else
349#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
350#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]351
352static int build_transforms( mbedtls_ssl_transform *t_in,
353 mbedtls_ssl_transform *t_out,
354 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]355 int etm, int tag_mode, int ver,
356 size_t cid0_len,
357 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]358{
359 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]360 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]361
362 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]363 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]364 unsigned char iv_enc[16], iv_dec[16];
365
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]366#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]367 unsigned char cid0[ SSL_CID_LEN_MIN ];
368 unsigned char cid1[ SSL_CID_LEN_MIN ];
369
370 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
371 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]372#else
373 ((void) cid0_len);
374 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]375#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]376
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]377 maclen = 0;
378
379 /* Pick cipher */
380 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
381 CHK( cipher_info != NULL );
382 CHK( cipher_info->iv_size <= 16 );
383 CHK( cipher_info->key_bitlen % 8 == 0 );
384
385 /* Pick keys */
386 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]387 /* Allocate `keylen + 1` bytes to ensure that we get
388 * a non-NULL pointers from `mbedtls_calloc` even if
389 * `keylen == 0` in the case of the NULL cipher. */
390 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
391 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]392 memset( key0, 0x1, keylen );
393 memset( key1, 0x2, keylen );
394
395 /* Setup cipher contexts */
396 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
397 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
398 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
399 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
400
401#if defined(MBEDTLS_CIPHER_MODE_CBC)
402 if( cipher_info->mode == MBEDTLS_MODE_CBC )
403 {
404 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
405 MBEDTLS_PADDING_NONE ) == 0 );
406 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
407 MBEDTLS_PADDING_NONE ) == 0 );
408 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
409 MBEDTLS_PADDING_NONE ) == 0 );
410 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
411 MBEDTLS_PADDING_NONE ) == 0 );
412 }
413#endif /* MBEDTLS_CIPHER_MODE_CBC */
414
415 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
416 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
417 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
418 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
419 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
420 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
421 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
422 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]423
424 /* Setup MAC contexts */
425#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
426 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
427 cipher_info->mode == MBEDTLS_MODE_STREAM )
428 {
429 mbedtls_md_info_t const *md_info;
430 unsigned char *md0, *md1;
431
432 /* Pick hash */
433 md_info = mbedtls_md_info_from_type( hash_id );
434 CHK( md_info != NULL );
435
436 /* Pick hash keys */
437 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]438 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
439 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]440 memset( md0, 0x5, maclen );
441 memset( md1, 0x6, maclen );
442
443 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
444 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
445 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
446 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
447
448 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
449 {
450 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
451 md0, maclen ) == 0 );
452 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
453 md1, maclen ) == 0 );
454 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
455 md1, maclen ) == 0 );
456 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
457 md0, maclen ) == 0 );
458 }
459#if defined(MBEDTLS_SSL_PROTO_SSL3)
460 else
461 {
462 memcpy( &t_in->mac_enc, md0, maclen );
463 memcpy( &t_in->mac_dec, md1, maclen );
464 memcpy( &t_out->mac_enc, md1, maclen );
465 memcpy( &t_out->mac_dec, md0, maclen );
466 }
467#endif
468
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]469 mbedtls_free( md0 );
470 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]471 }
472#else
473 ((void) hash_id);
474#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
475
476
477 /* Pick IV's (regardless of whether they
478 * are being used by the transform). */
479 ivlen = cipher_info->iv_size;
480 memset( iv_enc, 0x3, sizeof( iv_enc ) );
481 memset( iv_dec, 0x4, sizeof( iv_dec ) );
482
483 /*
484 * Setup transforms
485 */
486
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]487#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
488 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]489 t_out->encrypt_then_mac = etm;
490 t_in->encrypt_then_mac = etm;
491#else
492 ((void) etm);
493#endif
494
495 t_out->minor_ver = ver;
496 t_in->minor_ver = ver;
497 t_out->ivlen = ivlen;
498 t_in->ivlen = ivlen;
499
500 switch( cipher_info->mode )
501 {
502 case MBEDTLS_MODE_GCM:
503 case MBEDTLS_MODE_CCM:
504 t_out->fixed_ivlen = 4;
505 t_in->fixed_ivlen = 4;
506 t_out->maclen = 0;
507 t_in->maclen = 0;
508 switch( tag_mode )
509 {
510 case 0: /* Full tag */
511 t_out->taglen = 16;
512 t_in->taglen = 16;
513 break;
514 case 1: /* Partial tag */
515 t_out->taglen = 8;
516 t_in->taglen = 8;
517 break;
518 default:
519 return( 1 );
520 }
521 break;
522
523 case MBEDTLS_MODE_CHACHAPOLY:
524 t_out->fixed_ivlen = 12;
525 t_in->fixed_ivlen = 12;
526 t_out->maclen = 0;
527 t_in->maclen = 0;
528 switch( tag_mode )
529 {
530 case 0: /* Full tag */
531 t_out->taglen = 16;
532 t_in->taglen = 16;
533 break;
534 case 1: /* Partial tag */
535 t_out->taglen = 8;
536 t_in->taglen = 8;
537 break;
538 default:
539 return( 1 );
540 }
541 break;
542
543 case MBEDTLS_MODE_STREAM:
544 case MBEDTLS_MODE_CBC:
545 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
546 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
547 t_out->taglen = 0;
548 t_in->taglen = 0;
549 switch( tag_mode )
550 {
551 case 0: /* Full tag */
552 t_out->maclen = maclen;
553 t_in->maclen = maclen;
554 break;
555 case 1: /* Partial tag */
556 t_out->maclen = 10;
557 t_in->maclen = 10;
558 break;
559 default:
560 return( 1 );
561 }
562 break;
563 default:
564 return( 1 );
565 break;
566 }
567
568 /* Setup IV's */
569
570 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
571 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
572 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
573 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
574
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]575#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]576 /* Add CID */
577 memcpy( &t_in->in_cid, cid0, cid0_len );
578 memcpy( &t_in->out_cid, cid1, cid1_len );
579 t_in->in_cid_len = cid0_len;
580 t_in->out_cid_len = cid1_len;
581 memcpy( &t_out->in_cid, cid1, cid1_len );
582 memcpy( &t_out->out_cid, cid0, cid0_len );
583 t_out->in_cid_len = cid1_len;
584 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]585#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]586
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]587cleanup:
588
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]589 mbedtls_free( key0 );
590 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]591
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]592 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]593}
594
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]595/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]596 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]597 * Choose dummy values, mostly non-0 to distinguish from the init default.
598 */
599static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]600 int ticket_len,
601 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]602{
603#if defined(MBEDTLS_HAVE_TIME)
604 session->start = mbedtls_time( NULL ) - 42;
605#endif
606 session->ciphersuite = 0xabcd;
607 session->compression = 1;
608 session->id_len = sizeof( session->id );
609 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]610 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]611
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]612#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]613 if( strlen( crt_file ) != 0 )
614 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]615 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]616 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]617
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]618 mbedtls_x509_crt_init( &tmp_crt );
619 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
620 if( ret != 0 )
621 return( ret );
622
623#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
624 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]625 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
626 if( session->peer_cert == NULL )
627 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]628 *session->peer_cert = tmp_crt;
629 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
630#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
631 /* Calculate digest of temporary CRT. */
632 session->peer_cert_digest =
633 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
634 if( session->peer_cert_digest == NULL )
635 return( -1 );
636 ret = mbedtls_md( mbedtls_md_info_from_type(
637 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
638 tmp_crt.raw.p, tmp_crt.raw.len,
639 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]640 if( ret != 0 )
641 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]642 session->peer_cert_digest_type =
643 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
644 session->peer_cert_digest_len =
645 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
646#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
647
648 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]649 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]650#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]651 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]652#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]653 session->verify_result = 0xdeadbeef;
654
655#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
656 if( ticket_len != 0 )
657 {
658 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]659 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]660 return( -1 );
661 memset( session->ticket, 33, ticket_len );
662 }
663 session->ticket_len = ticket_len;
664 session->ticket_lifetime = 86401;
665#else
666 (void) ticket_len;
667#endif
668
669#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
670 session->mfl_code = 1;
671#endif
672#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
673 session->trunc_hmac = 1;
674#endif
675#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
676 session->encrypt_then_mac = 1;
677#endif
678
679 return( 0 );
680}
681
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]682/* END_HEADER */
683
684/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]685 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]686 * END_DEPENDENCIES
687 */
688
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]689/* BEGIN_CASE */
690void test_callback_buffer_sanity()
691{
692 enum { MSGLEN = 10 };
693 mbedtls_test_buffer buf;
694 unsigned char input[MSGLEN];
695 unsigned char output[MSGLEN];
696
697 memset( input, 0, sizeof(input) );
698
699 /* Make sure calling put and get on NULL buffer results in error. */
700 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
701 == -1 );
702 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
703 == -1 );
704 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
705 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, sizeof( output ) )
706 == -1 );
707 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
708 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
709
710 /* Make sure calling put and get on a buffer that hasn't been set up results
711 * in eror. */
712 mbedtls_test_buffer_init( &buf );
713
714 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
715 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
716 == -1 );
717 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
718 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
719 == -1 );
720 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
721 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
722
723 /* Make sure calling put end get on NULL input and output only results in
724 * error if the length is not zero. */
725
726 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
727
728 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
729 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
730 == -1 );
731 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
732 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
733
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]734 /* Make sure calling put several times in the row is safe */
735
736 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
737 == sizeof( input ) );
738 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
739 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
740 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
741 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
742
743
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]744exit:
745
746 mbedtls_test_buffer_free( &buf );
747}
748/* END_CASE */
749
750/*
751 * Test if the implementation of `mbedtls_test_buffer` related functions is
752 * correct and works as expected.
753 *
754 * That is
755 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
756 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
757 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
758 * bytes.
759 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
760 * - All of the bytes we got match the bytes we put in in a FIFO manner.
761 */
762
763/* BEGIN_CASE */
764void test_callback_buffer( int size, int put1, int put1_ret,
765 int get1, int get1_ret, int put2, int put2_ret,
766 int get2, int get2_ret )
767{
768 enum { ROUNDS = 2 };
769 size_t put[ROUNDS];
770 int put_ret[ROUNDS];
771 size_t get[ROUNDS];
772 int get_ret[ROUNDS];
773 mbedtls_test_buffer buf;
774 unsigned char* input = NULL;
775 size_t input_len;
776 unsigned char* output = NULL;
777 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]778 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]779
780 mbedtls_test_buffer_init( &buf );
781 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
782
783 /* Check the sanity of input parameters and initialise local variables. That
784 * is, ensure that the amount of data is not negative and that we are not
785 * expecting more to put or get than we actually asked for. */
786 TEST_ASSERT( put1 >= 0 );
787 put[0] = put1;
788 put_ret[0] = put1_ret;
789 TEST_ASSERT( put1_ret <= put1 );
790 TEST_ASSERT( put2 >= 0 );
791 put[1] = put2;
792 put_ret[1] = put2_ret;
793 TEST_ASSERT( put2_ret <= put2 );
794
795 TEST_ASSERT( get1 >= 0 );
796 get[0] = get1;
797 get_ret[0] = get1_ret;
798 TEST_ASSERT( get1_ret <= get1 );
799 TEST_ASSERT( get2 >= 0 );
800 get[1] = get2;
801 get_ret[1] = get2_ret;
802 TEST_ASSERT( get2_ret <= get2 );
803
804 input_len = 0;
805 /* Calculate actual input and output lengths */
806 for( j = 0; j < ROUNDS; j++ )
807 {
808 if( put_ret[j] > 0 )
809 {
810 input_len += put_ret[j];
811 }
812 }
813 /* In order to always have a valid pointer we always allocate at least 1
814 * byte. */
815 if( input_len == 0 )
816 input_len = 1;
817 ASSERT_ALLOC( input, input_len );
818
819 output_len = 0;
820 for( j = 0; j < ROUNDS; j++ )
821 {
822 if( get_ret[j] > 0 )
823 {
824 output_len += get_ret[j];
825 }
826 }
827 TEST_ASSERT( output_len <= input_len );
828 /* In order to always have a valid pointer we always allocate at least 1
829 * byte. */
830 if( output_len == 0 )
831 output_len = 1;
832 ASSERT_ALLOC( output, output_len );
833
834 /* Fill up the buffer with structured data so that unwanted changes
835 * can be detected */
836 for( i = 0; i < input_len; i++ )
837 {
838 input[i] = i & 0xFF;
839 }
840
841 written = read = 0;
842 for( j = 0; j < ROUNDS; j++ )
843 {
844 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
845 input + written, put[j] ) );
846 written += put_ret[j];
847 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
848 output + read, get[j] ) );
849 read += get_ret[j];
850 TEST_ASSERT( read <= written );
851 if( get_ret[j] > 0 )
852 {
853 TEST_ASSERT( memcmp( output + read - get_ret[j],
854 input + read - get_ret[j], get_ret[j] )
855 == 0 );
856 }
857 }
858
859exit:
860
861 mbedtls_free( input );
862 mbedtls_free( output );
863 mbedtls_test_buffer_free( &buf );
864}
865/* END_CASE */
866
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]867/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]868 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
869 * correct and works as expected on unconnected sockets.
870 */
871
872/* BEGIN_CASE */
873void ssl_mock_sanity( )
874{
875 enum { MSGLEN = 105 };
876 unsigned char message[MSGLEN];
877 unsigned char received[MSGLEN];
878 mbedtls_mock_socket socket;
879
880 mbedtls_mock_socket_init( &socket );
881 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
882 mbedtls_mock_socket_close( &socket );
883 mbedtls_mock_socket_init( &socket );
884 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
885 mbedtls_mock_socket_close( &socket );
886
887 mbedtls_mock_socket_init( &socket );
888 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
889 mbedtls_mock_socket_close( &socket );
890 mbedtls_mock_socket_init( &socket );
891 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
892 mbedtls_mock_socket_close( &socket );
893
894exit:
895
896 mbedtls_mock_socket_close( &socket );
897}
898/* END_CASE */
899
900/*
901 * Test if the implementation of `mbedtls_mock_socket` related functions can
902 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]903 */
904
905/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]906void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]907{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]908 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]909 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]910 unsigned char message[MSGLEN];
911 unsigned char received[MSGLEN];
912 mbedtls_mock_socket client;
913 mbedtls_mock_socket server;
914 size_t written, read;
915 int send_ret, recv_ret;
916 mbedtls_ssl_send_t *send;
917 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]918 unsigned i;
919
920 if( blocking == 0 )
921 {
922 send = mbedtls_mock_tcp_send_nb;
923 recv = mbedtls_mock_tcp_recv_nb;
924 }
925 else
926 {
927 send = mbedtls_mock_tcp_send_b;
928 recv = mbedtls_mock_tcp_recv_b;
929 }
930
931 mbedtls_mock_socket_init( &client );
932 mbedtls_mock_socket_init( &server );
933
934 /* Fill up the buffer with structured data so that unwanted changes
935 * can be detected */
936 for( i = 0; i < MSGLEN; i++ )
937 {
938 message[i] = i & 0xFF;
939 }
940
941 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]942 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]943
944 /* Send the message to the server */
945 send_ret = recv_ret = 1;
946 written = read = 0;
947 while( send_ret != 0 || recv_ret != 0 )
948 {
949 send_ret = send( &client, message + written, MSGLEN - written );
950
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]951 TEST_ASSERT( send_ret >= 0 );
952 TEST_ASSERT( send_ret <= BUFLEN );
953 written += send_ret;
954
955 /* If the buffer is full we can test blocking and non-blocking send */
956 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]957 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]958 int blocking_ret = send( &client, message , 1 );
959 if ( blocking )
960 {
961 TEST_ASSERT( blocking_ret == 0 );
962 }
963 else
964 {
965 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
966 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]967 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]968
969 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]970
971 /* The result depends on whether any data was sent */
972 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]973 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]974 TEST_ASSERT( recv_ret > 0 );
975 TEST_ASSERT( recv_ret <= BUFLEN );
976 read += recv_ret;
977 }
978 else if( blocking )
979 {
980 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]981 }
982 else
983 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]984 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
985 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]986 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]987
988 /* If the buffer is empty we can test blocking and non-blocking read */
989 if ( recv_ret == BUFLEN )
990 {
991 int blocking_ret = recv( &server, received, 1 );
992 if ( blocking )
993 {
994 TEST_ASSERT( blocking_ret == 0 );
995 }
996 else
997 {
998 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
999 }
1000 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1001 }
1002 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1003
1004exit:
1005
1006 mbedtls_mock_socket_close( &client );
1007 mbedtls_mock_socket_close( &server );
1008}
1009/* END_CASE */
1010
1011/*
1012 * Test if the implementation of `mbedtls_mock_socket` related functions can
1013 * send messages in both direction at the same time (with the I/O calls
1014 * interleaving).
1015 */
1016
1017/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1018void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1019{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1020 enum { ROUNDS = 2 };
1021 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1022 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1023 unsigned char message[ROUNDS][MSGLEN];
1024 unsigned char received[ROUNDS][MSGLEN];
1025 mbedtls_mock_socket client;
1026 mbedtls_mock_socket server;
1027 size_t written[ROUNDS];
1028 size_t read[ROUNDS];
1029 int send_ret[ROUNDS];
1030 int recv_ret[ROUNDS];
1031 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1032 mbedtls_ssl_send_t *send;
1033 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1034
1035 if( blocking == 0 )
1036 {
1037 send = mbedtls_mock_tcp_send_nb;
1038 recv = mbedtls_mock_tcp_recv_nb;
1039 }
1040 else
1041 {
1042 send = mbedtls_mock_tcp_send_b;
1043 recv = mbedtls_mock_tcp_recv_b;
1044 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1045
1046 mbedtls_mock_socket_init( &client );
1047 mbedtls_mock_socket_init( &server );
1048
1049 /* Fill up the buffers with structured data so that unwanted changes
1050 * can be detected */
1051 for( i = 0; i < ROUNDS; i++ )
1052 {
1053 for( j = 0; j < MSGLEN; j++ )
1054 {
1055 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1056 }
1057 }
1058
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1059 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1060 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1061
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1062 /* Send the message from both sides, interleaving. */
1063 progress = 1;
1064 for( i = 0; i < ROUNDS; i++ )
1065 {
1066 written[i] = 0;
1067 read[i] = 0;
1068 }
1069 /* This loop does not stop as long as there was a successful write or read
1070 * of at least one byte on either side. */
1071 while( progress != 0 )
1072 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1073 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1074
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1075 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1076 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1077 /* First sending is from the client */
1078 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1079
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1080 send_ret[i] = send( socket, message[i] + written[i],
1081 MSGLEN - written[i] );
1082 TEST_ASSERT( send_ret[i] >= 0 );
1083 TEST_ASSERT( send_ret[i] <= BUFLEN );
1084 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1085
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1086 /* If the buffer is full we can test blocking and non-blocking
1087 * send */
1088 if ( send_ret[i] == BUFLEN )
1089 {
1090 int blocking_ret = send( socket, message[i] , 1 );
1091 if ( blocking )
1092 {
1093 TEST_ASSERT( blocking_ret == 0 );
1094 }
1095 else
1096 {
1097 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1098 }
1099 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1100 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1101
1102 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1103 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1104 /* First receiving is from the server */
1105 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
1106
1107 recv_ret[i] = recv( socket, received[i] + read[i],
1108 MSGLEN - read[i] );
1109
1110 /* The result depends on whether any data was sent */
1111 if ( send_ret[i] > 0 )
1112 {
1113 TEST_ASSERT( recv_ret[i] > 0 );
1114 TEST_ASSERT( recv_ret[i] <= BUFLEN );
1115 read[i] += recv_ret[i];
1116 }
1117 else if( blocking )
1118 {
1119 TEST_ASSERT( recv_ret[i] == 0 );
1120 }
1121 else
1122 {
1123 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
1124 recv_ret[i] = 0;
1125 }
1126
1127 /* If the buffer is empty we can test blocking and non-blocking
1128 * read */
1129 if ( recv_ret[i] == BUFLEN )
1130 {
1131 int blocking_ret = recv( socket, received[i], 1 );
1132 if ( blocking )
1133 {
1134 TEST_ASSERT( blocking_ret == 0 );
1135 }
1136 else
1137 {
1138 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1139 }
1140 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1141 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1142
1143 progress = 0;
1144 for( i = 0; i < ROUNDS; i++ )
1145 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1146 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1147 }
1148 }
1149
1150 for( i = 0; i < ROUNDS; i++ )
1151 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1152
1153exit:
1154
1155 mbedtls_mock_socket_close( &client );
1156 mbedtls_mock_socket_close( &server );
1157}
1158/* END_CASE */
1159
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1160/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1161void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1162{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1163 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1164 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1165 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1166
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]1167 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1168 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]1169
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]1170 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
1171 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]1172 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
1173 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1174 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1175
1176 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1177 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1178 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1179 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1180 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1181 }
1182
1183 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1184 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1185 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1186
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1187 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1188 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1189}
1190/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1191
1192/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
1193void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
1194{
1195 mbedtls_ssl_context ssl;
1196 mbedtls_ssl_init( &ssl );
1197
1198 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
1199 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
1200
1201 mbedtls_ssl_free( &ssl );
1202}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]1203/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1204
1205/* BEGIN_CASE */
1206void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1207 int etm, int tag_mode, int ver,
1208 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1209{
1210 /*
1211 * Test several record encryptions and decryptions
1212 * with plenty of space before and after the data
1213 * within the record buffer.
1214 */
1215
1216 int ret;
1217 int num_records = 16;
1218 mbedtls_ssl_context ssl; /* ONLY for debugging */
1219
1220 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1221 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1222 size_t const buflen = 512;
1223 mbedtls_record rec, rec_backup;
1224
1225 mbedtls_ssl_init( &ssl );
1226 mbedtls_ssl_transform_init( &t0 );
1227 mbedtls_ssl_transform_init( &t1 );
1228 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1229 etm, tag_mode, ver,
1230 (size_t) cid0_len,
1231 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1232
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1233 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1234
1235 while( num_records-- > 0 )
1236 {
1237 mbedtls_ssl_transform *t_dec, *t_enc;
1238 /* Take turns in who's sending and who's receiving. */
1239 if( num_records % 3 == 0 )
1240 {
1241 t_dec = &t0;
1242 t_enc = &t1;
1243 }
1244 else
1245 {
1246 t_dec = &t1;
1247 t_enc = &t0;
1248 }
1249
1250 /*
1251 * The record header affects the transformation in two ways:
1252 * 1) It determines the AEAD additional data
1253 * 2) The record counter sometimes determines the IV.
1254 *
1255 * Apart from that, the fields don't have influence.
1256 * In particular, it is currently not the responsibility
1257 * of ssl_encrypt/decrypt_buf to check if the transform
1258 * version matches the record version, or that the
1259 * type is sensible.
1260 */
1261
1262 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
1263 rec.type = 42;
1264 rec.ver[0] = num_records;
1265 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1266#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1267 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1268#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1269
1270 rec.buf = buf;
1271 rec.buf_len = buflen;
1272 rec.data_offset = 16;
1273 /* Make sure to vary the length to exercise different
1274 * paddings. */
1275 rec.data_len = 1 + num_records;
1276
1277 memset( rec.buf + rec.data_offset, 42, rec.data_len );
1278
1279 /* Make a copy for later comparison */
1280 rec_backup = rec;
1281
1282 /* Encrypt record */
1283 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
1284 rnd_std_rand, NULL );
1285 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1286 if( ret != 0 )
1287 {
1288 continue;
1289 }
1290
1291 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1292 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
1293 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1294
1295 /* Compare results */
1296 TEST_ASSERT( rec.type == rec_backup.type );
1297 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
1298 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
1299 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
1300 TEST_ASSERT( rec.data_len == rec_backup.data_len );
1301 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
1302 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
1303 rec_backup.buf + rec_backup.data_offset,
1304 rec.data_len ) == 0 );
1305 }
1306
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1307exit:
1308
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1309 /* Cleanup */
1310 mbedtls_ssl_free( &ssl );
1311 mbedtls_ssl_transform_free( &t0 );
1312 mbedtls_ssl_transform_free( &t1 );
1313
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1314 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1315}
1316/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1317
1318/* BEGIN_CASE */
1319void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1320 int etm, int tag_mode, int ver,
1321 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1322{
1323 /*
1324 * Test pairs of encryption and decryption with an increasing
1325 * amount of space in the record buffer - in more detail:
1326 * 1) Try to encrypt with 0, 1, 2, ... bytes available
1327 * in front of the plaintext, and expect the encryption
1328 * to succeed starting from some offset. Always keep
1329 * enough space in the end of the buffer.
1330 * 2) Try to encrypt with 0, 1, 2, ... bytes available
1331 * at the end of the plaintext, and expect the encryption
1332 * to succeed starting from some offset. Always keep
1333 * enough space at the beginning of the buffer.
1334 * 3) Try to encrypt with 0, 1, 2, ... bytes available
1335 * both at the front and end of the plaintext,
1336 * and expect the encryption to succeed starting from
1337 * some offset.
1338 *
1339 * If encryption succeeds, check that decryption succeeds
1340 * and yields the original record.
1341 */
1342
1343 mbedtls_ssl_context ssl; /* ONLY for debugging */
1344
1345 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1346 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1347 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1348 mbedtls_record rec, rec_backup;
1349
1350 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1351 int mode; /* Mode 1, 2 or 3 as explained above */
1352 size_t offset; /* Available space at beginning/end/both */
1353 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1354
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1355 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
1356 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1357
1358 int seen_success; /* Indicates if in the current mode we've
1359 * already seen a successful test. */
1360
1361 mbedtls_ssl_init( &ssl );
1362 mbedtls_ssl_transform_init( &t0 );
1363 mbedtls_ssl_transform_init( &t1 );
1364 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1365 etm, tag_mode, ver,
1366 (size_t) cid0_len,
1367 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1368
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1369 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1370
1371 for( mode=1; mode <= 3; mode++ )
1372 {
1373 seen_success = 0;
1374 for( offset=0; offset <= threshold; offset++ )
1375 {
1376 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]1377 t_dec = &t0;
1378 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1379
1380 memset( rec.ctr, offset, sizeof( rec.ctr ) );
1381 rec.type = 42;
1382 rec.ver[0] = offset;
1383 rec.ver[1] = offset;
1384 rec.buf = buf;
1385 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1386#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1387 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1388#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1389
1390 switch( mode )
1391 {
1392 case 1: /* Space in the beginning */
1393 rec.data_offset = offset;
1394 rec.data_len = buflen - offset - default_post_padding;
1395 break;
1396
1397 case 2: /* Space in the end */
1398 rec.data_offset = default_pre_padding;
1399 rec.data_len = buflen - default_pre_padding - offset;
1400 break;
1401
1402 case 3: /* Space in the beginning and end */
1403 rec.data_offset = offset;
1404 rec.data_len = buflen - 2 * offset;
1405 break;
1406
1407 default:
1408 TEST_ASSERT( 0 );
1409 break;
1410 }
1411
1412 memset( rec.buf + rec.data_offset, 42, rec.data_len );
1413
1414 /* Make a copy for later comparison */
1415 rec_backup = rec;
1416
1417 /* Encrypt record */
1418 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
1419
1420 if( ( mode == 1 || mode == 2 ) && seen_success )
1421 {
1422 TEST_ASSERT( ret == 0 );
1423 }
1424 else
1425 {
1426 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1427 if( ret == 0 )
1428 seen_success = 1;
1429 }
1430
1431 if( ret != 0 )
1432 continue;
1433
1434 /* Decrypt record with t_dec */
1435 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
1436
1437 /* Compare results */
1438 TEST_ASSERT( rec.type == rec_backup.type );
1439 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
1440 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
1441 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
1442 TEST_ASSERT( rec.data_len == rec_backup.data_len );
1443 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
1444 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
1445 rec_backup.buf + rec_backup.data_offset,
1446 rec.data_len ) == 0 );
1447 }
1448
1449 TEST_ASSERT( seen_success == 1 );
1450 }
1451
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1452exit:
1453
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1454 /* Cleanup */
1455 mbedtls_ssl_free( &ssl );
1456 mbedtls_ssl_transform_free( &t0 );
1457 mbedtls_ssl_transform_free( &t1 );
1458
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1459 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1460}
1461/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1462
1463/* BEGIN_CASE */
1464void ssl_tls_prf( int type, data_t * secret, data_t * random,
1465 char *label, data_t *result_hex_str, int exp_ret )
1466{
1467 unsigned char *output;
1468
1469 output = mbedtls_calloc( 1, result_hex_str->len );
1470 if( output == NULL )
1471 goto exit;
1472
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]1473#if defined(MBEDTLS_USE_PSA_CRYPTO)
1474 TEST_ASSERT( psa_crypto_init() == 0 );
1475#endif
1476
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1477 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
1478 label, random->x, random->len,
1479 output, result_hex_str->len ) == exp_ret );
1480
1481 if( exp_ret == 0 )
1482 {
1483 TEST_ASSERT( hexcmp( output, result_hex_str->x,
1484 result_hex_str->len, result_hex_str->len ) == 0 );
1485 }
1486exit:
1487
1488 mbedtls_free( output );
1489}
1490/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1491
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1492/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1493void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1494{
1495 mbedtls_ssl_session original, restored;
1496 unsigned char *buf = NULL;
1497 size_t len;
1498
1499 /*
1500 * Test that a save-load pair is the identity
1501 */
1502
1503 mbedtls_ssl_session_init( &original );
1504 mbedtls_ssl_session_init( &restored );
1505
1506 /* Prepare a dummy session to work on */
1507 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
1508
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1509 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1510 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
1511 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1512 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
1513 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
1514 == 0 );
1515
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1516 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1517 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
1518
1519 /*
1520 * Make sure both session structures are identical
1521 */
1522#if defined(MBEDTLS_HAVE_TIME)
1523 TEST_ASSERT( original.start == restored.start );
1524#endif
1525 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
1526 TEST_ASSERT( original.compression == restored.compression );
1527 TEST_ASSERT( original.id_len == restored.id_len );
1528 TEST_ASSERT( memcmp( original.id,
1529 restored.id, sizeof( original.id ) ) == 0 );
1530 TEST_ASSERT( memcmp( original.master,
1531 restored.master, sizeof( original.master ) ) == 0 );
1532
1533#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1534#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1535 TEST_ASSERT( ( original.peer_cert == NULL ) ==
1536 ( restored.peer_cert == NULL ) );
1537 if( original.peer_cert != NULL )
1538 {
1539 TEST_ASSERT( original.peer_cert->raw.len ==
1540 restored.peer_cert->raw.len );
1541 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
1542 restored.peer_cert->raw.p,
1543 original.peer_cert->raw.len ) == 0 );
1544 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1545#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1546 TEST_ASSERT( original.peer_cert_digest_type ==
1547 restored.peer_cert_digest_type );
1548 TEST_ASSERT( original.peer_cert_digest_len ==
1549 restored.peer_cert_digest_len );
1550 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
1551 ( restored.peer_cert_digest == NULL ) );
1552 if( original.peer_cert_digest != NULL )
1553 {
1554 TEST_ASSERT( memcmp( original.peer_cert_digest,
1555 restored.peer_cert_digest,
1556 original.peer_cert_digest_len ) == 0 );
1557 }
1558#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1559#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1560 TEST_ASSERT( original.verify_result == restored.verify_result );
1561
1562#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1563 TEST_ASSERT( original.ticket_len == restored.ticket_len );
1564 if( original.ticket_len != 0 )
1565 {
1566 TEST_ASSERT( original.ticket != NULL );
1567 TEST_ASSERT( restored.ticket != NULL );
1568 TEST_ASSERT( memcmp( original.ticket,
1569 restored.ticket, original.ticket_len ) == 0 );
1570 }
1571 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
1572#endif
1573
1574#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1575 TEST_ASSERT( original.mfl_code == restored.mfl_code );
1576#endif
1577
1578#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1579 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
1580#endif
1581
1582#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1583 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
1584#endif
1585
1586exit:
1587 mbedtls_ssl_session_free( &original );
1588 mbedtls_ssl_session_free( &restored );
1589 mbedtls_free( buf );
1590}
1591/* END_CASE */
1592
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]1593/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1594void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1595{
1596 mbedtls_ssl_session session;
1597 unsigned char *buf1 = NULL, *buf2 = NULL;
1598 size_t len0, len1, len2;
1599
1600 /*
1601 * Test that a load-save pair is the identity
1602 */
1603
1604 mbedtls_ssl_session_init( &session );
1605
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1606 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1607 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1608
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1609 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1610 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
1611 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1612
1613 /* Allocate first buffer */
1614 buf1 = mbedtls_calloc( 1, len0 );
1615 TEST_ASSERT( buf1 != NULL );
1616
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1617 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1618 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
1619 == 0 );
1620 TEST_ASSERT( len0 == len1 );
1621 mbedtls_ssl_session_free( &session );
1622
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1623 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1624 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1625
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1626 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1627 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]1628 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1629 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
1630 == 0 );
1631
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1632 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1633 TEST_ASSERT( len1 == len2 );
1634 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
1635
1636exit:
1637 mbedtls_ssl_session_free( &session );
1638 mbedtls_free( buf1 );
1639 mbedtls_free( buf2 );
1640}
1641/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1642
1643/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1644void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1645{
1646 mbedtls_ssl_session session;
1647 unsigned char *buf = NULL;
1648 size_t good_len, bad_len, test_len;
1649
1650 /*
1651 * Test that session_save() fails cleanly on small buffers
1652 */
1653
1654 mbedtls_ssl_session_init( &session );
1655
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1656 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1657 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1658 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1659 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1660
1661 /* Try all possible bad lengths */
1662 for( bad_len = 1; bad_len < good_len; bad_len++ )
1663 {
1664 /* Allocate exact size so that asan/valgrind can detect any overwrite */
1665 mbedtls_free( buf );
1666 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
1667 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
1668 &test_len )
1669 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1670 TEST_ASSERT( test_len == good_len );
1671 }
1672
1673exit:
1674 mbedtls_ssl_session_free( &session );
1675 mbedtls_free( buf );
1676}
1677/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1678
1679/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1680void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1681{
1682 mbedtls_ssl_session session;
1683 unsigned char *good_buf = NULL, *bad_buf = NULL;
1684 size_t good_len, bad_len;
1685
1686 /*
1687 * Test that session_load() fails cleanly on small buffers
1688 */
1689
1690 mbedtls_ssl_session_init( &session );
1691
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1692 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1693 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1694 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
1695 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1696 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
1697 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
1698 &good_len ) == 0 );
1699 mbedtls_ssl_session_free( &session );
1700
1701 /* Try all possible bad lengths */
1702 for( bad_len = 0; bad_len < good_len; bad_len++ )
1703 {
1704 /* Allocate exact size so that asan/valgrind can detect any overread */
1705 mbedtls_free( bad_buf );
1706 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
1707 TEST_ASSERT( bad_buf != NULL );
1708 memcpy( bad_buf, good_buf, bad_len );
1709
1710 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
1711 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1712 }
1713
1714exit:
1715 mbedtls_ssl_session_free( &session );
1716 mbedtls_free( good_buf );
1717 mbedtls_free( bad_buf );
1718}
1719/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1720
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1721/* BEGIN_CASE */
1722void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1723 int corrupt_minor,
1724 int corrupt_patch,
1725 int corrupt_config )
1726{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1727 unsigned char serialized_session[ 2048 ];
1728 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1729 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1730 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1731 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
1732 corrupt_minor == 1,
1733 corrupt_patch == 1,
1734 corrupt_config == 1,
1735 corrupt_config == 1 };
1736
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1737 mbedtls_ssl_session_init( &session );
1738
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1739 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1740 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1741 serialized_session,
1742 sizeof( serialized_session ),
1743 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1744
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1745 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1746
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1747 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1748 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1749 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1750 serialized_session,
1751 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1752 mbedtls_ssl_session_free( &session );
1753
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1754 /* Go through the bytes in the serialized session header and
1755 * corrupt them bit-by-bit. */
1756 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1757 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1758 int cur_bit;
1759 unsigned char * const byte = &serialized_session[ cur_byte ];
1760
1761 if( should_corrupt_byte[ cur_byte ] == 0 )
1762 continue;
1763
1764 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
1765 {
1766 unsigned char const corrupted_bit = 0x1u << cur_bit;
1767 /* Modify a single bit in the serialized session. */
1768 *byte ^= corrupted_bit;
1769
1770 /* Attempt to deserialize */
1771 TEST_ASSERT( mbedtls_ssl_session_load( &session,
1772 serialized_session,
1773 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]1774 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1775
1776 /* Undo the change */
1777 *byte ^= corrupted_bit;
1778 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1779 }
1780
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1781}
1782/* END_CASE */