TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 738124274884c360a8eff625fc9486988651894c / . / tests / suites / test_suite_ssl.function
blob: 388af4cf1735f915c4ac07b85672e8b9104ae522 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Chris Jones84a773f2021-03-05 18:38:47 +0000[diff] [blame]3#include <ssl_misc.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]6#include <mbedtls/timing.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]7#include <mbedtls/debug.h>
Hanno Becker73c825a2020-09-08 10:52:58 +0100[diff] [blame]8#include <ssl_tls13_keys.h>
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]9#include <ssl_tls13_invasive.h>
Mateusz Starzyk1aec6462021-02-08 15:34:42 +0100[diff] [blame]10#include "test/certs.h"
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]11
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]12#include <psa/crypto.h>
13
Gabor Mezei22c9a6f2021-10-20 12:09:35 +0200[diff] [blame]14#include <constant_time_internal.h>
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]15
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]16#include <test/constant_flow.h>
17
Hanno Becker1413bd82020-09-09 12:46:09 +0100[diff] [blame]18enum
19{
20#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
Xiaofei Baid25fab62021-12-02 06:36:27 +0000[diff] [blame]21 tls13_label_ ## name,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]22MBEDTLS_SSL_TLS1_3_LABEL_LIST
23#undef MBEDTLS_SSL_TLS1_3_LABEL
Hanno Becker1413bd82020-09-09 12:46:09 +0100[diff] [blame]24};
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]25
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]26typedef struct log_pattern
27{
28 const char *pattern;
29 size_t counter;
30} log_pattern;
31
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]32/*
33 * This function can be passed to mbedtls to receive output logs from it. In
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]34 * this case, it will count the instances of a log_pattern in the received
35 * logged messages.
36 */
37void log_analyzer( void *ctx, int level,
38 const char *file, int line,
39 const char *str )
40{
41 log_pattern *p = (log_pattern *) ctx;
42
43 (void) level;
44 (void) line;
45 (void) file;
46
47 if( NULL != p &&
48 NULL != p->pattern &&
49 NULL != strstr( str, p->pattern ) )
50 {
51 p->counter++;
52 }
53}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]54
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]55/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
56#define TEST_SSL_MINOR_VERSION_NONE -1
57
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]58typedef struct handshake_test_options
59{
60 const char *cipher;
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]61 int client_min_version;
62 int client_max_version;
63 int server_min_version;
64 int server_max_version;
65 int expected_negotiated_version;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]66 int pk_alg;
67 data_t *psk_str;
68 int dtls;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]69 int srv_auth_mode;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]70 int serialize;
71 int mfl;
72 int cli_msg_len;
73 int srv_msg_len;
74 int expected_cli_fragments;
75 int expected_srv_fragments;
76 int renegotiate;
77 int legacy_renegotiation;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]78 void *srv_log_obj;
79 void *cli_log_obj;
80 void (*srv_log_fun)(void *, int, const char *, int, const char *);
81 void (*cli_log_fun)(void *, int, const char *, int, const char *);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]82 int resize_buffers;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]83} handshake_test_options;
84
85void init_handshake_options( handshake_test_options *opts )
86{
87 opts->cipher = "";
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]88 opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
89 opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
90 opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
91 opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
92 opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]93 opts->pk_alg = MBEDTLS_PK_RSA;
94 opts->psk_str = NULL;
95 opts->dtls = 0;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]96 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]97 opts->serialize = 0;
98 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
99 opts->cli_msg_len = 100;
100 opts->srv_msg_len = 100;
101 opts->expected_cli_fragments = 1;
102 opts->expected_srv_fragments = 1;
103 opts->renegotiate = 0;
104 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]105 opts->srv_log_obj = NULL;
106 opts->srv_log_obj = NULL;
107 opts->srv_log_fun = NULL;
108 opts->cli_log_fun = NULL;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]109 opts->resize_buffers = 1;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]110}
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]111/*
112 * Buffer structure for custom I/O callbacks.
113 */
114
115typedef struct mbedtls_test_buffer
116{
117 size_t start;
118 size_t content_length;
119 size_t capacity;
120 unsigned char *buffer;
121} mbedtls_test_buffer;
122
123/*
124 * Initialises \p buf. After calling this function it is safe to call
125 * `mbedtls_test_buffer_free()` on \p buf.
126 */
127void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
128{
129 memset( buf, 0, sizeof( *buf ) );
130}
131
132/*
133 * Sets up \p buf. After calling this function it is safe to call
134 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
135 */
136int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
137{
138 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
139 sizeof(unsigned char) );
140 if( NULL == buf->buffer )
141 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
142 buf->capacity = capacity;
143
144 return 0;
145}
146
147void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
148{
149 if( buf->buffer != NULL )
150 mbedtls_free( buf->buffer );
151
152 memset( buf, 0, sizeof( *buf ) );
153}
154
155/*
156 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
157 *
158 * \p buf must have been initialized and set up by calling
159 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
160 *
161 * \retval \p input_len, if the data fits.
162 * \retval 0 <= value < \p input_len, if the data does not fit.
163 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
164 * zero and \p input is NULL.
165 */
166int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]167 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]168{
169 size_t overflow = 0;
170
171 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
172 return -1;
173
174 /* Reduce input_len to a number that fits in the buffer. */
175 if ( ( buf->content_length + input_len ) > buf->capacity )
176 {
177 input_len = buf->capacity - buf->content_length;
178 }
179
180 if( input == NULL )
181 {
182 return ( input_len == 0 ) ? 0 : -1;
183 }
184
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]185 /* Check if the buffer has not come full circle and free space is not in
186 * the middle */
187 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]188 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]189
190 /* Calculate the number of bytes that need to be placed at lower memory
191 * address */
192 if( buf->start + buf->content_length + input_len
193 > buf->capacity )
194 {
195 overflow = ( buf->start + buf->content_length + input_len )
196 % buf->capacity;
197 }
198
199 memcpy( buf->buffer + buf->start + buf->content_length, input,
200 input_len - overflow );
201 memcpy( buf->buffer, input + input_len - overflow, overflow );
202
203 }
204 else
205 {
206 /* The buffer has come full circle and free space is in the middle */
207 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
208 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]209 }
210
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]211 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]212 return input_len;
213}
214
215/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]216 * Gets \p output_len bytes from the ring buffer \p buf into the
217 * \p output buffer. The output buffer can be NULL, in this case a part of the
218 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]219 *
220 * \p buf must have been initialized and set up by calling
221 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
222 *
223 * \retval \p output_len, if the data is available.
224 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]225 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]226 */
227int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
228 unsigned char* output, size_t output_len )
229{
230 size_t overflow = 0;
231
232 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
233 return -1;
234
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]235 if( output == NULL && output_len == 0 )
236 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]237
238 if( buf->content_length < output_len )
239 output_len = buf->content_length;
240
241 /* Calculate the number of bytes that need to be drawn from lower memory
242 * address */
243 if( buf->start + output_len > buf->capacity )
244 {
245 overflow = ( buf->start + output_len ) % buf->capacity;
246 }
247
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]248 if( output != NULL )
249 {
250 memcpy( output, buf->buffer + buf->start, output_len - overflow );
251 memcpy( output + output_len - overflow, buf->buffer, overflow );
252 }
253
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]254 buf->content_length -= output_len;
255 buf->start = ( buf->start + output_len ) % buf->capacity;
256
257 return output_len;
258}
259
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]260/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]261 * Errors used in the message transport mock tests
262 */
263 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]264 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
265
266/*
267 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
268 */
269typedef struct mbedtls_test_message_queue
270{
271 size_t *messages;
272 int pos;
273 int num;
274 int capacity;
275} mbedtls_test_message_queue;
276
277/*
278 * Setup and free functions for the message metadata queue.
279 *
280 * \p capacity describes the number of message metadata chunks that can be held
281 * within the queue.
282 *
283 * \retval 0, if a metadata queue of a given length can be allocated.
284 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
285 */
286int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
287 size_t capacity )
288{
289 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
290 if( NULL == queue->messages )
291 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
292
293 queue->capacity = capacity;
294 queue->pos = 0;
295 queue->num = 0;
296
297 return 0;
298}
299
300void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
301{
302 if( queue == NULL )
303 return;
304
305 if( queue->messages != NULL )
306 mbedtls_free( queue->messages );
307
308 memset( queue, 0, sizeof( *queue ) );
309}
310
311/*
312 * Push message length information onto the message metadata queue.
313 * This will become the last element to leave it (fifo).
314 *
315 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]316 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]317 * \retval \p len, if the push was successful.
318 */
319int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
320 size_t len )
321{
322 int place;
323 if( queue == NULL )
324 return MBEDTLS_TEST_ERROR_ARG_NULL;
325
326 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]327 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]328
329 place = ( queue->pos + queue->num ) % queue->capacity;
330 queue->messages[place] = len;
331 queue->num++;
332 return len;
333}
334
335/*
336 * Pop information about the next message length from the queue. This will be
337 * the oldest inserted message length(fifo). \p msg_len can be null, in which
338 * case the data will be popped from the queue but not copied anywhere.
339 *
340 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]341 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]342 * \retval message length, if the pop was successful, up to the given
343 \p buf_len.
344 */
345int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
346 size_t buf_len )
347{
348 size_t message_length;
349 if( queue == NULL )
350 return MBEDTLS_TEST_ERROR_ARG_NULL;
351 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]352 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]353
354 message_length = queue->messages[queue->pos];
355 queue->messages[queue->pos] = 0;
356 queue->num--;
357 queue->pos++;
358 queue->pos %= queue->capacity;
359 if( queue->pos < 0 )
360 queue->pos += queue->capacity;
361
362 return ( message_length > buf_len ) ? buf_len : message_length;
363}
364
365/*
366 * Take a peek on the info about the next message length from the queue.
367 * This will be the oldest inserted message length(fifo).
368 *
369 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]370 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]371 * \retval 0, if the peek was successful.
372 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
373 * too small to fit the message. In this case the \p msg_len will be
374 * set to the full message length so that the
375 * caller knows what portion of the message can be dropped.
376 */
377int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
378 size_t buf_len, size_t* msg_len )
379{
380 if( queue == NULL || msg_len == NULL )
381 return MBEDTLS_TEST_ERROR_ARG_NULL;
382 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]383 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]384
385 *msg_len = queue->messages[queue->pos];
386 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
387}
388/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]389 * Context for the I/O callbacks simulating network connection.
390 */
391
392#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
393
394typedef struct mbedtls_mock_socket
395{
396 int status;
397 mbedtls_test_buffer *input;
398 mbedtls_test_buffer *output;
399 struct mbedtls_mock_socket *peer;
400} mbedtls_mock_socket;
401
402/*
403 * Setup and teardown functions for mock sockets.
404 */
405void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
406{
407 memset( socket, 0, sizeof( *socket ) );
408}
409
410/*
411 * Closes the socket \p socket.
412 *
413 * \p socket must have been previously initialized by calling
414 * mbedtls_mock_socket_init().
415 *
416 * This function frees all allocated resources and both sockets are aware of the
417 * new connection state.
418 *
419 * That is, this function does not simulate half-open TCP connections and the
420 * phenomenon that when closing a UDP connection the peer is not aware of the
421 * connection having been closed.
422 */
423void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
424{
425 if( socket == NULL )
426 return;
427
428 if( socket->input != NULL )
429 {
430 mbedtls_test_buffer_free( socket->input );
431 mbedtls_free( socket->input );
432 }
433
434 if( socket->output != NULL )
435 {
436 mbedtls_test_buffer_free( socket->output );
437 mbedtls_free( socket->output );
438 }
439
440 if( socket->peer != NULL )
441 memset( socket->peer, 0, sizeof( *socket->peer ) );
442
443 memset( socket, 0, sizeof( *socket ) );
444}
445
446/*
447 * Establishes a connection between \p peer1 and \p peer2.
448 *
449 * \p peer1 and \p peer2 must have been previously initialized by calling
450 * mbedtls_mock_socket_init().
451 *
452 * The capacites of the internal buffers are set to \p bufsize. Setting this to
453 * the correct value allows for simulation of MTU, sanity testing the mock
454 * implementation and mocking TCP connections with lower memory cost.
455 */
456int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
457 mbedtls_mock_socket* peer2,
458 size_t bufsize )
459{
460 int ret = -1;
461
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]462 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]463 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
464 if( peer1->output == NULL )
465 {
466 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
467 goto exit;
468 }
469 mbedtls_test_buffer_init( peer1->output );
470 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
471 {
472 goto exit;
473 }
474
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]475 peer2->output =
476 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
477 if( peer2->output == NULL )
478 {
479 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
480 goto exit;
481 }
482 mbedtls_test_buffer_init( peer2->output );
483 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
484 {
485 goto exit;
486 }
487
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]488 peer1->peer = peer2;
489 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]490 peer1->input = peer2->output;
491 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]492
493 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
494 ret = 0;
495
496exit:
497
498 if( ret != 0 )
499 {
500 mbedtls_mock_socket_close( peer1 );
501 mbedtls_mock_socket_close( peer2 );
502 }
503
504 return ret;
505}
506
507/*
508 * Callbacks for simulating blocking I/O over connection-oriented transport.
509 */
510
511int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
512{
513 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
514
515 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
516 return -1;
517
518 return mbedtls_test_buffer_put( socket->output, buf, len );
519}
520
521int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
522{
523 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
524
525 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
526 return -1;
527
528 return mbedtls_test_buffer_get( socket->input, buf, len );
529}
530
531/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]532 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
533 */
534
535int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
536{
537 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
538
539 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
540 return -1;
541
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]542 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]543 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]544 return MBEDTLS_ERR_SSL_WANT_WRITE;
545 }
546
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]547 return mbedtls_test_buffer_put( socket->output, buf, len );
548}
549
550int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
551{
552 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
553
554 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
555 return -1;
556
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]557 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]558 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]559 return MBEDTLS_ERR_SSL_WANT_READ;
560 }
561
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]562 return mbedtls_test_buffer_get( socket->input, buf, len );
563}
564
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]565/* Errors used in the message socket mocks */
566
567#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
568#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
569#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
570
571/*
572 * Structure used as an addon, or a wrapper, around the mocked sockets.
573 * Contains an input queue, to which the other socket pushes metadata,
574 * and an output queue, to which this one pushes metadata. This context is
575 * considered as an owner of the input queue only, which is initialized and
576 * freed in the respective setup and free calls.
577 */
578typedef struct mbedtls_test_message_socket_context
579{
580 mbedtls_test_message_queue* queue_input;
581 mbedtls_test_message_queue* queue_output;
582 mbedtls_mock_socket* socket;
583} mbedtls_test_message_socket_context;
584
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]585void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
586{
587 ctx->queue_input = NULL;
588 ctx->queue_output = NULL;
589 ctx->socket = NULL;
590}
591
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]592/*
593 * Setup a given mesasge socket context including initialization of
594 * input/output queues to a chosen capacity of messages. Also set the
595 * corresponding mock socket.
596 *
597 * \retval 0, if everything succeeds.
598 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
599 * queue failed.
600 */
601int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
602 mbedtls_test_message_queue* queue_output,
603 size_t queue_capacity,
604 mbedtls_mock_socket* socket,
605 mbedtls_test_message_socket_context* ctx )
606{
607 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
608 if( ret != 0 )
609 return ret;
610 ctx->queue_input = queue_input;
611 ctx->queue_output = queue_output;
612 ctx->socket = socket;
613 mbedtls_mock_socket_init( socket );
614
615 return 0;
616}
617
618/*
619 * Close a given message socket context, along with the socket itself. Free the
620 * memory allocated by the input queue.
621 */
622void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
623{
624 if( ctx == NULL )
625 return;
626
627 mbedtls_test_message_queue_free( ctx->queue_input );
628 mbedtls_mock_socket_close( ctx->socket );
629 memset( ctx, 0, sizeof( *ctx ) );
630}
631
632/*
633 * Send one message through a given message socket context.
634 *
635 * \retval \p len, if everything succeeds.
636 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
637 * elements or the context itself is null.
638 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]639 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]640 *
641 * This function will also return any error from
642 * mbedtls_test_message_queue_push_info.
643 */
644int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
645{
646 mbedtls_test_message_queue* queue;
647 mbedtls_mock_socket* socket;
648 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
649
650 if( context == NULL || context->socket == NULL
651 || context->queue_output == NULL )
652 {
653 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
654 }
655
656 queue = context->queue_output;
657 socket = context->socket;
658
659 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]660 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]661
662 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
663 return MBEDTLS_TEST_ERROR_SEND_FAILED;
664
665 return mbedtls_test_message_queue_push_info( queue, len );
666}
667
668/*
669 * Receive one message from a given message socket context and return message
670 * length or an error.
671 *
672 * \retval message length, if everything succeeds.
673 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
674 * elements or the context itself is null.
675 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
676 *
677 * This function will also return any error other than
678 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
679 */
680int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
681{
682 mbedtls_test_message_queue* queue;
683 mbedtls_mock_socket* socket;
684 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
Gilles Peskine19e841e2020-03-09 20:43:51 +0100[diff] [blame]685 size_t drop_len = 0;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]686 size_t msg_len;
687 int ret;
688
689 if( context == NULL || context->socket == NULL
690 || context->queue_input == NULL )
691 {
692 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
693 }
694
695 queue = context->queue_input;
696 socket = context->socket;
697
698 /* Peek first, so that in case of a socket error the data remains in
699 * the queue. */
700 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
701 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
702 {
703 /* Calculate how much to drop */
704 drop_len = msg_len - buf_len;
705
706 /* Set the requested message len to be buffer length */
707 msg_len = buf_len;
708 } else if( ret != 0 )
709 {
710 return ret;
711 }
712
713 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
714 return MBEDTLS_TEST_ERROR_RECV_FAILED;
715
716 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
717 {
718 /* Drop the remaining part of the message */
719 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
720 {
721 /* Inconsistent state - part of the message was read,
722 * and a part couldn't. Not much we can do here, but it should not
723 * happen in test environment, unless forced manually. */
724 }
725 }
726 mbedtls_test_message_queue_pop_info( queue, buf_len );
727
728 return msg_len;
729}
730
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]731#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
732 defined(MBEDTLS_ENTROPY_C) && \
733 defined(MBEDTLS_CTR_DRBG_C)
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]734
735/*
736 * Structure with endpoint's certificates for SSL communication tests.
737 */
738typedef struct mbedtls_endpoint_certificate
739{
740 mbedtls_x509_crt ca_cert;
741 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]742 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]743} mbedtls_endpoint_certificate;
744
745/*
746 * Endpoint structure for SSL communication tests.
747 */
748typedef struct mbedtls_endpoint
749{
750 const char *name;
751 mbedtls_ssl_context ssl;
752 mbedtls_ssl_config conf;
753 mbedtls_ctr_drbg_context ctr_drbg;
754 mbedtls_entropy_context entropy;
755 mbedtls_mock_socket socket;
756 mbedtls_endpoint_certificate cert;
757} mbedtls_endpoint;
758
759/*
760 * Initializes \p ep_cert structure and assigns it to endpoint
761 * represented by \p ep.
762 *
763 * \retval 0 on success, otherwise error code.
764 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]765int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]766{
767 int i = 0;
768 int ret = -1;
769 mbedtls_endpoint_certificate *cert;
770
771 if( ep == NULL )
772 {
773 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
774 }
775
776 cert = &( ep->cert );
777 mbedtls_x509_crt_init( &( cert->ca_cert ) );
778 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]779 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]780
781 /* Load the trusted CA */
782
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]783 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
784 {
785 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
786 (const unsigned char *) mbedtls_test_cas_der[i],
787 mbedtls_test_cas_der_len[i] );
788 TEST_ASSERT( ret == 0 );
789 }
790
791 /* Load own certificate and private key */
792
793 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
794 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]795 if( pk_alg == MBEDTLS_PK_RSA )
796 {
797 ret = mbedtls_x509_crt_parse( &( cert->cert ),
798 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
799 mbedtls_test_srv_crt_rsa_sha256_der_len );
800 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]801
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]802 ret = mbedtls_pk_parse_key( &( cert->pkey ),
803 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]804 mbedtls_test_srv_key_rsa_der_len, NULL, 0,
805 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]806 TEST_ASSERT( ret == 0 );
807 }
808 else
809 {
810 ret = mbedtls_x509_crt_parse( &( cert->cert ),
811 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
812 mbedtls_test_srv_crt_ec_der_len );
813 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]814
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]815 ret = mbedtls_pk_parse_key( &( cert->pkey ),
816 (const unsigned char*) mbedtls_test_srv_key_ec_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]817 mbedtls_test_srv_key_ec_der_len, NULL, 0,
818 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]819 TEST_ASSERT( ret == 0 );
820 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]821 }
822 else
823 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]824 if( pk_alg == MBEDTLS_PK_RSA )
825 {
826 ret = mbedtls_x509_crt_parse( &( cert->cert ),
827 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
828 mbedtls_test_cli_crt_rsa_der_len );
829 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]830
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]831 ret = mbedtls_pk_parse_key( &( cert->pkey ),
832 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]833 mbedtls_test_cli_key_rsa_der_len, NULL, 0,
834 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]835 TEST_ASSERT( ret == 0 );
836 }
837 else
838 {
839 ret = mbedtls_x509_crt_parse( &( cert->cert ),
840 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
841 mbedtls_test_cli_crt_ec_len );
842 TEST_ASSERT( ret == 0 );
843
844 ret = mbedtls_pk_parse_key( &( cert->pkey ),
845 (const unsigned char *) mbedtls_test_cli_key_ec_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200[diff] [blame]846 mbedtls_test_cli_key_ec_der_len, NULL, 0,
847 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]848 TEST_ASSERT( ret == 0 );
849 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]850 }
851
852 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
853
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]854 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
855 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]856 TEST_ASSERT( ret == 0 );
857
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]858exit:
859 if( ret != 0 )
860 {
861 mbedtls_x509_crt_free( &( cert->ca_cert ) );
862 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]863 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]864 }
865
866 return ret;
867}
868
869/*
870 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
871 * after calling this function even if it fails.
872 *
873 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
874 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]875 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
876 * MBEDTLS_PK_ECDSA are supported.
877 * \p dtls_context - in case of DTLS - this is the context handling metadata.
878 * \p input_queue - used only in case of DTLS.
879 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]880 *
881 * \retval 0 on success, otherwise error code.
882 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]883int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
884 mbedtls_test_message_socket_context *dtls_context,
885 mbedtls_test_message_queue *input_queue,
886 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]887{
888 int ret = -1;
889
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]890 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]891 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]892
893 if( ep == NULL )
894 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]895
896 memset( ep, 0, sizeof( *ep ) );
897
898 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
899
900 mbedtls_ssl_init( &( ep->ssl ) );
901 mbedtls_ssl_config_init( &( ep->conf ) );
902 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
903 mbedtls_ssl_conf_rng( &( ep->conf ),
904 mbedtls_ctr_drbg_random,
905 &( ep->ctr_drbg ) );
906 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]907 if( dtls_context != NULL )
908 {
909 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
910 100, &( ep->socket ),
911 dtls_context ) == 0 );
912 }
913 else
914 {
915 mbedtls_mock_socket_init( &( ep->socket ) );
916 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]917
918 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
919 &( ep->entropy ), (const unsigned char *) ( ep->name ),
920 strlen( ep->name ) );
921 TEST_ASSERT( ret == 0 );
922
923 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]924 if( dtls_context != NULL )
925 {
926 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
927 mbedtls_mock_tcp_send_msg,
928 mbedtls_mock_tcp_recv_msg,
929 NULL );
930 }
931 else
932 {
933 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
934 mbedtls_mock_tcp_send_nb,
935 mbedtls_mock_tcp_recv_nb,
936 NULL );
937 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]938
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]939 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]940 ( dtls_context != NULL ) ?
941 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
942 MBEDTLS_SSL_TRANSPORT_STREAM,
943 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]944 TEST_ASSERT( ret == 0 );
945
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]946 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
947 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]948
949#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
950 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
951 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
952#endif
953
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]954 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]955 TEST_ASSERT( ret == 0 );
956
957exit:
958 return ret;
959}
960
961/*
962 * Deinitializes certificates from endpoint represented by \p ep.
963 */
964void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
965{
966 mbedtls_endpoint_certificate *cert = &( ep->cert );
967 mbedtls_x509_crt_free( &( cert->ca_cert ) );
968 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]969 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]970}
971
972/*
973 * Deinitializes endpoint represented by \p ep.
974 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]975void mbedtls_endpoint_free( mbedtls_endpoint *ep,
976 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]977{
978 mbedtls_endpoint_certificate_free( ep );
979
980 mbedtls_ssl_free( &( ep->ssl ) );
981 mbedtls_ssl_config_free( &( ep->conf ) );
982 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
983 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]984
985 if( context != NULL )
986 {
987 mbedtls_message_socket_close( context );
988 }
989 else
990 {
991 mbedtls_mock_socket_close( &( ep->socket ) );
992 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]993}
994
995/*
996 * This function moves ssl handshake from \p ssl to prescribed \p state.
997 * /p second_ssl is used as second endpoint and their sockets have to be
998 * connected before calling this function.
999 *
1000 * \retval 0 on success, otherwise error code.
1001 */
1002int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
1003 mbedtls_ssl_context *second_ssl,
1004 int state )
1005{
1006 enum { BUFFSIZE = 1024 };
1007 int max_steps = 1000;
1008 int ret = 0;
1009
1010 if( ssl == NULL || second_ssl == NULL )
1011 {
1012 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
1013 }
1014
1015 /* Perform communication via connected sockets */
1016 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
1017 {
1018 /* If /p second_ssl ends the handshake procedure before /p ssl then
1019 * there is no need to call the next step */
1020 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
1021 {
1022 ret = mbedtls_ssl_handshake_step( second_ssl );
1023 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1024 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1025 {
1026 return ret;
1027 }
1028 }
1029
1030 /* We only care about the \p ssl state and returns, so we call it last,
1031 * to leave the iteration as soon as the state is as expected. */
1032 ret = mbedtls_ssl_handshake_step( ssl );
1033 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1034 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1035 {
1036 return ret;
1037 }
1038 }
1039
1040 return ( max_steps >= 0 ) ? ret : -1;
1041}
1042
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1043#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1044
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1045/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1046 * Write application data. Increase write counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1047 */
1048int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1049 int buf_len, int *written,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1050 const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1051{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1052 int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
1053 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1054 {
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1055 *written += ret;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1056 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1057
1058 if( expected_fragments == 0 )
1059 {
1060 /* Used for DTLS and the message size larger than MFL. In that case
1061 * the message can not be fragmented and the library should return
1062 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
1063 * to prevent a dead loop inside mbedtls_exchange_data(). */
1064 return ret;
1065 }
1066 else if( expected_fragments == 1 )
1067 {
1068 /* Used for TLS/DTLS and the message size lower than MFL */
1069 TEST_ASSERT( ret == buf_len ||
1070 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1071 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1072 }
1073 else
1074 {
1075 /* Used for TLS and the message size larger than MFL */
1076 TEST_ASSERT( expected_fragments > 1 );
1077 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1078 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1079 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1080 }
1081
1082 return 0;
1083
1084exit:
1085 /* Some of the tests failed */
1086 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1087}
1088
1089/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1090 * Read application data and increase read counter and fragments counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1091 */
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1092int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
1093 int buf_len, int *read,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1094 int *fragments, const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1095{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1096 int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
1097 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1098 {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1099 ( *fragments )++;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1100 *read += ret;
1101 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1102
1103 if( expected_fragments == 0 )
1104 {
1105 TEST_ASSERT( ret == 0 );
1106 }
1107 else if( expected_fragments == 1 )
1108 {
1109 TEST_ASSERT( ret == buf_len ||
1110 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1111 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1112 }
1113 else
1114 {
1115 TEST_ASSERT( expected_fragments > 1 );
1116 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1117 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1118 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1119 }
1120
1121 return 0;
1122
1123exit:
1124 /* Some of the tests failed */
1125 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]1126}
1127
1128/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1129 * Helper function setting up inverse record transformations
1130 * using given cipher, hash, EtM mode, authentication tag length,
1131 * and version.
1132 */
1133
1134#define CHK( x ) \
1135 do \
1136 { \
1137 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1138 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1139 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1140 goto cleanup; \
1141 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1142 } while( 0 )
1143
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1144void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
1145 int* forced_ciphersuite )
1146{
1147 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1148 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
1149 forced_ciphersuite[1] = 0;
1150
1151 ciphersuite_info =
1152 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
1153
1154 TEST_ASSERT( ciphersuite_info != NULL );
1155 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
1156 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
1157
1158 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
1159 {
1160 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
1161 }
1162 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
1163 {
1164 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
1165 }
1166
1167 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
1168
1169exit:
1170 return;
1171}
1172
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1173int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1174 const unsigned char *name, size_t name_len )
1175{
1176 (void) p_info;
1177 (void) ssl;
1178 (void) name;
1179 (void) name_len;
1180
1181 return ( 0 );
1182}
1183
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1184#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1185#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1186#else
1187#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1188#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1189
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1190static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
1191 const unsigned char *iv, size_t iv_len,
1192 const unsigned char *input, size_t ilen,
1193 unsigned char *output, size_t *olen )
1194{
Przemyslaw Stekiel5648d572022-02-03 14:09:02 +0100[diff] [blame]1195#if defined(MBEDTLS_USE_PSA_CRYPTO)
Przemyslaw Stekield66387f2022-02-03 08:55:33 +0100[diff] [blame]1196 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1197 psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
1198 size_t part_len;
1199
1200 status = psa_cipher_encrypt_setup( &cipher_op,
1201 transform->psa_key_enc, transform->psa_alg );
1202
1203 if( status != PSA_SUCCESS )
1204 return( psa_ssl_status_to_mbedtls( status ) );
1205
1206 status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
1207
1208 if( status != PSA_SUCCESS )
1209 return( psa_ssl_status_to_mbedtls( status ) );
1210
1211 status = psa_cipher_update( &cipher_op,
1212 input, ilen, output, ilen, olen );
1213
1214 if( status != PSA_SUCCESS )
1215 return( psa_ssl_status_to_mbedtls( status ) );
1216
1217 status = psa_cipher_finish( &cipher_op,
1218 output + *olen, ilen - *olen, &part_len );
1219
1220 if( status != PSA_SUCCESS )
1221 return( psa_ssl_status_to_mbedtls( status ) );
1222
1223 *olen += part_len;
1224 return( 0 );
Przemyslaw Stekiel5648d572022-02-03 14:09:02 +0100[diff] [blame]1225#else
1226 return mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
1227 iv, iv_len, input, ilen, output, olen );
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1228#endif /* MBEDTLS_USE_PSA_CRYPTO */
Przemyslaw Stekiel5648d572022-02-03 14:09:02 +0100[diff] [blame]1229}
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]1230
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1231static int build_transforms( mbedtls_ssl_transform *t_in,
1232 mbedtls_ssl_transform *t_out,
1233 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1234 int etm, int tag_mode, int ver,
1235 size_t cid0_len,
1236 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1237{
1238 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1239 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1240
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1241#if defined(MBEDTLS_USE_PSA_CRYPTO)
1242 psa_key_type_t key_type;
1243 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1244 psa_algorithm_t alg;
1245 size_t key_bits;
Przemyslaw Stekield66387f2022-02-03 08:55:33 +0100[diff] [blame]1246 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1247#endif
1248
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1249 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1250 unsigned char *key0 = NULL, *key1 = NULL;
Paul Elliott6f1eda72020-06-11 20:22:00 +0100[diff] [blame]1251 unsigned char *md0 = NULL, *md1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1252 unsigned char iv_enc[16], iv_dec[16];
1253
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1254#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1255 unsigned char cid0[ SSL_CID_LEN_MIN ];
1256 unsigned char cid1[ SSL_CID_LEN_MIN ];
1257
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]1258 mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1259 mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1260#else
1261 ((void) cid0_len);
1262 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1263#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1264
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1265 maclen = 0;
1266
1267 /* Pick cipher */
1268 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1269 CHK( cipher_info != NULL );
1270 CHK( cipher_info->iv_size <= 16 );
1271 CHK( cipher_info->key_bitlen % 8 == 0 );
1272
1273 /* Pick keys */
1274 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1275 /* Allocate `keylen + 1` bytes to ensure that we get
1276 * a non-NULL pointers from `mbedtls_calloc` even if
1277 * `keylen == 0` in the case of the NULL cipher. */
1278 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1279 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1280 memset( key0, 0x1, keylen );
1281 memset( key1, 0x2, keylen );
1282
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1283#if !defined(MBEDTLS_USE_PSA_CRYPTO)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1284 /* Setup cipher contexts */
1285 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1286 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1287 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1288 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1289
1290#if defined(MBEDTLS_CIPHER_MODE_CBC)
1291 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1292 {
1293 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1294 MBEDTLS_PADDING_NONE ) == 0 );
1295 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1296 MBEDTLS_PADDING_NONE ) == 0 );
1297 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1298 MBEDTLS_PADDING_NONE ) == 0 );
1299 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1300 MBEDTLS_PADDING_NONE ) == 0 );
1301 }
1302#endif /* MBEDTLS_CIPHER_MODE_CBC */
1303
1304 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1305 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1306 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1307 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1308 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1309 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1310 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1311 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1312#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1313
1314 /* Setup MAC contexts */
Hanno Beckerfd86ca82020-11-30 08:54:23 +0000[diff] [blame]1315#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1316 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1317 cipher_info->mode == MBEDTLS_MODE_STREAM )
1318 {
1319 mbedtls_md_info_t const *md_info;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1320
1321 /* Pick hash */
1322 md_info = mbedtls_md_info_from_type( hash_id );
1323 CHK( md_info != NULL );
1324
1325 /* Pick hash keys */
1326 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1327 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1328 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1329 memset( md0, 0x5, maclen );
1330 memset( md1, 0x6, maclen );
1331
1332 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1333 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1334 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1335 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1336
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +0100[diff] [blame]1337 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1338 md0, maclen ) == 0 );
1339 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1340 md1, maclen ) == 0 );
1341 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1342 md1, maclen ) == 0 );
1343 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1344 md0, maclen ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1345 }
1346#else
1347 ((void) hash_id);
Hanno Beckerfd86ca82020-11-30 08:54:23 +0000[diff] [blame]1348#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1349
1350
1351 /* Pick IV's (regardless of whether they
1352 * are being used by the transform). */
1353 ivlen = cipher_info->iv_size;
1354 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1355 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1356
1357 /*
1358 * Setup transforms
1359 */
1360
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1361#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
Hanno Beckerfd86ca82020-11-30 08:54:23 +0000[diff] [blame]1362 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1363 t_out->encrypt_then_mac = etm;
1364 t_in->encrypt_then_mac = etm;
1365#else
1366 ((void) etm);
1367#endif
1368
1369 t_out->minor_ver = ver;
1370 t_in->minor_ver = ver;
1371 t_out->ivlen = ivlen;
1372 t_in->ivlen = ivlen;
1373
1374 switch( cipher_info->mode )
1375 {
1376 case MBEDTLS_MODE_GCM:
1377 case MBEDTLS_MODE_CCM:
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1378#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Beckere6832872020-05-28 08:29:58 +0100[diff] [blame]1379 if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
1380 {
1381 t_out->fixed_ivlen = 12;
1382 t_in->fixed_ivlen = 12;
1383 }
1384 else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1385#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Beckere6832872020-05-28 08:29:58 +0100[diff] [blame]1386 {
1387 t_out->fixed_ivlen = 4;
1388 t_in->fixed_ivlen = 4;
1389 }
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1390 t_out->maclen = 0;
1391 t_in->maclen = 0;
1392 switch( tag_mode )
1393 {
1394 case 0: /* Full tag */
1395 t_out->taglen = 16;
1396 t_in->taglen = 16;
1397 break;
1398 case 1: /* Partial tag */
1399 t_out->taglen = 8;
1400 t_in->taglen = 8;
1401 break;
1402 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1403 ret = 1;
1404 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1405 }
1406 break;
1407
1408 case MBEDTLS_MODE_CHACHAPOLY:
1409 t_out->fixed_ivlen = 12;
1410 t_in->fixed_ivlen = 12;
1411 t_out->maclen = 0;
1412 t_in->maclen = 0;
1413 switch( tag_mode )
1414 {
1415 case 0: /* Full tag */
1416 t_out->taglen = 16;
1417 t_in->taglen = 16;
1418 break;
1419 case 1: /* Partial tag */
1420 t_out->taglen = 8;
1421 t_in->taglen = 8;
1422 break;
1423 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1424 ret = 1;
1425 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1426 }
1427 break;
1428
1429 case MBEDTLS_MODE_STREAM:
1430 case MBEDTLS_MODE_CBC:
1431 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1432 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1433 t_out->taglen = 0;
1434 t_in->taglen = 0;
1435 switch( tag_mode )
1436 {
1437 case 0: /* Full tag */
1438 t_out->maclen = maclen;
1439 t_in->maclen = maclen;
1440 break;
1441 case 1: /* Partial tag */
1442 t_out->maclen = 10;
1443 t_in->maclen = 10;
1444 break;
1445 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1446 ret = 1;
1447 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1448 }
1449 break;
1450 default:
Paul Elliottc7b53742021-02-03 13:18:33 +0000[diff] [blame]1451 ret = 1;
1452 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1453 break;
1454 }
1455
1456 /* Setup IV's */
1457
1458 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1459 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1460 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1461 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1462
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1463#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1464 /* Add CID */
1465 memcpy( &t_in->in_cid, cid0, cid0_len );
1466 memcpy( &t_in->out_cid, cid1, cid1_len );
1467 t_in->in_cid_len = cid0_len;
1468 t_in->out_cid_len = cid1_len;
1469 memcpy( &t_out->in_cid, cid1, cid1_len );
1470 memcpy( &t_out->out_cid, cid0, cid0_len );
1471 t_out->in_cid_len = cid1_len;
1472 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1473#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1474
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1475#if defined(MBEDTLS_USE_PSA_CRYPTO)
Przemyslaw Stekielf57b4562022-01-25 00:04:18 +0100[diff] [blame]1476 status = mbedtls_ssl_cipher_to_psa( cipher_type,
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1477 t_in->taglen,
1478 &alg,
1479 &key_type,
1480 &key_bits );
1481
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1482 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1483 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1484 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1485 goto cleanup;
1486 }
1487
1488 t_in->psa_alg = alg;
1489 t_out->psa_alg = alg;
1490
1491 if ( alg != MBEDTLS_SSL_NULL_CIPHER )
1492 {
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1493 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1494 psa_set_key_algorithm( &attributes, alg );
1495 psa_set_key_type( &attributes, key_type );
1496
1497 status = psa_import_key( &attributes,
1498 key0,
1499 PSA_BITS_TO_BYTES( key_bits ),
1500 &t_in->psa_key_enc );
1501
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1502 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1503 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1504 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1505 goto cleanup;
1506 }
1507
1508 status = psa_import_key( &attributes,
1509 key1,
1510 PSA_BITS_TO_BYTES( key_bits ),
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1511 &t_out->psa_key_enc );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1512
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1513 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1514 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1515 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1516 goto cleanup;
1517 }
1518
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1519 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
1520
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1521 status = psa_import_key( &attributes,
1522 key1,
1523 PSA_BITS_TO_BYTES( key_bits ),
Przemyslaw Stekielf4ca3f02022-01-25 00:25:59 +0100[diff] [blame]1524 &t_in->psa_key_dec );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1525
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1526 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1527 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1528 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1529 goto cleanup;
1530 }
1531
1532 status = psa_import_key( &attributes,
1533 key0,
1534 PSA_BITS_TO_BYTES( key_bits ),
1535 &t_out->psa_key_dec );
1536
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]1537 if ( status != PSA_SUCCESS )
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1538 {
Przemyslaw Stekiel77aec8d2022-01-31 20:22:53 +0100[diff] [blame]1539 ret = psa_ssl_status_to_mbedtls( status );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]1540 goto cleanup;
1541 }
1542 }
1543#endif /* MBEDTLS_USE_PSA_CRYPTO */
1544
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1545cleanup:
1546
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1547 mbedtls_free( key0 );
1548 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1549
Paul Elliott6f1eda72020-06-11 20:22:00 +0100[diff] [blame]1550 mbedtls_free( md0 );
1551 mbedtls_free( md1 );
1552
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1553 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1554}
1555
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1556/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1557 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1558 * Choose dummy values, mostly non-0 to distinguish from the init default.
1559 */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]1560static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
1561 int ticket_len,
1562 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1563{
1564#if defined(MBEDTLS_HAVE_TIME)
1565 session->start = mbedtls_time( NULL ) - 42;
1566#endif
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]1567 session->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1568 session->ciphersuite = 0xabcd;
1569 session->compression = 1;
1570 session->id_len = sizeof( session->id );
1571 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1572 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1573
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1574#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]1575 if( crt_file != NULL && strlen( crt_file ) != 0 )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1576 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1577 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1578 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1579
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1580 mbedtls_x509_crt_init( &tmp_crt );
1581 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1582 if( ret != 0 )
1583 return( ret );
1584
1585#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1586 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1587 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1588 if( session->peer_cert == NULL )
1589 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1590 *session->peer_cert = tmp_crt;
1591 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1592#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1593 /* Calculate digest of temporary CRT. */
1594 session->peer_cert_digest =
1595 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1596 if( session->peer_cert_digest == NULL )
1597 return( -1 );
1598 ret = mbedtls_md( mbedtls_md_info_from_type(
1599 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1600 tmp_crt.raw.p, tmp_crt.raw.len,
1601 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1602 if( ret != 0 )
1603 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1604 session->peer_cert_digest_type =
1605 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1606 session->peer_cert_digest_len =
1607 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1608#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1609
1610 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1611 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1612#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1613 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1614#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1615 session->verify_result = 0xdeadbeef;
1616
1617#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1618 if( ticket_len != 0 )
1619 {
1620 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1621 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1622 return( -1 );
1623 memset( session->ticket, 33, ticket_len );
1624 }
1625 session->ticket_len = ticket_len;
1626 session->ticket_lifetime = 86401;
1627#else
1628 (void) ticket_len;
1629#endif
1630
1631#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1632 session->mfl_code = 1;
1633#endif
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1634#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1635 session->encrypt_then_mac = 1;
1636#endif
1637
1638 return( 0 );
1639}
1640
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1641/*
1642 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1643 * message was sent in the correct number of fragments.
1644 *
1645 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1646 * of them must be initialized and connected beforehand.
1647 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1648 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1649 * fragments the message should be sent.
1650 * expected_fragments is 0: can be used for DTLS testing while the message
1651 * size is larger than MFL. In that case the message
1652 * cannot be fragmented and sent to the second endpoint.
1653 * This value can be used for negative tests.
1654 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1655 * message size is below MFL
1656 * expected_fragments > 1: can be used for TLS testing while the message
1657 * size is larger than MFL
1658 *
1659 * \retval 0 on success, otherwise error code.
1660 */
1661int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
1662 int msg_len_1, const int expected_fragments_1,
1663 mbedtls_ssl_context *ssl_2,
1664 int msg_len_2, const int expected_fragments_2 )
1665{
1666 unsigned char *msg_buf_1 = malloc( msg_len_1 );
1667 unsigned char *msg_buf_2 = malloc( msg_len_2 );
1668 unsigned char *in_buf_1 = malloc( msg_len_2 );
1669 unsigned char *in_buf_2 = malloc( msg_len_1 );
1670 int msg_type, ret = -1;
1671
1672 /* Perform this test with two message types. At first use a message
1673 * consisting of only 0x00 for the client and only 0xFF for the server.
1674 * At the second time use message with generated data */
1675 for( msg_type = 0; msg_type < 2; msg_type++ )
1676 {
1677 int written_1 = 0;
1678 int written_2 = 0;
1679 int read_1 = 0;
1680 int read_2 = 0;
1681 int fragments_1 = 0;
1682 int fragments_2 = 0;
1683
1684 if( msg_type == 0 )
1685 {
1686 memset( msg_buf_1, 0x00, msg_len_1 );
1687 memset( msg_buf_2, 0xff, msg_len_2 );
1688 }
1689 else
1690 {
1691 int i, j = 0;
1692 for( i = 0; i < msg_len_1; i++ )
1693 {
1694 msg_buf_1[i] = j++ & 0xFF;
1695 }
1696 for( i = 0; i < msg_len_2; i++ )
1697 {
1698 msg_buf_2[i] = ( j -= 5 ) & 0xFF;
1699 }
1700 }
1701
1702 while( read_1 < msg_len_2 || read_2 < msg_len_1 )
1703 {
1704 /* ssl_1 sending */
1705 if( msg_len_1 > written_1 )
1706 {
1707 ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
1708 msg_len_1, &written_1,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1709 expected_fragments_1 );
1710 if( expected_fragments_1 == 0 )
1711 {
1712 /* This error is expected when the message is too large and
1713 * cannot be fragmented */
1714 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1715 msg_len_1 = 0;
1716 }
1717 else
1718 {
1719 TEST_ASSERT( ret == 0 );
1720 }
1721 }
1722
1723 /* ssl_2 sending */
1724 if( msg_len_2 > written_2 )
1725 {
1726 ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
1727 msg_len_2, &written_2,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1728 expected_fragments_2 );
1729 if( expected_fragments_2 == 0 )
1730 {
1731 /* This error is expected when the message is too large and
1732 * cannot be fragmented */
1733 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1734 msg_len_2 = 0;
1735 }
1736 else
1737 {
1738 TEST_ASSERT( ret == 0 );
1739 }
1740 }
1741
1742 /* ssl_1 reading */
1743 if( read_1 < msg_len_2 )
1744 {
1745 ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
1746 msg_len_2, &read_1,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1747 &fragments_2,
1748 expected_fragments_2 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1749 TEST_ASSERT( ret == 0 );
1750 }
1751
1752 /* ssl_2 reading */
1753 if( read_2 < msg_len_1 )
1754 {
1755 ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
1756 msg_len_1, &read_2,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]1757 &fragments_1,
1758 expected_fragments_1 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +0100[diff] [blame]1759 TEST_ASSERT( ret == 0 );
1760 }
1761 }
1762
1763 ret = -1;
1764 TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
1765 TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
1766 TEST_ASSERT( fragments_1 == expected_fragments_1 );
1767 TEST_ASSERT( fragments_2 == expected_fragments_2 );
1768 }
1769
1770 ret = 0;
1771
1772exit:
1773 free( msg_buf_1 );
1774 free( in_buf_1 );
1775 free( msg_buf_2 );
1776 free( in_buf_2 );
1777
1778 return ret;
1779}
1780
Piotr Nowicki95e9eb82020-02-14 11:33:34 +0100[diff] [blame]1781/*
1782 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1783 * must be initialized and connected beforehand.
1784 *
1785 * \retval 0 on success, otherwise error code.
1786 */
1787int exchange_data( mbedtls_ssl_context *ssl_1,
1788 mbedtls_ssl_context *ssl_2 )
1789{
1790 return mbedtls_exchange_data( ssl_1, 256, 1,
1791 ssl_2, 256, 1 );
1792}
1793
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]1794#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
1795 defined(MBEDTLS_ENTROPY_C) && \
1796 defined(MBEDTLS_CTR_DRBG_C)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1797void perform_handshake( handshake_test_options* options )
1798{
1799 /* forced_ciphersuite needs to last until the end of the handshake */
1800 int forced_ciphersuite[2];
1801 enum { BUFFSIZE = 17000 };
1802 mbedtls_endpoint client, server;
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1803#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1804 const char *psk_identity = "foo";
1805#endif
1806#if defined(MBEDTLS_TIMING_C)
1807 mbedtls_timing_delay_context timer_client, timer_server;
1808#endif
1809#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1810 unsigned char *context_buf = NULL;
1811 size_t context_buf_len;
1812#endif
1813#if defined(MBEDTLS_SSL_RENEGOTIATION)
1814 int ret = -1;
1815#endif
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1816 int expected_handshake_result = 0;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1817
1818 mbedtls_test_message_queue server_queue, client_queue;
1819 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]1820 mbedtls_message_socket_init( &server_context );
1821 mbedtls_message_socket_init( &client_context );
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1822
1823 /* Client side */
1824 if( options->dtls != 0 )
1825 {
1826 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1827 options->pk_alg, &client_context,
1828 &client_queue,
1829 &server_queue ) == 0 );
1830#if defined(MBEDTLS_TIMING_C)
1831 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
1832 mbedtls_timing_set_delay,
1833 mbedtls_timing_get_delay );
1834#endif
1835 }
1836 else
1837 {
1838 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1839 options->pk_alg, NULL, NULL,
1840 NULL ) == 0 );
1841 }
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1842
1843 if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
1844 {
1845 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1846 options->client_min_version );
1847 }
1848
1849 if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
1850 {
1851 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1852 options->client_max_version );
1853 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1854
1855 if( strlen( options->cipher ) > 0 )
1856 {
1857 set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
1858 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1859
1860#if defined (MBEDTLS_DEBUG_C)
1861 if( options->cli_log_fun )
1862 {
1863 mbedtls_debug_set_threshold( 4 );
1864 mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
1865 options->cli_log_obj );
1866 }
1867#endif
1868
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1869 /* Server side */
1870 if( options->dtls != 0 )
1871 {
1872 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1873 options->pk_alg, &server_context,
1874 &server_queue,
1875 &client_queue) == 0 );
1876#if defined(MBEDTLS_TIMING_C)
1877 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1878 mbedtls_timing_set_delay,
1879 mbedtls_timing_get_delay );
1880#endif
1881 }
1882 else
1883 {
1884 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1885 options->pk_alg, NULL, NULL, NULL ) == 0 );
1886 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1887
1888 mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
1889
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1890 if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
1891 {
1892 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1893 options->server_min_version );
1894 }
1895
1896 if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
1897 {
1898 mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1899 options->server_max_version );
1900 }
1901
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1902#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1903 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
1904 (unsigned char) options->mfl ) == 0 );
1905 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
1906 (unsigned char) options->mfl ) == 0 );
1907#else
1908 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
1909#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1910
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1911#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1912 if( options->psk_str != NULL && options->psk_str->len > 0 )
1913 {
1914 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
1915 options->psk_str->len,
1916 (const unsigned char *) psk_identity,
1917 strlen( psk_identity ) ) == 0 );
1918
1919 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
1920 options->psk_str->len,
1921 (const unsigned char *) psk_identity,
1922 strlen( psk_identity ) ) == 0 );
1923
1924 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
1925 }
1926#endif
1927#if defined(MBEDTLS_SSL_RENEGOTIATION)
1928 if( options->renegotiate )
1929 {
1930 mbedtls_ssl_conf_renegotiation( &(server.conf),
1931 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1932 mbedtls_ssl_conf_renegotiation( &(client.conf),
1933 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1934
1935 mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
1936 options->legacy_renegotiation );
1937 mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
1938 options->legacy_renegotiation );
1939 }
1940#endif /* MBEDTLS_SSL_RENEGOTIATION */
1941
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]1942#if defined (MBEDTLS_DEBUG_C)
1943 if( options->srv_log_fun )
1944 {
1945 mbedtls_debug_set_threshold( 4 );
1946 mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
1947 options->srv_log_obj );
1948 }
1949#endif
1950
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1951 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
1952 &(server.socket),
1953 BUFFSIZE ) == 0 );
1954
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1955#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1956 if( options->resize_buffers != 0 )
1957 {
1958 /* Ensure that the buffer sizes are appropriate before resizes */
1959 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1960 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1961 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1962 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1963 }
1964#endif
1965
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1966 if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
1967 {
Hanno Beckerbc000442021-06-24 09:18:19 +0100[diff] [blame]1968 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1969 }
1970
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1971 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
1972 &(server.ssl),
1973 MBEDTLS_SSL_HANDSHAKE_OVER )
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1974 == expected_handshake_result );
1975
1976 if( expected_handshake_result != 0 )
1977 {
1978 /* Connection will have failed by this point, skip to cleanup */
1979 goto exit;
1980 }
1981
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]1982 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1983 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1984
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1985 /* Check that we agree on the version... */
1986 TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
1987
1988 /* And check that the version negotiated is the expected one. */
1989 TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
1990
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1991#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1992 if( options->resize_buffers != 0 )
1993 {
TRodziewicz2abf03c2021-06-25 14:40:09 +0200[diff] [blame]1994 /* A server, when using DTLS, might delay a buffer resize to happen
1995 * after it receives a message, so we force it. */
1996 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]1997
TRodziewicz2abf03c2021-06-25 14:40:09 +0200[diff] [blame]1998 TEST_ASSERT( client.ssl.out_buf_len ==
1999 mbedtls_ssl_get_output_buflen( &client.ssl ) );
2000 TEST_ASSERT( client.ssl.in_buf_len ==
2001 mbedtls_ssl_get_input_buflen( &client.ssl ) );
2002 TEST_ASSERT( server.ssl.out_buf_len ==
2003 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2004 TEST_ASSERT( server.ssl.in_buf_len ==
2005 mbedtls_ssl_get_input_buflen( &server.ssl ) );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2006 }
2007#endif
2008
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2009 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
2010 {
2011 /* Start data exchanging test */
2012 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
2013 options->expected_cli_fragments,
2014 &(server.ssl), options->srv_msg_len,
2015 options->expected_srv_fragments )
2016 == 0 );
2017 }
2018#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2019 if( options->serialize == 1 )
2020 {
2021 TEST_ASSERT( options->dtls == 1 );
2022
2023 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
2024 0, &context_buf_len )
2025 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2026
2027 context_buf = mbedtls_calloc( 1, context_buf_len );
2028 TEST_ASSERT( context_buf != NULL );
2029
2030 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
2031 context_buf_len,
2032 &context_buf_len ) == 0 );
2033
2034 mbedtls_ssl_free( &(server.ssl) );
2035 mbedtls_ssl_init( &(server.ssl) );
2036
2037 TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
2038
2039 mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
2040 mbedtls_mock_tcp_send_msg,
2041 mbedtls_mock_tcp_recv_msg,
2042 NULL );
2043
2044#if defined(MBEDTLS_TIMING_C)
2045 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
2046 mbedtls_timing_set_delay,
2047 mbedtls_timing_get_delay );
2048#endif
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2049#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2050 if( options->resize_buffers != 0 )
2051 {
2052 /* Ensure that the buffer sizes are appropriate before resizes */
2053 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
2054 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
2055 }
2056#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2057 TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
2058 context_buf_len ) == 0 );
2059
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2060#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2061 /* Validate buffer sizes after context deserialization */
2062 if( options->resize_buffers != 0 )
2063 {
2064 TEST_ASSERT( server.ssl.out_buf_len ==
2065 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2066 TEST_ASSERT( server.ssl.in_buf_len ==
2067 mbedtls_ssl_get_input_buflen( &server.ssl ) );
2068 }
2069#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2070 /* Retest writing/reading */
2071 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
2072 {
2073 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
2074 options->cli_msg_len,
2075 options->expected_cli_fragments,
2076 &(server.ssl),
2077 options->srv_msg_len,
2078 options->expected_srv_fragments )
2079 == 0 );
2080 }
2081 }
2082#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2083
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2084#if defined(MBEDTLS_SSL_RENEGOTIATION)
2085 if( options->renegotiate )
2086 {
2087 /* Start test with renegotiation */
2088 TEST_ASSERT( server.ssl.renego_status ==
2089 MBEDTLS_SSL_INITIAL_HANDSHAKE );
2090 TEST_ASSERT( client.ssl.renego_status ==
2091 MBEDTLS_SSL_INITIAL_HANDSHAKE );
2092
2093 /* After calling this function for the server, it only sends a handshake
2094 * request. All renegotiation should happen during data exchanging */
2095 TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
2096 TEST_ASSERT( server.ssl.renego_status ==
2097 MBEDTLS_SSL_RENEGOTIATION_PENDING );
2098 TEST_ASSERT( client.ssl.renego_status ==
2099 MBEDTLS_SSL_INITIAL_HANDSHAKE );
2100
2101 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
2102 TEST_ASSERT( server.ssl.renego_status ==
2103 MBEDTLS_SSL_RENEGOTIATION_DONE );
2104 TEST_ASSERT( client.ssl.renego_status ==
2105 MBEDTLS_SSL_RENEGOTIATION_DONE );
2106
2107 /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
2108 * should happen inside this function. However in this test, we cannot
2109 * perform simultaneous communication betwen client and server so this
2110 * function will return waiting error on the socket. All rest of
2111 * renegotiation should happen during data exchanging */
2112 ret = mbedtls_ssl_renegotiate( &(client.ssl) );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2113#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2114 if( options->resize_buffers != 0 )
2115 {
2116 /* Ensure that the buffer sizes are appropriate before resizes */
2117 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
2118 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
2119 }
2120#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2121 TEST_ASSERT( ret == 0 ||
2122 ret == MBEDTLS_ERR_SSL_WANT_READ ||
2123 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2124 TEST_ASSERT( server.ssl.renego_status ==
2125 MBEDTLS_SSL_RENEGOTIATION_DONE );
2126 TEST_ASSERT( client.ssl.renego_status ==
2127 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
2128
2129 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
2130 TEST_ASSERT( server.ssl.renego_status ==
2131 MBEDTLS_SSL_RENEGOTIATION_DONE );
2132 TEST_ASSERT( client.ssl.renego_status ==
2133 MBEDTLS_SSL_RENEGOTIATION_DONE );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2134#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2135 /* Validate buffer sizes after renegotiation */
2136 if( options->resize_buffers != 0 )
2137 {
2138 TEST_ASSERT( client.ssl.out_buf_len ==
2139 mbedtls_ssl_get_output_buflen( &client.ssl ) );
2140 TEST_ASSERT( client.ssl.in_buf_len ==
2141 mbedtls_ssl_get_input_buflen( &client.ssl ) );
2142 TEST_ASSERT( server.ssl.out_buf_len ==
2143 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2144 TEST_ASSERT( server.ssl.in_buf_len ==
2145 mbedtls_ssl_get_input_buflen( &server.ssl ) );
2146 }
2147#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2148 }
2149#endif /* MBEDTLS_SSL_RENEGOTIATION */
2150
2151exit:
2152 mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
2153 mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2154#if defined (MBEDTLS_DEBUG_C)
2155 if( options->cli_log_fun || options->srv_log_fun )
2156 {
2157 mbedtls_debug_set_threshold( 0 );
2158 }
2159#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2160#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2161 if( context_buf != NULL )
2162 mbedtls_free( context_buf );
2163#endif
2164}
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]2165#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2166
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2167/* END_HEADER */
2168
2169/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2170 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2171 * END_DEPENDENCIES
2172 */
2173
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2174/* BEGIN_CASE */
2175void test_callback_buffer_sanity()
2176{
2177 enum { MSGLEN = 10 };
2178 mbedtls_test_buffer buf;
2179 unsigned char input[MSGLEN];
2180 unsigned char output[MSGLEN];
2181
2182 memset( input, 0, sizeof(input) );
2183
2184 /* Make sure calling put and get on NULL buffer results in error. */
2185 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
2186 == -1 );
2187 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
2188 == -1 );
2189 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2190
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2191 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
2192 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
2193
2194 /* Make sure calling put and get on a buffer that hasn't been set up results
2195 * in eror. */
2196 mbedtls_test_buffer_init( &buf );
2197
2198 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
2199 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
2200 == -1 );
2201 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2202
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2203 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
2204 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
2205
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2206 /* Make sure calling put and get on NULL input only results in
2207 * error if the length is not zero, and that a NULL output is valid for data
2208 * dropping.
2209 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2210
2211 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
2212
2213 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
2214 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]2215 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2216 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
2217 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
2218
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]2219 /* Make sure calling put several times in the row is safe */
2220
2221 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
2222 == sizeof( input ) );
2223 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
2224 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
2225 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
2226 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
2227
2228
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2229exit:
2230
2231 mbedtls_test_buffer_free( &buf );
2232}
2233/* END_CASE */
2234
2235/*
2236 * Test if the implementation of `mbedtls_test_buffer` related functions is
2237 * correct and works as expected.
2238 *
2239 * That is
2240 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
2241 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2242 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
2243 * bytes.
2244 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2245 * - All of the bytes we got match the bytes we put in in a FIFO manner.
2246 */
2247
2248/* BEGIN_CASE */
2249void test_callback_buffer( int size, int put1, int put1_ret,
2250 int get1, int get1_ret, int put2, int put2_ret,
2251 int get2, int get2_ret )
2252{
2253 enum { ROUNDS = 2 };
2254 size_t put[ROUNDS];
2255 int put_ret[ROUNDS];
2256 size_t get[ROUNDS];
2257 int get_ret[ROUNDS];
2258 mbedtls_test_buffer buf;
2259 unsigned char* input = NULL;
2260 size_t input_len;
2261 unsigned char* output = NULL;
2262 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2263 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]2264
2265 mbedtls_test_buffer_init( &buf );
2266 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
2267
2268 /* Check the sanity of input parameters and initialise local variables. That
2269 * is, ensure that the amount of data is not negative and that we are not
2270 * expecting more to put or get than we actually asked for. */
2271 TEST_ASSERT( put1 >= 0 );
2272 put[0] = put1;
2273 put_ret[0] = put1_ret;
2274 TEST_ASSERT( put1_ret <= put1 );
2275 TEST_ASSERT( put2 >= 0 );
2276 put[1] = put2;
2277 put_ret[1] = put2_ret;
2278 TEST_ASSERT( put2_ret <= put2 );
2279
2280 TEST_ASSERT( get1 >= 0 );
2281 get[0] = get1;
2282 get_ret[0] = get1_ret;
2283 TEST_ASSERT( get1_ret <= get1 );
2284 TEST_ASSERT( get2 >= 0 );
2285 get[1] = get2;
2286 get_ret[1] = get2_ret;
2287 TEST_ASSERT( get2_ret <= get2 );
2288
2289 input_len = 0;
2290 /* Calculate actual input and output lengths */
2291 for( j = 0; j < ROUNDS; j++ )
2292 {
2293 if( put_ret[j] > 0 )
2294 {
2295 input_len += put_ret[j];
2296 }
2297 }
2298 /* In order to always have a valid pointer we always allocate at least 1
2299 * byte. */
2300 if( input_len == 0 )
2301 input_len = 1;
2302 ASSERT_ALLOC( input, input_len );
2303
2304 output_len = 0;
2305 for( j = 0; j < ROUNDS; j++ )
2306 {
2307 if( get_ret[j] > 0 )
2308 {
2309 output_len += get_ret[j];
2310 }
2311 }
2312 TEST_ASSERT( output_len <= input_len );
2313 /* In order to always have a valid pointer we always allocate at least 1
2314 * byte. */
2315 if( output_len == 0 )
2316 output_len = 1;
2317 ASSERT_ALLOC( output, output_len );
2318
2319 /* Fill up the buffer with structured data so that unwanted changes
2320 * can be detected */
2321 for( i = 0; i < input_len; i++ )
2322 {
2323 input[i] = i & 0xFF;
2324 }
2325
2326 written = read = 0;
2327 for( j = 0; j < ROUNDS; j++ )
2328 {
2329 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
2330 input + written, put[j] ) );
2331 written += put_ret[j];
2332 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
2333 output + read, get[j] ) );
2334 read += get_ret[j];
2335 TEST_ASSERT( read <= written );
2336 if( get_ret[j] > 0 )
2337 {
2338 TEST_ASSERT( memcmp( output + read - get_ret[j],
2339 input + read - get_ret[j], get_ret[j] )
2340 == 0 );
2341 }
2342 }
2343
2344exit:
2345
2346 mbedtls_free( input );
2347 mbedtls_free( output );
2348 mbedtls_test_buffer_free( &buf );
2349}
2350/* END_CASE */
2351
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2352/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2353 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
2354 * correct and works as expected on unconnected sockets.
2355 */
2356
2357/* BEGIN_CASE */
2358void ssl_mock_sanity( )
2359{
2360 enum { MSGLEN = 105 };
Paul Elliott21c8fe52021-11-24 16:54:26 +0000[diff] [blame]2361 unsigned char message[MSGLEN] = { 0 };
2362 unsigned char received[MSGLEN] = { 0 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2363 mbedtls_mock_socket socket;
2364
2365 mbedtls_mock_socket_init( &socket );
2366 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
2367 mbedtls_mock_socket_close( &socket );
2368 mbedtls_mock_socket_init( &socket );
2369 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
2370 mbedtls_mock_socket_close( &socket );
2371
2372 mbedtls_mock_socket_init( &socket );
2373 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
2374 mbedtls_mock_socket_close( &socket );
2375 mbedtls_mock_socket_init( &socket );
2376 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
2377 mbedtls_mock_socket_close( &socket );
2378
2379exit:
2380
2381 mbedtls_mock_socket_close( &socket );
2382}
2383/* END_CASE */
2384
2385/*
2386 * Test if the implementation of `mbedtls_mock_socket` related functions can
2387 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2388 */
2389
2390/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2391void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2392{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2393 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2394 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2395 unsigned char message[MSGLEN];
2396 unsigned char received[MSGLEN];
2397 mbedtls_mock_socket client;
2398 mbedtls_mock_socket server;
2399 size_t written, read;
2400 int send_ret, recv_ret;
2401 mbedtls_ssl_send_t *send;
2402 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2403 unsigned i;
2404
2405 if( blocking == 0 )
2406 {
2407 send = mbedtls_mock_tcp_send_nb;
2408 recv = mbedtls_mock_tcp_recv_nb;
2409 }
2410 else
2411 {
2412 send = mbedtls_mock_tcp_send_b;
2413 recv = mbedtls_mock_tcp_recv_b;
2414 }
2415
2416 mbedtls_mock_socket_init( &client );
2417 mbedtls_mock_socket_init( &server );
2418
2419 /* Fill up the buffer with structured data so that unwanted changes
2420 * can be detected */
2421 for( i = 0; i < MSGLEN; i++ )
2422 {
2423 message[i] = i & 0xFF;
2424 }
2425
2426 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2427 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2428
2429 /* Send the message to the server */
2430 send_ret = recv_ret = 1;
2431 written = read = 0;
2432 while( send_ret != 0 || recv_ret != 0 )
2433 {
2434 send_ret = send( &client, message + written, MSGLEN - written );
2435
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2436 TEST_ASSERT( send_ret >= 0 );
2437 TEST_ASSERT( send_ret <= BUFLEN );
2438 written += send_ret;
2439
2440 /* If the buffer is full we can test blocking and non-blocking send */
2441 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2442 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2443 int blocking_ret = send( &client, message , 1 );
2444 if ( blocking )
2445 {
2446 TEST_ASSERT( blocking_ret == 0 );
2447 }
2448 else
2449 {
2450 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2451 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2452 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2453
2454 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2455
2456 /* The result depends on whether any data was sent */
2457 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2458 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2459 TEST_ASSERT( recv_ret > 0 );
2460 TEST_ASSERT( recv_ret <= BUFLEN );
2461 read += recv_ret;
2462 }
2463 else if( blocking )
2464 {
2465 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2466 }
2467 else
2468 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2469 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
2470 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2471 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2472
2473 /* If the buffer is empty we can test blocking and non-blocking read */
2474 if ( recv_ret == BUFLEN )
2475 {
2476 int blocking_ret = recv( &server, received, 1 );
2477 if ( blocking )
2478 {
2479 TEST_ASSERT( blocking_ret == 0 );
2480 }
2481 else
2482 {
2483 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2484 }
2485 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2486 }
2487 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2488
2489exit:
2490
2491 mbedtls_mock_socket_close( &client );
2492 mbedtls_mock_socket_close( &server );
2493}
2494/* END_CASE */
2495
2496/*
2497 * Test if the implementation of `mbedtls_mock_socket` related functions can
2498 * send messages in both direction at the same time (with the I/O calls
2499 * interleaving).
2500 */
2501
2502/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2503void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]2504{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2505 enum { ROUNDS = 2 };
2506 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2507 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2508 unsigned char message[ROUNDS][MSGLEN];
2509 unsigned char received[ROUNDS][MSGLEN];
2510 mbedtls_mock_socket client;
2511 mbedtls_mock_socket server;
2512 size_t written[ROUNDS];
2513 size_t read[ROUNDS];
2514 int send_ret[ROUNDS];
2515 int recv_ret[ROUNDS];
2516 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2517 mbedtls_ssl_send_t *send;
2518 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2519
2520 if( blocking == 0 )
2521 {
2522 send = mbedtls_mock_tcp_send_nb;
2523 recv = mbedtls_mock_tcp_recv_nb;
2524 }
2525 else
2526 {
2527 send = mbedtls_mock_tcp_send_b;
2528 recv = mbedtls_mock_tcp_recv_b;
2529 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2530
2531 mbedtls_mock_socket_init( &client );
2532 mbedtls_mock_socket_init( &server );
2533
2534 /* Fill up the buffers with structured data so that unwanted changes
2535 * can be detected */
2536 for( i = 0; i < ROUNDS; i++ )
2537 {
2538 for( j = 0; j < MSGLEN; j++ )
2539 {
2540 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
2541 }
2542 }
2543
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2544 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2545 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2546
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2547 /* Send the message from both sides, interleaving. */
2548 progress = 1;
2549 for( i = 0; i < ROUNDS; i++ )
2550 {
2551 written[i] = 0;
2552 read[i] = 0;
2553 }
2554 /* This loop does not stop as long as there was a successful write or read
2555 * of at least one byte on either side. */
2556 while( progress != 0 )
2557 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2558 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2559
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2560 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2561 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2562 /* First sending is from the client */
2563 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2564
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2565 send_ret[i] = send( socket, message[i] + written[i],
2566 MSGLEN - written[i] );
2567 TEST_ASSERT( send_ret[i] >= 0 );
2568 TEST_ASSERT( send_ret[i] <= BUFLEN );
2569 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2570
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2571 /* If the buffer is full we can test blocking and non-blocking
2572 * send */
2573 if ( send_ret[i] == BUFLEN )
2574 {
2575 int blocking_ret = send( socket, message[i] , 1 );
2576 if ( blocking )
2577 {
2578 TEST_ASSERT( blocking_ret == 0 );
2579 }
2580 else
2581 {
2582 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2583 }
2584 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2585 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2586
2587 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2588 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2589 /* First receiving is from the server */
2590 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
2591
2592 recv_ret[i] = recv( socket, received[i] + read[i],
2593 MSGLEN - read[i] );
2594
2595 /* The result depends on whether any data was sent */
2596 if ( send_ret[i] > 0 )
2597 {
2598 TEST_ASSERT( recv_ret[i] > 0 );
2599 TEST_ASSERT( recv_ret[i] <= BUFLEN );
2600 read[i] += recv_ret[i];
2601 }
2602 else if( blocking )
2603 {
2604 TEST_ASSERT( recv_ret[i] == 0 );
2605 }
2606 else
2607 {
2608 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
2609 recv_ret[i] = 0;
2610 }
2611
2612 /* If the buffer is empty we can test blocking and non-blocking
2613 * read */
2614 if ( recv_ret[i] == BUFLEN )
2615 {
2616 int blocking_ret = recv( socket, received[i], 1 );
2617 if ( blocking )
2618 {
2619 TEST_ASSERT( blocking_ret == 0 );
2620 }
2621 else
2622 {
2623 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2624 }
2625 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]2626 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2627
2628 progress = 0;
2629 for( i = 0; i < ROUNDS; i++ )
2630 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]2631 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]2632 }
2633 }
2634
2635 for( i = 0; i < ROUNDS; i++ )
2636 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
2637
2638exit:
2639
2640 mbedtls_mock_socket_close( &client );
2641 mbedtls_mock_socket_close( &server );
2642}
2643/* END_CASE */
2644
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2645/* BEGIN_CASE */
2646void ssl_message_queue_sanity( )
2647{
2648 mbedtls_test_message_queue queue;
2649
2650 /* Trying to push/pull to an empty queue */
2651 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
2652 == MBEDTLS_TEST_ERROR_ARG_NULL );
2653 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
2654 == MBEDTLS_TEST_ERROR_ARG_NULL );
2655
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2656 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2657 TEST_ASSERT( queue.capacity == 3 );
2658 TEST_ASSERT( queue.num == 0 );
2659
2660exit:
2661 mbedtls_test_message_queue_free( &queue );
2662}
2663/* END_CASE */
2664
2665/* BEGIN_CASE */
2666void ssl_message_queue_basic( )
2667{
2668 mbedtls_test_message_queue queue;
2669
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2670 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2671
2672 /* Sanity test - 3 pushes and 3 pops with sufficient space */
2673 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2674 TEST_ASSERT( queue.capacity == 3 );
2675 TEST_ASSERT( queue.num == 1 );
2676 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2677 TEST_ASSERT( queue.capacity == 3 );
2678 TEST_ASSERT( queue.num == 2 );
2679 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2680 TEST_ASSERT( queue.capacity == 3 );
2681 TEST_ASSERT( queue.num == 3 );
2682
2683 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2684 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2685 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2686
2687exit:
2688 mbedtls_test_message_queue_free( &queue );
2689}
2690/* END_CASE */
2691
2692/* BEGIN_CASE */
2693void ssl_message_queue_overflow_underflow( )
2694{
2695 mbedtls_test_message_queue queue;
2696
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2697 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2698
2699 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
2700 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2701 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2702 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2703 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2704 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2705
2706 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2707 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2708 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2709
2710 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2711 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2712
2713exit:
2714 mbedtls_test_message_queue_free( &queue );
2715}
2716/* END_CASE */
2717
2718/* BEGIN_CASE */
2719void ssl_message_queue_interleaved( )
2720{
2721 mbedtls_test_message_queue queue;
2722
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2723 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2724
2725 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
2726 * (to wrap around the buffer) */
2727 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2728 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2729
2730 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2731
2732 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2733 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
2734
2735 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2736 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2737
2738 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
2739 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
2740
2741 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
2742
2743 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
2744
2745 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
2746
2747exit:
2748 mbedtls_test_message_queue_free( &queue );
2749}
2750/* END_CASE */
2751
2752/* BEGIN_CASE */
2753void ssl_message_queue_insufficient_buffer( )
2754{
2755 mbedtls_test_message_queue queue;
2756 size_t message_len = 10;
2757 size_t buffer_len = 5;
2758
Andrzej Kurek89bdc582020-03-09 06:29:43 -0400[diff] [blame]2759 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 1 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]2760
2761 /* Popping without a sufficient buffer */
2762 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
2763 == (int) message_len );
2764 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
2765 == (int) buffer_len );
2766exit:
2767 mbedtls_test_message_queue_free( &queue );
2768}
2769/* END_CASE */
2770
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2771/* BEGIN_CASE */
2772void ssl_message_mock_uninitialized( )
2773{
2774 enum { MSGLEN = 10 };
Shawn Carey03092f52021-05-13 10:38:32 -0400[diff] [blame]2775 unsigned char message[MSGLEN] = {0}, received[MSGLEN];
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2776 mbedtls_mock_socket client, server;
2777 mbedtls_test_message_queue server_queue, client_queue;
2778 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2779 mbedtls_message_socket_init( &server_context );
2780 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2781
2782 /* Send with a NULL context */
2783 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
2784 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2785
2786 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
2787 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2788
2789 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2790 &server,
2791 &server_context ) == 0 );
2792
2793 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2794 &client,
2795 &client_context ) == 0 );
2796
2797 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
2798 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2799
2800 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2801 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2802
2803 /* Push directly to a queue to later simulate a disconnected behavior */
2804 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
2805 == MSGLEN );
2806
2807 /* Test if there's an error when trying to read from a disconnected
2808 * socket */
2809 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2810 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2811 exit:
2812 mbedtls_message_socket_close( &server_context );
2813 mbedtls_message_socket_close( &client_context );
2814}
2815/* END_CASE */
2816
2817/* BEGIN_CASE */
2818void ssl_message_mock_basic( )
2819{
2820 enum { MSGLEN = 10 };
2821 unsigned char message[MSGLEN], received[MSGLEN];
2822 mbedtls_mock_socket client, server;
2823 unsigned i;
2824 mbedtls_test_message_queue server_queue, client_queue;
2825 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2826 mbedtls_message_socket_init( &server_context );
2827 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2828
2829 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2830 &server,
2831 &server_context ) == 0 );
2832
2833 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2834 &client,
2835 &client_context ) == 0 );
2836
2837 /* Fill up the buffer with structured data so that unwanted changes
2838 * can be detected */
2839 for( i = 0; i < MSGLEN; i++ )
2840 {
2841 message[i] = i & 0xFF;
2842 }
2843 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2844 MSGLEN ) );
2845
2846 /* Send the message to the server */
2847 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2848 MSGLEN ) == MSGLEN );
2849
2850 /* Read from the server */
2851 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2852 == MSGLEN );
2853
2854 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2855 memset( received, 0, MSGLEN );
2856
2857 /* Send the message to the client */
2858 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2859 MSGLEN ) == MSGLEN );
2860
2861 /* Read from the client */
2862 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2863 == MSGLEN );
2864 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2865
2866 exit:
2867 mbedtls_message_socket_close( &server_context );
2868 mbedtls_message_socket_close( &client_context );
2869}
2870/* END_CASE */
2871
2872/* BEGIN_CASE */
2873void ssl_message_mock_queue_overflow_underflow( )
2874{
2875 enum { MSGLEN = 10 };
2876 unsigned char message[MSGLEN], received[MSGLEN];
2877 mbedtls_mock_socket client, server;
2878 unsigned i;
2879 mbedtls_test_message_queue server_queue, client_queue;
2880 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2881 mbedtls_message_socket_init( &server_context );
2882 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2883
2884 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2885 &server,
2886 &server_context ) == 0 );
2887
2888 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2889 &client,
2890 &client_context ) == 0 );
2891
2892 /* Fill up the buffer with structured data so that unwanted changes
2893 * can be detected */
2894 for( i = 0; i < MSGLEN; i++ )
2895 {
2896 message[i] = i & 0xFF;
2897 }
2898 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2899 MSGLEN*2 ) );
2900
2901 /* Send three message to the server, last one with an error */
2902 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2903 MSGLEN - 1 ) == MSGLEN - 1 );
2904
2905 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2906 MSGLEN ) == MSGLEN );
2907
2908 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2909 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2910 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2911
2912 /* Read three messages from the server, last one with an error */
2913 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2914 MSGLEN - 1 ) == MSGLEN - 1 );
2915
2916 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2917 == MSGLEN );
2918
2919 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2920
2921 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2922 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2923
2924 exit:
2925 mbedtls_message_socket_close( &server_context );
2926 mbedtls_message_socket_close( &client_context );
2927}
2928/* END_CASE */
2929
2930/* BEGIN_CASE */
2931void ssl_message_mock_socket_overflow( )
2932{
2933 enum { MSGLEN = 10 };
2934 unsigned char message[MSGLEN], received[MSGLEN];
2935 mbedtls_mock_socket client, server;
2936 unsigned i;
2937 mbedtls_test_message_queue server_queue, client_queue;
2938 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2939 mbedtls_message_socket_init( &server_context );
2940 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2941
2942 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2943 &server,
2944 &server_context ) == 0 );
2945
2946 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2947 &client,
2948 &client_context ) == 0 );
2949
2950 /* Fill up the buffer with structured data so that unwanted changes
2951 * can be detected */
2952 for( i = 0; i < MSGLEN; i++ )
2953 {
2954 message[i] = i & 0xFF;
2955 }
2956 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2957 MSGLEN ) );
2958
2959 /* Send two message to the server, second one with an error */
2960 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2961 MSGLEN ) == MSGLEN );
2962
2963 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2964 MSGLEN )
2965 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2966
2967 /* Read the only message from the server */
2968 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2969 == MSGLEN );
2970
2971 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2972
2973 exit:
2974 mbedtls_message_socket_close( &server_context );
2975 mbedtls_message_socket_close( &client_context );
2976}
2977/* END_CASE */
2978
2979/* BEGIN_CASE */
2980void ssl_message_mock_truncated( )
2981{
2982 enum { MSGLEN = 10 };
2983 unsigned char message[MSGLEN], received[MSGLEN];
2984 mbedtls_mock_socket client, server;
2985 unsigned i;
2986 mbedtls_test_message_queue server_queue, client_queue;
2987 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]2988 mbedtls_message_socket_init( &server_context );
2989 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2990
2991 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2992 &server,
2993 &server_context ) == 0 );
2994
2995 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2996 &client,
2997 &client_context ) == 0 );
2998
2999 memset( received, 0, MSGLEN );
3000 /* Fill up the buffer with structured data so that unwanted changes
3001 * can be detected */
3002 for( i = 0; i < MSGLEN; i++ )
3003 {
3004 message[i] = i & 0xFF;
3005 }
3006 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3007 2 * MSGLEN ) );
3008
3009 /* Send two messages to the server, the second one small enough to fit in the
3010 * receiver's buffer. */
3011 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3012 MSGLEN ) == MSGLEN );
3013 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3014 MSGLEN / 2 ) == MSGLEN / 2 );
3015 /* Read a truncated message from the server */
3016 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
3017 == MSGLEN/2 );
3018
3019 /* Test that the first half of the message is valid, and second one isn't */
3020 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
3021 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
3022 != 0 );
3023 memset( received, 0, MSGLEN );
3024
3025 /* Read a full message from the server */
3026 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
3027 == MSGLEN / 2 );
3028
3029 /* Test that the first half of the message is valid */
3030 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
3031
3032 exit:
3033 mbedtls_message_socket_close( &server_context );
3034 mbedtls_message_socket_close( &client_context );
3035}
3036/* END_CASE */
3037
3038/* BEGIN_CASE */
3039void ssl_message_mock_socket_read_error( )
3040{
3041 enum { MSGLEN = 10 };
3042 unsigned char message[MSGLEN], received[MSGLEN];
3043 mbedtls_mock_socket client, server;
3044 unsigned i;
3045 mbedtls_test_message_queue server_queue, client_queue;
3046 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3047 mbedtls_message_socket_init( &server_context );
3048 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3049
3050 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
3051 &server,
3052 &server_context ) == 0 );
3053
3054 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
3055 &client,
3056 &client_context ) == 0 );
3057
3058 /* Fill up the buffer with structured data so that unwanted changes
3059 * can be detected */
3060 for( i = 0; i < MSGLEN; i++ )
3061 {
3062 message[i] = i & 0xFF;
3063 }
3064 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3065 MSGLEN ) );
3066
3067 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3068 MSGLEN ) == MSGLEN );
3069
3070 /* Force a read error by disconnecting the socket by hand */
3071 server.status = 0;
3072 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
3073 == MBEDTLS_TEST_ERROR_RECV_FAILED );
3074 /* Return to a valid state */
3075 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
3076
3077 memset( received, 0, sizeof( received ) );
3078
3079 /* Test that even though the server tried to read once disconnected, the
3080 * continuity is preserved */
3081 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
3082 == MSGLEN );
3083
3084 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3085
3086 exit:
3087 mbedtls_message_socket_close( &server_context );
3088 mbedtls_message_socket_close( &client_context );
3089}
3090/* END_CASE */
3091
3092/* BEGIN_CASE */
3093void ssl_message_mock_interleaved_one_way( )
3094{
3095 enum { MSGLEN = 10 };
3096 unsigned char message[MSGLEN], received[MSGLEN];
3097 mbedtls_mock_socket client, server;
3098 unsigned i;
3099 mbedtls_test_message_queue server_queue, client_queue;
3100 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3101 mbedtls_message_socket_init( &server_context );
3102 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3103
3104 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
3105 &server,
3106 &server_context ) == 0 );
3107
3108 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
3109 &client,
3110 &client_context ) == 0 );
3111
3112 /* Fill up the buffer with structured data so that unwanted changes
3113 * can be detected */
3114 for( i = 0; i < MSGLEN; i++ )
3115 {
3116 message[i] = i & 0xFF;
3117 }
3118 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3119 MSGLEN*3 ) );
3120
3121 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
3122 * (to wrap around the buffer) */
3123 for( i = 0; i < 2; i++ )
3124 {
3125 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3126 MSGLEN ) == MSGLEN );
3127
3128 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3129 MSGLEN ) == MSGLEN );
3130
3131 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3132 MSGLEN ) == MSGLEN );
3133 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3134 memset( received, 0, sizeof( received ) );
3135 }
3136
3137 for( i = 0; i < 2; i++ )
3138 {
3139 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3140 MSGLEN ) == MSGLEN );
3141
3142 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3143 }
3144 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3145 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3146 exit:
3147 mbedtls_message_socket_close( &server_context );
3148 mbedtls_message_socket_close( &client_context );
3149}
3150/* END_CASE */
3151
3152/* BEGIN_CASE */
3153void ssl_message_mock_interleaved_two_ways( )
3154{
3155 enum { MSGLEN = 10 };
3156 unsigned char message[MSGLEN], received[MSGLEN];
3157 mbedtls_mock_socket client, server;
3158 unsigned i;
3159 mbedtls_test_message_queue server_queue, client_queue;
3160 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500[diff] [blame]3161 mbedtls_message_socket_init( &server_context );
3162 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3163
3164 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
3165 &server,
3166 &server_context ) == 0 );
3167
3168 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
3169 &client,
3170 &client_context ) == 0 );
3171
3172 /* Fill up the buffer with structured data so that unwanted changes
3173 * can be detected */
3174 for( i = 0; i < MSGLEN; i++ )
3175 {
3176 message[i] = i & 0xFF;
3177 }
3178 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3179 MSGLEN*3 ) );
3180
3181 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
3182 * (to wrap around the buffer) both ways. */
3183 for( i = 0; i < 2; i++ )
3184 {
3185 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3186 MSGLEN ) == MSGLEN );
3187
3188 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3189 MSGLEN ) == MSGLEN );
3190
3191 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3192 MSGLEN ) == MSGLEN );
3193
3194 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3195 MSGLEN ) == MSGLEN );
3196
3197 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3198 MSGLEN ) == MSGLEN );
3199
3200 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3201
3202 memset( received, 0, sizeof( received ) );
3203
3204 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3205 MSGLEN ) == MSGLEN );
3206
3207 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3208
3209 memset( received, 0, sizeof( received ) );
3210 }
3211
3212 for( i = 0; i < 2; i++ )
3213 {
3214 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3215 MSGLEN ) == MSGLEN );
3216
3217 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3218 memset( received, 0, sizeof( received ) );
3219
3220 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3221 MSGLEN ) == MSGLEN );
3222
3223 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3224 memset( received, 0, sizeof( received ) );
3225 }
3226
3227 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3228 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3229
3230 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]3231 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]3232 exit:
3233 mbedtls_message_socket_close( &server_context );
3234 mbedtls_message_socket_close( &client_context );
3235}
3236/* END_CASE */
3237
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3238/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]3239void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3240{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3241 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3242 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3243 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3244
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]3245 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3246 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]3247
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]3248 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
3249 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]3250 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
3251 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3252 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3253
3254 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3255 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3256 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3257 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3258 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3259 }
3260
3261 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]3262 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3263 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3264
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3265 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]3266 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]3267}
3268/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]3269
3270/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
3271void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
3272{
3273 mbedtls_ssl_context ssl;
3274 mbedtls_ssl_init( &ssl );
3275
3276 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
3277 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
3278
3279 mbedtls_ssl_free( &ssl );
3280}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]3281/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3282
3283/* BEGIN_CASE */
3284void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3285 int etm, int tag_mode, int ver,
3286 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3287{
3288 /*
3289 * Test several record encryptions and decryptions
3290 * with plenty of space before and after the data
3291 * within the record buffer.
3292 */
3293
3294 int ret;
3295 int num_records = 16;
3296 mbedtls_ssl_context ssl; /* ONLY for debugging */
3297
3298 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3299 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3300 size_t const buflen = 512;
3301 mbedtls_record rec, rec_backup;
3302
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3303 USE_PSA_INIT( );
3304
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3305 mbedtls_ssl_init( &ssl );
3306 mbedtls_ssl_transform_init( &t0 );
3307 mbedtls_ssl_transform_init( &t1 );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3308 ret = build_transforms( &t0, &t1, cipher_type, hash_id,
3309 etm, tag_mode, ver,
3310 (size_t) cid0_len,
3311 (size_t) cid1_len );
3312
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3313 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3314
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3315 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3316
3317 while( num_records-- > 0 )
3318 {
3319 mbedtls_ssl_transform *t_dec, *t_enc;
3320 /* Take turns in who's sending and who's receiving. */
3321 if( num_records % 3 == 0 )
3322 {
3323 t_dec = &t0;
3324 t_enc = &t1;
3325 }
3326 else
3327 {
3328 t_dec = &t1;
3329 t_enc = &t0;
3330 }
3331
3332 /*
3333 * The record header affects the transformation in two ways:
3334 * 1) It determines the AEAD additional data
3335 * 2) The record counter sometimes determines the IV.
3336 *
3337 * Apart from that, the fields don't have influence.
3338 * In particular, it is currently not the responsibility
3339 * of ssl_encrypt/decrypt_buf to check if the transform
3340 * version matches the record version, or that the
3341 * type is sensible.
3342 */
3343
3344 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
3345 rec.type = 42;
3346 rec.ver[0] = num_records;
3347 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3348#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3349 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3350#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3351
3352 rec.buf = buf;
3353 rec.buf_len = buflen;
3354 rec.data_offset = 16;
3355 /* Make sure to vary the length to exercise different
3356 * paddings. */
3357 rec.data_len = 1 + num_records;
3358
3359 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3360
3361 /* Make a copy for later comparison */
3362 rec_backup = rec;
3363
3364 /* Encrypt record */
3365 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
Ronald Cron351f0ee2020-06-10 12:12:18 +0200[diff] [blame]3366 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3367 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3368 if( ret != 0 )
3369 {
3370 continue;
3371 }
3372
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3373#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3374 if( rec.cid_len != 0 )
3375 {
3376 /* DTLS 1.2 + CID hides the real content type and
3377 * uses a special CID content type in the protected
3378 * record. Double-check this. */
3379 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3380 }
3381#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3382
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3383#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3384 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3385 {
3386 /* TLS 1.3 hides the real content type and
3387 * always uses Application Data as the content type
3388 * for protected records. Double-check this. */
3389 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3390 }
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3391#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3392
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3393 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3394 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
3395 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3396
3397 /* Compare results */
3398 TEST_ASSERT( rec.type == rec_backup.type );
3399 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3400 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3401 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3402 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3403 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3404 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3405 rec_backup.buf + rec_backup.data_offset,
3406 rec.data_len ) == 0 );
3407 }
3408
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3409exit:
3410
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3411 /* Cleanup */
3412 mbedtls_ssl_free( &ssl );
3413 mbedtls_ssl_transform_free( &t0 );
3414 mbedtls_ssl_transform_free( &t1 );
3415
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3416 mbedtls_free( buf );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3417 USE_PSA_DONE( );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]3418}
3419/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3420
3421/* BEGIN_CASE */
3422void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3423 int etm, int tag_mode, int ver,
3424 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3425{
3426 /*
3427 * Test pairs of encryption and decryption with an increasing
3428 * amount of space in the record buffer - in more detail:
3429 * 1) Try to encrypt with 0, 1, 2, ... bytes available
3430 * in front of the plaintext, and expect the encryption
3431 * to succeed starting from some offset. Always keep
3432 * enough space in the end of the buffer.
3433 * 2) Try to encrypt with 0, 1, 2, ... bytes available
3434 * at the end of the plaintext, and expect the encryption
3435 * to succeed starting from some offset. Always keep
3436 * enough space at the beginning of the buffer.
3437 * 3) Try to encrypt with 0, 1, 2, ... bytes available
3438 * both at the front and end of the plaintext,
3439 * and expect the encryption to succeed starting from
3440 * some offset.
3441 *
3442 * If encryption succeeds, check that decryption succeeds
3443 * and yields the original record.
3444 */
3445
3446 mbedtls_ssl_context ssl; /* ONLY for debugging */
3447
3448 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3449 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3450 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3451 mbedtls_record rec, rec_backup;
3452
3453 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3454 int mode; /* Mode 1, 2 or 3 as explained above */
3455 size_t offset; /* Available space at beginning/end/both */
3456 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3457
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3458 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
3459 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3460
3461 int seen_success; /* Indicates if in the current mode we've
3462 * already seen a successful test. */
3463
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3464 USE_PSA_INIT( );
3465
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3466 mbedtls_ssl_init( &ssl );
3467 mbedtls_ssl_transform_init( &t0 );
3468 mbedtls_ssl_transform_init( &t1 );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3469 ret = build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3470 etm, tag_mode, ver,
3471 (size_t) cid0_len,
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3472 (size_t) cid1_len );
3473
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3474 TEST_ASSERT( ret == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3475
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3476 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3477
3478 for( mode=1; mode <= 3; mode++ )
3479 {
3480 seen_success = 0;
3481 for( offset=0; offset <= threshold; offset++ )
3482 {
3483 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]3484 t_dec = &t0;
3485 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3486
3487 memset( rec.ctr, offset, sizeof( rec.ctr ) );
3488 rec.type = 42;
3489 rec.ver[0] = offset;
3490 rec.ver[1] = offset;
3491 rec.buf = buf;
3492 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3493#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]3494 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]3495#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3496
3497 switch( mode )
3498 {
3499 case 1: /* Space in the beginning */
3500 rec.data_offset = offset;
3501 rec.data_len = buflen - offset - default_post_padding;
3502 break;
3503
3504 case 2: /* Space in the end */
3505 rec.data_offset = default_pre_padding;
3506 rec.data_len = buflen - default_pre_padding - offset;
3507 break;
3508
3509 case 3: /* Space in the beginning and end */
3510 rec.data_offset = offset;
3511 rec.data_len = buflen - 2 * offset;
3512 break;
3513
3514 default:
3515 TEST_ASSERT( 0 );
3516 break;
3517 }
3518
3519 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3520
3521 /* Make a copy for later comparison */
3522 rec_backup = rec;
3523
3524 /* Encrypt record */
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200[diff] [blame]3525 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
3526 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3527
3528 if( ( mode == 1 || mode == 2 ) && seen_success )
3529 {
3530 TEST_ASSERT( ret == 0 );
3531 }
3532 else
3533 {
3534 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3535 if( ret == 0 )
3536 seen_success = 1;
3537 }
3538
3539 if( ret != 0 )
3540 continue;
3541
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3542#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3543 if( rec.cid_len != 0 )
3544 {
3545 /* DTLS 1.2 + CID hides the real content type and
3546 * uses a special CID content type in the protected
3547 * record. Double-check this. */
3548 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3549 }
3550#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3551
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3552#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3553 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3554 {
3555 /* TLS 1.3 hides the real content type and
3556 * always uses Application Data as the content type
3557 * for protected records. Double-check this. */
3558 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3559 }
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3560#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]3561
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3562 /* Decrypt record with t_dec */
3563 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
3564
3565 /* Compare results */
3566 TEST_ASSERT( rec.type == rec_backup.type );
3567 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3568 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3569 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3570 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3571 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3572 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3573 rec_backup.buf + rec_backup.data_offset,
3574 rec.data_len ) == 0 );
3575 }
3576
3577 TEST_ASSERT( seen_success == 1 );
3578 }
3579
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]3580exit:
3581
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3582 /* Cleanup */
3583 mbedtls_ssl_free( &ssl );
3584 mbedtls_ssl_transform_free( &t0 );
3585 mbedtls_ssl_transform_free( &t1 );
3586
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]3587 mbedtls_free( buf );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3588 USE_PSA_DONE( );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]3589}
3590/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]3591
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3592/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3593void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3594 int length_selector )
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3595{
3596 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3597 * Test record decryption for CBC without EtM, focused on the verification
3598 * of padding and MAC.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3599 *
TRodziewicz299510e2021-07-09 16:55:11 +0200[diff] [blame]3600 * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
3601 * the test framework doesn't support alternation in dependency statements,
3602 * just depend on AES.
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3603 *
3604 * The length_selector argument is interpreted as follows:
3605 * - if it's -1, the plaintext length is 0 and minimal padding is applied
3606 * - if it's -2, the plaintext length is 0 and maximal padding is applied
3607 * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
3608 * it's the length of the rest of the padding, that is, excluding the
3609 * byte that encodes the length. The minimal non-zero plaintext length
3610 * that gives this padding_length is automatically selected.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3611 */
3612 mbedtls_ssl_context ssl; /* ONLY for debugging */
3613 mbedtls_ssl_transform t0, t1;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3614 mbedtls_record rec, rec_save;
3615 unsigned char *buf = NULL, *buf_save = NULL;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3616 size_t buflen, olen = 0;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3617 size_t plaintext_len, block_size, i;
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3618 unsigned char padlen; /* excluding the padding_length byte */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3619 unsigned char add_data[13];
3620 unsigned char mac[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3621 int exp_ret;
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3622 int ret;
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +0200[diff] [blame]3623 const unsigned char pad_max_len = 255; /* Per the standard */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3624
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3625 USE_PSA_INIT( );
3626
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3627 mbedtls_ssl_init( &ssl );
3628 mbedtls_ssl_transform_init( &t0 );
3629 mbedtls_ssl_transform_init( &t1 );
3630
3631 /* Set up transforms with dummy keys */
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3632 ret = build_transforms( &t0, &t1, cipher_type, hash_id,
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3633 0, trunc_hmac,
3634 MBEDTLS_SSL_MINOR_VERSION_3,
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3635 0 , 0 );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3636
Przemyslaw Stekiel4a36dd32022-01-25 00:43:58 +0100[diff] [blame]3637 TEST_ASSERT( ret == 0 );
3638
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3639 /* Determine padding/plaintext length */
3640 TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3641 block_size = t0.ivlen;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3642 if( length_selector < 0 )
3643 {
3644 plaintext_len = 0;
3645
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3646 /* Minimal padding
3647 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3648 padlen = block_size - ( t0.maclen + 1 ) % block_size;
3649
3650 /* Maximal padding? */
3651 if( length_selector == -2 )
3652 padlen += block_size * ( ( pad_max_len - padlen ) / block_size );
3653 }
3654 else
3655 {
3656 padlen = length_selector;
3657
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +0200[diff] [blame]3658 /* Minimal non-zero plaintext_length giving desired padding.
3659 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +0200[diff] [blame]3660 plaintext_len = block_size - ( padlen + t0.maclen + 1 ) % block_size;
3661 }
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3662
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3663 /* Prepare a buffer for record data */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3664 buflen = block_size
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3665 + plaintext_len
3666 + t0.maclen
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3667 + padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3668 ASSERT_ALLOC( buf, buflen );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3669 ASSERT_ALLOC( buf_save, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3670
3671 /* Prepare a dummy record header */
3672 memset( rec.ctr, 0, sizeof( rec.ctr ) );
3673 rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
3674 rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
3675 rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
3676#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3677 rec.cid_len = 0;
3678#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3679
3680 /* Prepare dummy record content */
3681 rec.buf = buf;
3682 rec.buf_len = buflen;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3683 rec.data_offset = block_size;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3684 rec.data_len = plaintext_len;
3685 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3686
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3687 /* Serialized version of record header for MAC purposes */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3688 memcpy( add_data, rec.ctr, 8 );
3689 add_data[8] = rec.type;
3690 add_data[9] = rec.ver[0];
3691 add_data[10] = rec.ver[1];
3692 add_data[11] = ( rec.data_len >> 8 ) & 0xff;
3693 add_data[12] = ( rec.data_len >> 0 ) & 0xff;
3694
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3695 /* Set dummy IV */
3696 memset( t0.iv_enc, 0x55, t0.ivlen );
3697 memcpy( rec.buf, t0.iv_enc, t0.ivlen );
3698
3699 /*
3700 * Prepare a pre-encryption record (with MAC and padding), and save it.
3701 */
3702
3703 /* MAC with additional data */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3704 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
3705 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
3706 rec.buf + rec.data_offset,
3707 rec.data_len ) );
3708 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
3709
3710 memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
3711 rec.data_len += t0.maclen;
3712
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3713 /* Pad */
3714 memset( rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1 );
3715 rec.data_len += padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3716
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3717 /* Save correct pre-encryption record */
3718 rec_save = rec;
3719 rec_save.buf = buf_save;
3720 memcpy( buf_save, buf, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3721
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3722 /*
3723 * Encrypt and decrypt the correct record, expecting success
3724 */
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3725 TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3726 rec.buf + rec.data_offset, rec.data_len,
3727 rec.buf + rec.data_offset, &olen ) );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3728 rec.data_offset -= t0.ivlen;
3729 rec.data_len += t0.ivlen;
3730
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3731 TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3732
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3733 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3734 * Modify each byte of the pre-encryption record before encrypting and
3735 * decrypting it, expecting failure every time.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3736 */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3737 for( i = block_size; i < buflen; i++ )
3738 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]3739 mbedtls_test_set_step( i );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3740
3741 /* Restore correct pre-encryption record */
3742 rec = rec_save;
3743 rec.buf = buf;
3744 memcpy( buf, buf_save, buflen );
3745
Manuel Pégourié-Gonnardb51f0442020-07-21 10:40:25 +0200[diff] [blame]3746 /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3747 rec.buf[i] ^= 0x01;
3748
3749 /* Encrypt */
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3750 TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3751 rec.buf + rec.data_offset, rec.data_len,
3752 rec.buf + rec.data_offset, &olen ) );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3753 rec.data_offset -= t0.ivlen;
3754 rec.data_len += t0.ivlen;
3755
3756 /* Decrypt and expect failure */
3757 TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
3758 mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3759 }
3760
3761 /*
3762 * Use larger values of the padding bytes - with small buffers, this tests
3763 * the case where the announced padlen would be larger than the buffer
3764 * (and before that, than the buffer minus the size of the MAC), to make
3765 * sure our padding checking code does not perform any out-of-bounds reads
3766 * in this case. (With larger buffers, ie when the plaintext is long or
3767 * maximal length padding is used, this is less relevant but still doesn't
3768 * hurt to test.)
3769 *
3770 * (Start the loop with correct padding, just to double-check that record
3771 * saving did work, and that we're overwriting the correct bytes.)
3772 */
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +0200[diff] [blame]3773 for( i = padlen; i <= pad_max_len; i++ )
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3774 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]3775 mbedtls_test_set_step( i );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3776
3777 /* Restore correct pre-encryption record */
3778 rec = rec_save;
3779 rec.buf = buf;
3780 memcpy( buf, buf_save, buflen );
3781
3782 /* Set padding bytes to new value */
3783 memset( buf + buflen - padlen - 1, i, padlen + 1 );
3784
3785 /* Encrypt */
Przemyslaw Stekiel8c010eb2022-02-03 10:44:02 +0100[diff] [blame]3786 TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
Przemyslaw Stekielf4facef2022-02-02 21:31:04 +0100[diff] [blame]3787 rec.buf + rec.data_offset, rec.data_len,
3788 rec.buf + rec.data_offset, &olen ) );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3789 rec.data_offset -= t0.ivlen;
3790 rec.data_len += t0.ivlen;
3791
3792 /* Decrypt and expect failure except the first time */
3793 exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
3794 TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3795 }
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3796
3797exit:
3798 mbedtls_ssl_free( &ssl );
3799 mbedtls_ssl_transform_free( &t0 );
3800 mbedtls_ssl_transform_free( &t1 );
3801 mbedtls_free( buf );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +0200[diff] [blame]3802 mbedtls_free( buf_save );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]3803 USE_PSA_DONE( );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +0200[diff] [blame]3804}
3805/* END_CASE */
3806
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3807/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
3808void psa_hkdf_expand( int alg, char *hex_info_string,
3809 char *hex_prk_string, char *hex_okm_string )
3810{
3811 enum { OKM_LEN = 1024 };
3812 unsigned char *info = NULL;
3813 unsigned char *prk = NULL;
3814 unsigned char *okm = NULL;
3815 unsigned char *output_okm = NULL;
3816 size_t info_len, prk_len, okm_len;
3817
Gabor Mezei73812422022-02-15 16:24:58 +0100[diff] [blame^]3818 PSA_INIT( );
3819
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3820 ASSERT_ALLOC( output_okm, OKM_LEN );
3821
3822 prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
3823 info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len );
3824 okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len );
3825 TEST_ASSERT( prk_len == PSA_HASH_LENGTH( alg ) );
3826 TEST_ASSERT( okm_len < OKM_LEN );
3827
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3828 PSA_ASSERT( mbedtls_psa_hkdf_expand( alg, prk, prk_len, info, info_len,
3829 output_okm, OKM_LEN ) );
3830
3831 ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
3832
3833exit:
3834 mbedtls_free(info);
3835 mbedtls_free(prk);
3836 mbedtls_free(okm);
3837 mbedtls_free(output_okm);
3838
3839 PSA_DONE( );
3840}
3841/* END_CASE */
3842
3843/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
3844void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
3845{
3846 int output_ret;
3847 unsigned char *info = NULL;
3848 unsigned char *prk = NULL;
3849 unsigned char *okm = NULL;
3850 size_t info_len;
3851
Gabor Mezei73812422022-02-15 16:24:58 +0100[diff] [blame^]3852 PSA_INIT( );
3853
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3854 info_len = 0;
3855
3856 if (prk_len > 0)
3857 ASSERT_ALLOC( prk, prk_len );
3858
3859 if (okm_len > 0)
3860 ASSERT_ALLOC( okm, okm_len );
3861
Gabor Mezeib35759d2022-02-09 16:59:11 +0100[diff] [blame]3862 output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len,
3863 info, info_len,
3864 okm, okm_len );
3865 TEST_ASSERT( output_ret == ret );
3866
3867exit:
3868 mbedtls_free(prk);
3869 mbedtls_free(okm);
3870
3871 PSA_DONE( );
3872}
3873/* END_CASE */
3874
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3875/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3876void ssl_tls13_hkdf_expand_label( int hash_alg,
3877 data_t *secret,
3878 int label_idx,
3879 data_t *ctx,
3880 int desired_length,
3881 data_t *expected )
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3882{
3883 unsigned char dst[ 100 ];
3884
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3885 unsigned char const *lbl = NULL;
3886 size_t lbl_len;
Xiaofei Baid25fab62021-12-02 06:36:27 +0000[diff] [blame]3887#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
3888 if( label_idx == (int) tls13_label_ ## name ) \
3889 { \
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3890 lbl = mbedtls_ssl_tls13_labels.name; \
3891 lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3892 }
3893MBEDTLS_SSL_TLS1_3_LABEL_LIST
3894#undef MBEDTLS_SSL_TLS1_3_LABEL
3895 TEST_ASSERT( lbl != NULL );
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3896
3897 /* Check sanity of test parameters. */
3898 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3899 TEST_ASSERT( (size_t) desired_length == expected->len );
3900
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3901 TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3902 (mbedtls_md_type_t) hash_alg,
3903 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3904 lbl, lbl_len,
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3905 ctx->x, ctx->len,
3906 dst, desired_length ) == 0 );
3907
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3908 ASSERT_COMPARE( dst, (size_t) desired_length,
3909 expected->x, (size_t) expected->len );
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]3910}
3911/* END_CASE */
3912
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3913/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3914void ssl_tls13_traffic_key_generation( int hash_alg,
3915 data_t *server_secret,
3916 data_t *client_secret,
3917 int desired_iv_len,
3918 int desired_key_len,
3919 data_t *expected_server_write_key,
3920 data_t *expected_server_write_iv,
3921 data_t *expected_client_write_key,
3922 data_t *expected_client_write_iv )
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]3923{
3924 mbedtls_ssl_key_set keys;
3925
3926 /* Check sanity of test parameters. */
3927 TEST_ASSERT( client_secret->len == server_secret->len );
3928 TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len &&
3929 expected_client_write_iv->len == (size_t) desired_iv_len );
3930 TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
3931 expected_client_write_key->len == (size_t) desired_key_len );
3932
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3933 TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]3934 (mbedtls_md_type_t) hash_alg,
3935 client_secret->x,
3936 server_secret->x,
3937 client_secret->len /* == server_secret->len */,
3938 desired_key_len, desired_iv_len,
3939 &keys ) == 0 );
3940
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3941 ASSERT_COMPARE( keys.client_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3942 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3943 expected_client_write_key->x,
3944 (size_t) desired_key_len );
3945 ASSERT_COMPARE( keys.server_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3946 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3947 expected_server_write_key->x,
3948 (size_t) desired_key_len );
3949 ASSERT_COMPARE( keys.client_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3950 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3951 expected_client_write_iv->x,
3952 (size_t) desired_iv_len );
3953 ASSERT_COMPARE( keys.server_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +0100[diff] [blame]3954 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3955 expected_server_write_iv->x,
3956 (size_t) desired_iv_len );
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]3957}
3958/* END_CASE */
3959
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3960/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3961void ssl_tls13_derive_secret( int hash_alg,
3962 data_t *secret,
3963 int label_idx,
3964 data_t *ctx,
3965 int desired_length,
3966 int already_hashed,
3967 data_t *expected )
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3968{
3969 unsigned char dst[ 100 ];
3970
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3971 unsigned char const *lbl = NULL;
3972 size_t lbl_len;
Xiaofei Baid25fab62021-12-02 06:36:27 +0000[diff] [blame]3973#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
3974 if( label_idx == (int) tls13_label_ ## name ) \
3975 { \
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3976 lbl = mbedtls_ssl_tls13_labels.name; \
3977 lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3978 }
3979MBEDTLS_SSL_TLS1_3_LABEL_LIST
3980#undef MBEDTLS_SSL_TLS1_3_LABEL
3981 TEST_ASSERT( lbl != NULL );
3982
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3983 /* Check sanity of test parameters. */
3984 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3985 TEST_ASSERT( (size_t) desired_length == expected->len );
3986
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]3987 TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3988 (mbedtls_md_type_t) hash_alg,
3989 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]3990 lbl, lbl_len,
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3991 ctx->x, ctx->len,
3992 already_hashed,
3993 dst, desired_length ) == 0 );
3994
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]3995 ASSERT_COMPARE( dst, desired_length,
3996 expected->x, desired_length );
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]3997}
3998/* END_CASE */
3999
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4000/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4001void ssl_tls13_derive_early_secrets( int hash_alg,
4002 data_t *secret,
4003 data_t *transcript,
4004 data_t *traffic_expected,
4005 data_t *exporter_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4006{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4007 mbedtls_ssl_tls13_early_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4008
4009 /* Double-check that we've passed sane parameters. */
4010 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4011 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4012 size_t const md_size = mbedtls_md_get_size( md_info );
4013 TEST_ASSERT( md_info != 0 &&
4014 secret->len == md_size &&
4015 transcript->len == md_size &&
4016 traffic_expected->len == md_size &&
4017 exporter_expected->len == md_size );
4018
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4019 TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4020 md_type, secret->x, transcript->x, transcript->len,
4021 &secrets ) == 0 );
4022
4023 ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
4024 traffic_expected->x, traffic_expected->len );
4025 ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
4026 exporter_expected->x, exporter_expected->len );
4027}
4028/* END_CASE */
4029
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4030/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4031void ssl_tls13_derive_handshake_secrets( int hash_alg,
4032 data_t *secret,
4033 data_t *transcript,
4034 data_t *client_expected,
4035 data_t *server_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4036{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4037 mbedtls_ssl_tls13_handshake_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4038
4039 /* Double-check that we've passed sane parameters. */
4040 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4041 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4042 size_t const md_size = mbedtls_md_get_size( md_info );
4043 TEST_ASSERT( md_info != 0 &&
4044 secret->len == md_size &&
4045 transcript->len == md_size &&
4046 client_expected->len == md_size &&
4047 server_expected->len == md_size );
4048
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4049 TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4050 md_type, secret->x, transcript->x, transcript->len,
4051 &secrets ) == 0 );
4052
4053 ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
4054 client_expected->x, client_expected->len );
4055 ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
4056 server_expected->x, server_expected->len );
4057}
4058/* END_CASE */
4059
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4060/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4061void ssl_tls13_derive_application_secrets( int hash_alg,
4062 data_t *secret,
4063 data_t *transcript,
4064 data_t *client_expected,
4065 data_t *server_expected,
4066 data_t *exporter_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4067{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4068 mbedtls_ssl_tls13_application_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4069
4070 /* Double-check that we've passed sane parameters. */
4071 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4072 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4073 size_t const md_size = mbedtls_md_get_size( md_info );
4074 TEST_ASSERT( md_info != 0 &&
4075 secret->len == md_size &&
4076 transcript->len == md_size &&
4077 client_expected->len == md_size &&
4078 server_expected->len == md_size &&
4079 exporter_expected->len == md_size );
4080
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4081 TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4082 md_type, secret->x, transcript->x, transcript->len,
4083 &secrets ) == 0 );
4084
4085 ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
4086 client_expected->x, client_expected->len );
4087 ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
4088 server_expected->x, server_expected->len );
4089 ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
4090 exporter_expected->x, exporter_expected->len );
4091}
4092/* END_CASE */
4093
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4094/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4095void ssl_tls13_derive_resumption_secrets( int hash_alg,
4096 data_t *secret,
4097 data_t *transcript,
4098 data_t *resumption_expected )
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4099{
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4100 mbedtls_ssl_tls13_application_secrets secrets;
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4101
4102 /* Double-check that we've passed sane parameters. */
4103 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4104 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4105 size_t const md_size = mbedtls_md_get_size( md_info );
4106 TEST_ASSERT( md_info != 0 &&
4107 secret->len == md_size &&
4108 transcript->len == md_size &&
4109 resumption_expected->len == md_size );
4110
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4111 TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
Hanno Beckera4f40a02021-05-24 06:42:11 +0100[diff] [blame]4112 md_type, secret->x, transcript->x, transcript->len,
4113 &secrets ) == 0 );
4114
4115 ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
4116 resumption_expected->x, resumption_expected->len );
4117}
4118/* END_CASE */
4119
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4120/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4121void ssl_tls13_create_psk_binder( int hash_alg,
4122 data_t *psk,
4123 int psk_type,
4124 data_t *transcript,
4125 data_t *binder_expected )
Hanno Becker55bc2c52021-05-24 06:53:52 +0100[diff] [blame]4126{
4127 unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
4128
4129 /* Double-check that we've passed sane parameters. */
4130 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
4131 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
4132 size_t const md_size = mbedtls_md_get_size( md_info );
4133 TEST_ASSERT( md_info != 0 &&
4134 transcript->len == md_size &&
4135 binder_expected->len == md_size );
4136
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4137 TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
Hanno Becker55bc2c52021-05-24 06:53:52 +0100[diff] [blame]4138 NULL, /* SSL context for debugging only */
4139 md_type,
4140 psk->x, psk->len,
4141 psk_type,
4142 transcript->x,
4143 binder ) == 0 );
4144
4145 ASSERT_COMPARE( binder, md_size,
4146 binder_expected->x, binder_expected->len );
4147}
4148/* END_CASE */
4149
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4150/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4151void ssl_tls13_record_protection( int ciphersuite,
4152 int endpoint,
4153 int ctr,
4154 int padding_used,
4155 data_t *server_write_key,
4156 data_t *server_write_iv,
4157 data_t *client_write_key,
4158 data_t *client_write_iv,
4159 data_t *plaintext,
4160 data_t *ciphertext )
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4161{
4162 mbedtls_ssl_key_set keys;
4163 mbedtls_ssl_transform transform_send;
4164 mbedtls_ssl_transform transform_recv;
4165 mbedtls_record rec;
4166 unsigned char *buf = NULL;
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4167 size_t buf_len;
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4168 int other_endpoint;
4169
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]4170 USE_PSA_INIT( );
4171
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4172 TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
4173 endpoint == MBEDTLS_SSL_IS_SERVER );
4174
4175 if( endpoint == MBEDTLS_SSL_IS_SERVER )
4176 other_endpoint = MBEDTLS_SSL_IS_CLIENT;
4177 if( endpoint == MBEDTLS_SSL_IS_CLIENT )
4178 other_endpoint = MBEDTLS_SSL_IS_SERVER;
4179
4180 TEST_ASSERT( server_write_key->len == client_write_key->len );
4181 TEST_ASSERT( server_write_iv->len == client_write_iv->len );
4182
4183 memcpy( keys.client_write_key,
4184 client_write_key->x, client_write_key->len );
4185 memcpy( keys.client_write_iv,
4186 client_write_iv->x, client_write_iv->len );
4187 memcpy( keys.server_write_key,
4188 server_write_key->x, server_write_key->len );
4189 memcpy( keys.server_write_iv,
4190 server_write_iv->x, server_write_iv->len );
4191
4192 keys.key_len = server_write_key->len;
4193 keys.iv_len = server_write_iv->len;
4194
4195 mbedtls_ssl_transform_init( &transform_recv );
4196 mbedtls_ssl_transform_init( &transform_send );
4197
4198 TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
4199 &transform_send, endpoint,
4200 ciphersuite, &keys, NULL ) == 0 );
4201 TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
4202 &transform_recv, other_endpoint,
4203 ciphersuite, &keys, NULL ) == 0 );
4204
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4205 /* Make sure we have enough space in the buffer even if
4206 * we use more padding than the KAT. */
4207 buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
4208 ASSERT_ALLOC( buf, buf_len );
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4209 rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
Hanno Becker41537452021-04-20 05:35:28 +0100[diff] [blame]4210
4211 /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4212 mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
4213 MBEDTLS_SSL_MINOR_VERSION_3,
4214 MBEDTLS_SSL_TRANSPORT_STREAM,
4215 rec.ver );
4216
4217 /* Copy plaintext into record structure */
4218 rec.buf = buf;
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4219 rec.buf_len = buf_len;
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4220 rec.data_offset = 0;
4221 TEST_ASSERT( plaintext->len <= ciphertext->len );
4222 memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
4223 rec.data_len = plaintext->len;
4224#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
4225 rec.cid_len = 0;
4226#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
4227
4228 memset( &rec.ctr[0], 0, 8 );
4229 rec.ctr[7] = ctr;
4230
4231 TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
4232 NULL, NULL ) == 0 );
Hanno Becker1f918782021-08-01 19:18:28 +0100[diff] [blame]4233
4234 if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
4235 {
4236 ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
4237 ciphertext->x, ciphertext->len );
4238 }
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4239
4240 TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
4241 ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
4242 plaintext->x, plaintext->len );
4243
Hanno Becker80e760e2021-03-23 06:00:21 +0000[diff] [blame]4244 mbedtls_free( buf );
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4245 mbedtls_ssl_transform_free( &transform_send );
4246 mbedtls_ssl_transform_free( &transform_recv );
Przemyslaw Stekiel93cf4ee2022-01-19 16:18:53 +0100[diff] [blame]4247 USE_PSA_DONE( );
Hanno Beckera77d0052021-03-22 15:16:33 +0000[diff] [blame]4248}
4249/* END_CASE */
4250
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4251/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4252void ssl_tls13_key_evolution( int hash_alg,
4253 data_t *secret,
4254 data_t *input,
4255 data_t *expected )
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]4256{
4257 unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
4258
Xiaofei Bai746f9482021-11-12 08:53:56 +0000[diff] [blame]4259 TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]4260 (mbedtls_md_type_t) hash_alg,
4261 secret->len ? secret->x : NULL,
4262 input->len ? input->x : NULL, input->len,
4263 secret_new ) == 0 );
4264
Hanno Beckerfb080962020-09-08 10:58:42 +0100[diff] [blame]4265 ASSERT_COMPARE( secret_new, (size_t) expected->len,
4266 expected->x, (size_t) expected->len );
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]4267}
4268/* END_CASE */
4269
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4270/* BEGIN_CASE */
4271void ssl_tls_prf( int type, data_t * secret, data_t * random,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4272 char *label, data_t *result_str, int exp_ret )
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4273{
4274 unsigned char *output;
4275
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4276 output = mbedtls_calloc( 1, result_str->len );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4277 if( output == NULL )
4278 goto exit;
4279
Gilles Peskine9de97e22021-02-02 21:00:11 +0100[diff] [blame]4280 USE_PSA_INIT( );
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]4281
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4282 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
4283 label, random->x, random->len,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4284 output, result_str->len ) == exp_ret );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4285
4286 if( exp_ret == 0 )
4287 {
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]4288 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
4289 result_str->len, result_str->len ) == 0 );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4290 }
4291exit:
4292
4293 mbedtls_free( output );
Gilles Peskine1f186ff2021-02-02 21:04:06 +0100[diff] [blame]4294 USE_PSA_DONE( );
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]4295}
4296/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4297
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4298/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4299void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4300{
4301 mbedtls_ssl_session original, restored;
4302 unsigned char *buf = NULL;
4303 size_t len;
4304
4305 /*
4306 * Test that a save-load pair is the identity
4307 */
4308
4309 mbedtls_ssl_session_init( &original );
4310 mbedtls_ssl_session_init( &restored );
4311
4312 /* Prepare a dummy session to work on */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4313 TEST_ASSERT( ssl_populate_session_tls12( &original, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4314
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4315 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4316 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
4317 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4318 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
4319 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
4320 == 0 );
4321
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4322 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4323 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
4324
4325 /*
4326 * Make sure both session structures are identical
4327 */
4328#if defined(MBEDTLS_HAVE_TIME)
4329 TEST_ASSERT( original.start == restored.start );
4330#endif
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4331 TEST_ASSERT( original.minor_ver == restored.minor_ver );
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4332 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
4333 TEST_ASSERT( original.compression == restored.compression );
4334 TEST_ASSERT( original.id_len == restored.id_len );
4335 TEST_ASSERT( memcmp( original.id,
4336 restored.id, sizeof( original.id ) ) == 0 );
4337 TEST_ASSERT( memcmp( original.master,
4338 restored.master, sizeof( original.master ) ) == 0 );
4339
4340#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]4341#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4342 TEST_ASSERT( ( original.peer_cert == NULL ) ==
4343 ( restored.peer_cert == NULL ) );
4344 if( original.peer_cert != NULL )
4345 {
4346 TEST_ASSERT( original.peer_cert->raw.len ==
4347 restored.peer_cert->raw.len );
4348 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
4349 restored.peer_cert->raw.p,
4350 original.peer_cert->raw.len ) == 0 );
4351 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]4352#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
4353 TEST_ASSERT( original.peer_cert_digest_type ==
4354 restored.peer_cert_digest_type );
4355 TEST_ASSERT( original.peer_cert_digest_len ==
4356 restored.peer_cert_digest_len );
4357 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
4358 ( restored.peer_cert_digest == NULL ) );
4359 if( original.peer_cert_digest != NULL )
4360 {
4361 TEST_ASSERT( memcmp( original.peer_cert_digest,
4362 restored.peer_cert_digest,
4363 original.peer_cert_digest_len ) == 0 );
4364 }
4365#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
4366#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4367 TEST_ASSERT( original.verify_result == restored.verify_result );
4368
4369#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
4370 TEST_ASSERT( original.ticket_len == restored.ticket_len );
4371 if( original.ticket_len != 0 )
4372 {
4373 TEST_ASSERT( original.ticket != NULL );
4374 TEST_ASSERT( restored.ticket != NULL );
4375 TEST_ASSERT( memcmp( original.ticket,
4376 restored.ticket, original.ticket_len ) == 0 );
4377 }
4378 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
4379#endif
4380
4381#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
4382 TEST_ASSERT( original.mfl_code == restored.mfl_code );
4383#endif
4384
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]4385#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
4386 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
4387#endif
4388
4389exit:
4390 mbedtls_ssl_session_free( &original );
4391 mbedtls_ssl_session_free( &restored );
4392 mbedtls_free( buf );
4393}
4394/* END_CASE */
4395
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]4396/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4397void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4398{
4399 mbedtls_ssl_session session;
4400 unsigned char *buf1 = NULL, *buf2 = NULL;
4401 size_t len0, len1, len2;
4402
4403 /*
4404 * Test that a load-save pair is the identity
4405 */
4406
4407 mbedtls_ssl_session_init( &session );
4408
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]4409 /* Prepare a dummy session to work on */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4410 TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]4411
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4412 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4413 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
4414 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4415
4416 /* Allocate first buffer */
4417 buf1 = mbedtls_calloc( 1, len0 );
4418 TEST_ASSERT( buf1 != NULL );
4419
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4420 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4421 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
4422 == 0 );
4423 TEST_ASSERT( len0 == len1 );
4424 mbedtls_ssl_session_free( &session );
4425
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4426 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]4427 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4428
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4429 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4430 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]4431 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4432 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
4433 == 0 );
4434
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4435 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]4436 TEST_ASSERT( len1 == len2 );
4437 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
4438
4439exit:
4440 mbedtls_ssl_session_free( &session );
4441 mbedtls_free( buf1 );
4442 mbedtls_free( buf2 );
4443}
4444/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4445
4446/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4447void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4448{
4449 mbedtls_ssl_session session;
4450 unsigned char *buf = NULL;
4451 size_t good_len, bad_len, test_len;
4452
4453 /*
4454 * Test that session_save() fails cleanly on small buffers
4455 */
4456
4457 mbedtls_ssl_session_init( &session );
4458
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4459 /* Prepare dummy session and get serialized size */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4460 TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]4461 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4462 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4463
4464 /* Try all possible bad lengths */
4465 for( bad_len = 1; bad_len < good_len; bad_len++ )
4466 {
4467 /* Allocate exact size so that asan/valgrind can detect any overwrite */
4468 mbedtls_free( buf );
4469 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
4470 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
4471 &test_len )
4472 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4473 TEST_ASSERT( test_len == good_len );
4474 }
4475
4476exit:
4477 mbedtls_ssl_session_free( &session );
4478 mbedtls_free( buf );
4479}
4480/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4481
4482/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4483void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4484{
4485 mbedtls_ssl_session session;
4486 unsigned char *good_buf = NULL, *bad_buf = NULL;
4487 size_t good_len, bad_len;
4488
4489 /*
4490 * Test that session_load() fails cleanly on small buffers
4491 */
4492
4493 mbedtls_ssl_session_init( &session );
4494
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]4495 /* Prepare serialized session data */
Hanno Beckerfadbdbb2021-07-23 06:25:48 +0100[diff] [blame]4496 TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]4497 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4498 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4499 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
4500 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
4501 &good_len ) == 0 );
4502 mbedtls_ssl_session_free( &session );
4503
4504 /* Try all possible bad lengths */
4505 for( bad_len = 0; bad_len < good_len; bad_len++ )
4506 {
4507 /* Allocate exact size so that asan/valgrind can detect any overread */
4508 mbedtls_free( bad_buf );
4509 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
4510 TEST_ASSERT( bad_buf != NULL );
4511 memcpy( bad_buf, good_buf, bad_len );
4512
4513 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
4514 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
4515 }
4516
4517exit:
4518 mbedtls_ssl_session_free( &session );
4519 mbedtls_free( good_buf );
4520 mbedtls_free( bad_buf );
4521}
4522/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4523
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4524/* BEGIN_CASE */
4525void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4526 int corrupt_minor,
4527 int corrupt_patch,
4528 int corrupt_config )
4529{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4530 unsigned char serialized_session[ 2048 ];
4531 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4532 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4533 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4534 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
4535 corrupt_minor == 1,
4536 corrupt_patch == 1,
4537 corrupt_config == 1,
4538 corrupt_config == 1 };
4539
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4540 mbedtls_ssl_session_init( &session );
Paul Elliott46a6c202021-12-09 18:16:13 +0000[diff] [blame]4541 TEST_ASSERT( ssl_populate_session_tls12( &session, 0, NULL ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4542
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4543 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4544 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4545 serialized_session,
4546 sizeof( serialized_session ),
4547 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4548
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4549 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4550
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4551 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4552 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4553 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]4554 serialized_session,
4555 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4556 mbedtls_ssl_session_free( &session );
4557
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4558 /* Go through the bytes in the serialized session header and
4559 * corrupt them bit-by-bit. */
4560 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4561 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4562 int cur_bit;
4563 unsigned char * const byte = &serialized_session[ cur_byte ];
4564
4565 if( should_corrupt_byte[ cur_byte ] == 0 )
4566 continue;
4567
4568 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
4569 {
4570 unsigned char const corrupted_bit = 0x1u << cur_bit;
4571 /* Modify a single bit in the serialized session. */
4572 *byte ^= corrupted_bit;
4573
4574 /* Attempt to deserialize */
4575 TEST_ASSERT( mbedtls_ssl_session_load( &session,
4576 serialized_session,
4577 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]4578 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]4579
4580 /* Undo the change */
4581 *byte ^= corrupted_bit;
4582 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4583 }
4584
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]4585}
4586/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4587
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4588/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4589void mbedtls_endpoint_sanity( int endpoint_type )
4590{
4591 enum { BUFFSIZE = 1024 };
4592 mbedtls_endpoint ep;
4593 int ret = -1;
4594
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4595 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
4596 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4597 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4598
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]4599 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4600 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4601
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4602 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
4603 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4604 TEST_ASSERT( ret == 0 );
4605
4606exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4607 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4608}
4609/* END_CASE */
4610
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4611/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4612void move_handshake_to_state(int endpoint_type, int state, int need_pass)
4613{
4614 enum { BUFFSIZE = 1024 };
4615 mbedtls_endpoint base_ep, second_ep;
4616 int ret = -1;
4617
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4618 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
4619 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4620 TEST_ASSERT( ret == 0 );
4621
4622 ret = mbedtls_endpoint_init( &second_ep,
4623 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]4624 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4625 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4626 TEST_ASSERT( ret == 0 );
4627
4628 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
4629 &(second_ep.socket),
4630 BUFFSIZE );
4631 TEST_ASSERT( ret == 0 );
4632
4633 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
4634 &(second_ep.ssl),
4635 state );
4636 if( need_pass )
4637 {
4638 TEST_ASSERT( ret == 0 );
4639 TEST_ASSERT( base_ep.ssl.state == state );
4640 }
4641 else
4642 {
4643 TEST_ASSERT( ret != 0 );
4644 TEST_ASSERT( base_ep.ssl.state != state );
4645 }
4646
4647exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]4648 mbedtls_endpoint_free( &base_ep, NULL );
4649 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4650}
4651/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4652
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4653/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4654void handshake_version( int dtls, int client_min_version, int client_max_version,
4655 int server_min_version, int server_max_version,
4656 int expected_negotiated_version )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4657{
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4658 handshake_test_options options;
4659 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4660
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]4661 options.client_min_version = client_min_version;
4662 options.client_max_version = client_max_version;
4663 options.server_min_version = server_min_version;
4664 options.server_max_version = server_max_version;
4665
4666 options.expected_negotiated_version = expected_negotiated_version;
4667
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4668 options.dtls = dtls;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4669 perform_handshake( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4670
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4671 /* The goto below is used to avoid an "unused label" warning.*/
4672 goto exit;
4673}
4674/* END_CASE */
Andrzej Kurek9e9efdc2020-02-26 05:25:23 -0500[diff] [blame]4675
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4676/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4677void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
4678{
4679 handshake_test_options options;
4680 init_handshake_options( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4681
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4682 options.cipher = cipher;
4683 options.dtls = dtls;
4684 options.psk_str = psk_str;
4685 options.pk_alg = pk_alg;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]4686
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4687 perform_handshake( &options );
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4688
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4689 /* The goto below is used to avoid an "unused label" warning.*/
4690 goto exit;
4691}
4692/* END_CASE */
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4693
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4694/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4695void handshake_cipher( char* cipher, int pk_alg, int dtls )
4696{
4697 test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4698
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4699 /* The goto below is used to avoid an "unused label" warning.*/
4700 goto exit;
4701}
4702/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4703
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4704/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4705void app_data( int mfl, int cli_msg_len, int srv_msg_len,
4706 int expected_cli_fragments,
4707 int expected_srv_fragments, int dtls )
4708{
4709 handshake_test_options options;
4710 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4711
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4712 options.mfl = mfl;
4713 options.cli_msg_len = cli_msg_len;
4714 options.srv_msg_len = srv_msg_len;
4715 options.expected_cli_fragments = expected_cli_fragments;
4716 options.expected_srv_fragments = expected_srv_fragments;
4717 options.dtls = dtls;
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4718
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4719 perform_handshake( &options );
4720 /* The goto below is used to avoid an "unused label" warning.*/
4721 goto exit;
4722}
4723/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4724
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4725/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4726void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
4727 int expected_cli_fragments,
4728 int expected_srv_fragments )
4729{
4730 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4731 expected_srv_fragments, 0 );
4732 /* The goto below is used to avoid an "unused label" warning.*/
4733 goto exit;
4734}
4735/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4736
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4737/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4738void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
4739 int expected_cli_fragments,
4740 int expected_srv_fragments )
4741{
4742 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4743 expected_srv_fragments, 1 );
4744 /* The goto below is used to avoid an "unused label" warning.*/
4745 goto exit;
4746}
4747/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4748
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4749/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4750void handshake_serialization( )
4751{
4752 handshake_test_options options;
4753 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4754
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4755 options.serialize = 1;
4756 options.dtls = 1;
4757 perform_handshake( &options );
4758 /* The goto below is used to avoid an "unused label" warning.*/
4759 goto exit;
4760}
4761/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4762
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4763/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]4764void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
4765{
4766 handshake_test_options options;
4767 log_pattern srv_pattern, cli_pattern;
4768
4769 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
4770 srv_pattern.counter = 0;
4771 cli_pattern.counter = 0;
4772
4773 init_handshake_options( &options );
4774 options.dtls = 1;
4775 options.mfl = mfl;
Darryl Greenaad82f92019-12-02 10:53:11 +0000[diff] [blame]4776 /* Set cipher to one using CBC so that record splitting can be tested */
4777 options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]4778 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
4779 options.srv_log_obj = &srv_pattern;
4780 options.cli_log_obj = &cli_pattern;
4781 options.srv_log_fun = log_analyzer;
4782 options.cli_log_fun = log_analyzer;
4783
4784 perform_handshake( &options );
4785
4786 /* Test if the server received a fragmented handshake */
4787 if( expected_srv_hs_fragmentation )
4788 {
4789 TEST_ASSERT( srv_pattern.counter >= 1 );
4790 }
4791 /* Test if the client received a fragmented handshake */
4792 if( expected_cli_hs_fragmentation )
4793 {
4794 TEST_ASSERT( cli_pattern.counter >= 1 );
4795 }
4796}
4797/* END_CASE */
4798
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4799/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4800void renegotiation( int legacy_renegotiation )
4801{
4802 handshake_test_options options;
4803 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]4804
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4805 options.renegotiate = 1;
4806 options.legacy_renegotiation = legacy_renegotiation;
4807 options.dtls = 1;
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]4808
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]4809 perform_handshake( &options );
4810 /* The goto below is used to avoid an "unused label" warning.*/
4811 goto exit;
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]4812}
4813/* END_CASE */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4814
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4815/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4816void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4817 int serialize, int dtls, char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4818{
4819 handshake_test_options options;
4820 init_handshake_options( &options );
4821
4822 options.mfl = mfl;
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4823 options.cipher = cipher;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4824 options.renegotiate = renegotiation;
4825 options.legacy_renegotiation = legacy_renegotiation;
4826 options.serialize = serialize;
4827 options.dtls = dtls;
4828 options.resize_buffers = 1;
4829
4830 perform_handshake( &options );
4831 /* The goto below is used to avoid an "unused label" warning.*/
4832 goto exit;
4833}
4834/* END_CASE */
4835
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4836/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4837void resize_buffers_serialize_mfl( int mfl )
4838{
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4839 test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
4840 (char *) "" );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4841
4842 /* The goto below is used to avoid an "unused label" warning.*/
4843 goto exit;
4844}
4845/* END_CASE */
4846
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200[diff] [blame]4847/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4848void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
4849 char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4850{
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]4851 test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]4852
4853 /* The goto below is used to avoid an "unused label" warning.*/
4854 goto exit;
4855}
4856/* END_CASE */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4857
Manuel Pégourié-Gonnarded0e8642020-07-21 11:20:30 +0200[diff] [blame]4858/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4859void ssl_cf_hmac( int hash )
4860{
4861 /*
Gabor Mezei90437e32021-10-20 11:59:27 +0200[diff] [blame]4862 * Test the function mbedtls_ct_hmac() against a reference
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4863 * implementation.
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4864 */
4865 mbedtls_md_context_t ctx, ref_ctx;
4866 const mbedtls_md_info_t *md_info;
4867 size_t out_len, block_size;
4868 size_t min_in_len, in_len, max_in_len, i;
4869 /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
4870 unsigned char add_data[13];
4871 unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
4872 unsigned char *data = NULL;
4873 unsigned char *out = NULL;
4874 unsigned char rec_num = 0;
4875
4876 mbedtls_md_init( &ctx );
4877 mbedtls_md_init( &ref_ctx );
4878
4879 md_info = mbedtls_md_info_from_type( hash );
4880 TEST_ASSERT( md_info != NULL );
4881 out_len = mbedtls_md_get_size( md_info );
4882 TEST_ASSERT( out_len != 0 );
4883 block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
4884
4885 /* Use allocated out buffer to catch overwrites */
4886 ASSERT_ALLOC( out, out_len );
4887
4888 /* Set up contexts with the given hash and a dummy key */
4889 TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
4890 TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
4891 memset( ref_out, 42, sizeof( ref_out ) );
4892 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
4893 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
4894 memset( ref_out, 0, sizeof( ref_out ) );
4895
4896 /*
4897 * Test all possible lengths up to a point. The difference between
4898 * max_in_len and min_in_len is at most 255, and make sure they both vary
4899 * by at least one block size.
4900 */
4901 for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
4902 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]4903 mbedtls_test_set_step( max_in_len * 10000 );
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +0200[diff] [blame]4904
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4905 /* Use allocated in buffer to catch overreads */
Manuel Pégourié-Gonnardc3219002020-07-22 10:32:52 +0200[diff] [blame]4906 ASSERT_ALLOC( data, max_in_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4907
4908 min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
4909 for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
4910 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]4911 mbedtls_test_set_step( max_in_len * 10000 + in_len );
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +0200[diff] [blame]4912
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4913 /* Set up dummy data and add_data */
4914 rec_num++;
4915 memset( add_data, rec_num, sizeof( add_data ) );
4916 for( i = 0; i < in_len; i++ )
4917 data[i] = ( i & 0xff ) ^ rec_num;
4918
4919 /* Get the function's result */
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]4920 TEST_CF_SECRET( &in_len, sizeof( in_len ) );
Gabor Mezei90437e32021-10-20 11:59:27 +0200[diff] [blame]4921 TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
gabor-mezei-arm9fa43ce2021-09-28 16:14:47 +0200[diff] [blame]4922 data, in_len,
4923 min_in_len, max_in_len,
4924 out ) );
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]4925 TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
4926 TEST_CF_PUBLIC( out, out_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]4927
4928 /* Compute the reference result */
4929 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
4930 sizeof( add_data ) ) );
4931 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
4932 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
4933 TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
4934
4935 /* Compare */
4936 ASSERT_COMPARE( out, out_len, ref_out, out_len );
4937 }
4938
4939 mbedtls_free( data );
4940 data = NULL;
4941 }
4942
4943exit:
4944 mbedtls_md_free( &ref_ctx );
4945 mbedtls_md_free( &ctx );
4946
4947 mbedtls_free( data );
4948 mbedtls_free( out );
4949}
4950/* END_CASE */
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]4951
4952/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
4953void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
4954{
4955 unsigned char *dst = NULL;
4956 unsigned char *src = NULL;
4957 size_t src_len = offset_max + len;
4958 size_t secret;
4959
4960 ASSERT_ALLOC( dst, len );
4961 ASSERT_ALLOC( src, src_len );
4962
4963 /* Fill src in a way that we can detect if we copied the right bytes */
4964 mbedtls_test_rnd_std_rand( NULL, src, src_len );
4965
4966 for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
4967 {
Chris Jones9634bb12021-01-20 15:56:42 +0000[diff] [blame]4968 mbedtls_test_set_step( (int) secret );
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]4969
4970 TEST_CF_SECRET( &secret, sizeof( secret ) );
Gabor Mezei90437e32021-10-20 11:59:27 +0200[diff] [blame]4971 mbedtls_ct_memcpy_offset( dst, src, secret,
gabor-mezei-arm9fa43ce2021-09-28 16:14:47 +0200[diff] [blame]4972 offset_min, offset_max, len );
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +0200[diff] [blame]4973 TEST_CF_PUBLIC( &secret, sizeof( secret ) );
4974 TEST_CF_PUBLIC( dst, len );
4975
4976 ASSERT_COMPARE( dst, len, src + secret, len );
4977 }
4978
4979exit:
4980 mbedtls_free( dst );
4981 mbedtls_free( src );
4982}
4983/* END_CASE */
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]4984
4985/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
4986void test_multiple_psks()
4987{
4988 unsigned char psk0[10] = { 0 };
4989 unsigned char psk0_identity[] = { 'f', 'o', 'o' };
4990
4991 unsigned char psk1[10] = { 0 };
4992 unsigned char psk1_identity[] = { 'b', 'a', 'r' };
4993
4994 mbedtls_ssl_config conf;
4995
4996 mbedtls_ssl_config_init( &conf );
4997
4998 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
4999 psk0, sizeof( psk0 ),
5000 psk0_identity, sizeof( psk0_identity ) ) == 0 );
5001 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5002 psk1, sizeof( psk1 ),
5003 psk1_identity, sizeof( psk1_identity ) ) ==
5004 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5005
5006exit:
5007
5008 mbedtls_ssl_config_free( &conf );
5009}
5010/* END_CASE */
5011
5012/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
5013void test_multiple_psks_opaque( int mode )
5014{
5015 /*
5016 * Mode 0: Raw PSK, then opaque PSK
5017 * Mode 1: Opaque PSK, then raw PSK
5018 * Mode 2: 2x opaque PSK
5019 */
5020
5021 unsigned char psk0_raw[10] = { 0 };
5022 unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' };
5023
Andrzej Kurek03e01462022-01-03 12:53:24 +0100[diff] [blame]5024 mbedtls_svc_key_id_t psk0_opaque = mbedtls_svc_key_id_make( 0x1, (psa_key_id_t) 1 );
5025
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]5026 unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' };
5027
5028 unsigned char psk1_raw[10] = { 0 };
5029 unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' };
5030
Andrzej Kurek03e01462022-01-03 12:53:24 +0100[diff] [blame]5031 mbedtls_svc_key_id_t psk1_opaque = mbedtls_svc_key_id_make( 0x1, (psa_key_id_t) 2 );
5032
Hanno Becker6667ffd2021-04-19 21:59:22 +0100[diff] [blame]5033 unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' };
5034
5035 mbedtls_ssl_config conf;
5036
5037 USE_PSA_INIT( );
5038 mbedtls_ssl_config_init( &conf );
5039
5040 switch( mode )
5041 {
5042 case 0:
5043
5044 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5045 psk0_raw, sizeof( psk0_raw ),
5046 psk0_raw_identity, sizeof( psk0_raw_identity ) )
5047 == 0 );
5048 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5049 psk1_opaque,
5050 psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
5051 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5052 break;
5053
5054 case 1:
5055
5056 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5057 psk0_opaque,
5058 psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
5059 == 0 );
5060 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
5061 psk1_raw, sizeof( psk1_raw ),
5062 psk1_raw_identity, sizeof( psk1_raw_identity ) )
5063 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5064
5065 break;
5066
5067 case 2:
5068
5069 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5070 psk0_opaque,
5071 psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
5072 == 0 );
5073 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
5074 psk1_opaque,
5075 psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
5076 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
5077
5078 break;
5079
5080 default:
5081 TEST_ASSERT( 0 );
5082 break;
5083 }
5084
5085exit:
5086
5087 mbedtls_ssl_config_free( &conf );
5088 USE_PSA_DONE( );
5089
5090}
5091/* END_CASE */
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5092
5093/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
5094void conf_curve()
5095{
5096
5097 mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
5098 MBEDTLS_ECP_DP_SECP224R1,
5099 MBEDTLS_ECP_DP_SECP256R1,
5100 MBEDTLS_ECP_DP_NONE };
5101 mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
5102 MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
5103 MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
5104 MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
5105
5106 mbedtls_ssl_config conf;
5107 mbedtls_ssl_config_init( &conf );
5108
5109 mbedtls_ssl_conf_max_version( &conf, 3, 3 );
5110 mbedtls_ssl_conf_min_version( &conf, 3, 3 );
5111 mbedtls_ssl_conf_curves( &conf, curve_list );
5112
5113 mbedtls_ssl_context ssl;
5114 mbedtls_ssl_init( &ssl );
Paul Elliott46a6c202021-12-09 18:16:13 +0000[diff] [blame]5115 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5116
5117 TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
5118 TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
5119
5120 TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
5121
5122 for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
5123 TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] );
5124
5125 mbedtls_ssl_free( &ssl );
5126 mbedtls_ssl_config_free( &conf );
5127}
5128/* END_CASE */
5129
5130/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
5131void conf_group()
5132{
5133 uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
5134 MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
5135 MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
5136 MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
5137
5138 mbedtls_ssl_config conf;
5139 mbedtls_ssl_config_init( &conf );
5140
5141 mbedtls_ssl_conf_max_version( &conf, 3, 3 );
5142 mbedtls_ssl_conf_min_version( &conf, 3, 3 );
5143
5144 mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
5145
5146 mbedtls_ssl_context ssl;
5147 mbedtls_ssl_init( &ssl );
Paul Elliott46a6c202021-12-09 18:16:13 +0000[diff] [blame]5148 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Brett Warren7f813d52021-10-20 23:08:38 +0100[diff] [blame]5149
5150 TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );
5151
5152 TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
5153
5154 for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
5155 TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] );
5156
5157 mbedtls_ssl_free( &ssl );
5158 mbedtls_ssl_config_free( &conf );
5159}
5160/* END_CASE */