TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a08e699afcd5d4f420d6d91bdd05fce2f4db1330 / . / tests / suites / test_suite_ssl.function
blob: 08c55df423a0279e17e63dd5d011a4dab78e8a01 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include <mbedtls/ssl.h>
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]3#include <mbedtls/ssl_internal.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]4#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
6#include <mbedtls/certs.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]7#include <mbedtls/timing.h>
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]8
9/*
10 * Buffer structure for custom I/O callbacks.
11 */
12
13typedef struct mbedtls_test_buffer
14{
15 size_t start;
16 size_t content_length;
17 size_t capacity;
18 unsigned char *buffer;
19} mbedtls_test_buffer;
20
21/*
22 * Initialises \p buf. After calling this function it is safe to call
23 * `mbedtls_test_buffer_free()` on \p buf.
24 */
25void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
26{
27 memset( buf, 0, sizeof( *buf ) );
28}
29
30/*
31 * Sets up \p buf. After calling this function it is safe to call
32 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
33 */
34int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
35{
36 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
37 sizeof(unsigned char) );
38 if( NULL == buf->buffer )
39 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
40 buf->capacity = capacity;
41
42 return 0;
43}
44
45void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
46{
47 if( buf->buffer != NULL )
48 mbedtls_free( buf->buffer );
49
50 memset( buf, 0, sizeof( *buf ) );
51}
52
53/*
54 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
55 *
56 * \p buf must have been initialized and set up by calling
57 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
58 *
59 * \retval \p input_len, if the data fits.
60 * \retval 0 <= value < \p input_len, if the data does not fit.
61 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
62 * zero and \p input is NULL.
63 */
64int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]65 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]66{
67 size_t overflow = 0;
68
69 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
70 return -1;
71
72 /* Reduce input_len to a number that fits in the buffer. */
73 if ( ( buf->content_length + input_len ) > buf->capacity )
74 {
75 input_len = buf->capacity - buf->content_length;
76 }
77
78 if( input == NULL )
79 {
80 return ( input_len == 0 ) ? 0 : -1;
81 }
82
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]83 /* Check if the buffer has not come full circle and free space is not in
84 * the middle */
85 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]86 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]87
88 /* Calculate the number of bytes that need to be placed at lower memory
89 * address */
90 if( buf->start + buf->content_length + input_len
91 > buf->capacity )
92 {
93 overflow = ( buf->start + buf->content_length + input_len )
94 % buf->capacity;
95 }
96
97 memcpy( buf->buffer + buf->start + buf->content_length, input,
98 input_len - overflow );
99 memcpy( buf->buffer, input + input_len - overflow, overflow );
100
101 }
102 else
103 {
104 /* The buffer has come full circle and free space is in the middle */
105 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
106 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]107 }
108
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]109 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]110 return input_len;
111}
112
113/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]114 * Gets \p output_len bytes from the ring buffer \p buf into the
115 * \p output buffer. The output buffer can be NULL, in this case a part of the
116 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]117 *
118 * \p buf must have been initialized and set up by calling
119 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
120 *
121 * \retval \p output_len, if the data is available.
122 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]123 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]124 */
125int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
126 unsigned char* output, size_t output_len )
127{
128 size_t overflow = 0;
129
130 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
131 return -1;
132
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]133 if( output == NULL && output_len == 0 )
134 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]135
136 if( buf->content_length < output_len )
137 output_len = buf->content_length;
138
139 /* Calculate the number of bytes that need to be drawn from lower memory
140 * address */
141 if( buf->start + output_len > buf->capacity )
142 {
143 overflow = ( buf->start + output_len ) % buf->capacity;
144 }
145
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]146 if( output != NULL )
147 {
148 memcpy( output, buf->buffer + buf->start, output_len - overflow );
149 memcpy( output + output_len - overflow, buf->buffer, overflow );
150 }
151
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]152 buf->content_length -= output_len;
153 buf->start = ( buf->start + output_len ) % buf->capacity;
154
155 return output_len;
156}
157
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]158/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]159 * Errors used in the message transport mock tests
160 */
161 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]162 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
163
164/*
165 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
166 */
167typedef struct mbedtls_test_message_queue
168{
169 size_t *messages;
170 int pos;
171 int num;
172 int capacity;
173} mbedtls_test_message_queue;
174
175/*
176 * Setup and free functions for the message metadata queue.
177 *
178 * \p capacity describes the number of message metadata chunks that can be held
179 * within the queue.
180 *
181 * \retval 0, if a metadata queue of a given length can be allocated.
182 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
183 */
184int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
185 size_t capacity )
186{
187 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
188 if( NULL == queue->messages )
189 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
190
191 queue->capacity = capacity;
192 queue->pos = 0;
193 queue->num = 0;
194
195 return 0;
196}
197
198void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
199{
200 if( queue == NULL )
201 return;
202
203 if( queue->messages != NULL )
204 mbedtls_free( queue->messages );
205
206 memset( queue, 0, sizeof( *queue ) );
207}
208
209/*
210 * Push message length information onto the message metadata queue.
211 * This will become the last element to leave it (fifo).
212 *
213 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]214 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]215 * \retval \p len, if the push was successful.
216 */
217int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
218 size_t len )
219{
220 int place;
221 if( queue == NULL )
222 return MBEDTLS_TEST_ERROR_ARG_NULL;
223
224 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]225 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]226
227 place = ( queue->pos + queue->num ) % queue->capacity;
228 queue->messages[place] = len;
229 queue->num++;
230 return len;
231}
232
233/*
234 * Pop information about the next message length from the queue. This will be
235 * the oldest inserted message length(fifo). \p msg_len can be null, in which
236 * case the data will be popped from the queue but not copied anywhere.
237 *
238 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]239 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]240 * \retval message length, if the pop was successful, up to the given
241 \p buf_len.
242 */
243int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
244 size_t buf_len )
245{
246 size_t message_length;
247 if( queue == NULL )
248 return MBEDTLS_TEST_ERROR_ARG_NULL;
249 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]250 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]251
252 message_length = queue->messages[queue->pos];
253 queue->messages[queue->pos] = 0;
254 queue->num--;
255 queue->pos++;
256 queue->pos %= queue->capacity;
257 if( queue->pos < 0 )
258 queue->pos += queue->capacity;
259
260 return ( message_length > buf_len ) ? buf_len : message_length;
261}
262
263/*
264 * Take a peek on the info about the next message length from the queue.
265 * This will be the oldest inserted message length(fifo).
266 *
267 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]268 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]269 * \retval 0, if the peek was successful.
270 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
271 * too small to fit the message. In this case the \p msg_len will be
272 * set to the full message length so that the
273 * caller knows what portion of the message can be dropped.
274 */
275int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
276 size_t buf_len, size_t* msg_len )
277{
278 if( queue == NULL || msg_len == NULL )
279 return MBEDTLS_TEST_ERROR_ARG_NULL;
280 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]281 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]282
283 *msg_len = queue->messages[queue->pos];
284 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
285}
286/*
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]287 * Context for the I/O callbacks simulating network connection.
288 */
289
290#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
291
292typedef struct mbedtls_mock_socket
293{
294 int status;
295 mbedtls_test_buffer *input;
296 mbedtls_test_buffer *output;
297 struct mbedtls_mock_socket *peer;
298} mbedtls_mock_socket;
299
300/*
301 * Setup and teardown functions for mock sockets.
302 */
303void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
304{
305 memset( socket, 0, sizeof( *socket ) );
306}
307
308/*
309 * Closes the socket \p socket.
310 *
311 * \p socket must have been previously initialized by calling
312 * mbedtls_mock_socket_init().
313 *
314 * This function frees all allocated resources and both sockets are aware of the
315 * new connection state.
316 *
317 * That is, this function does not simulate half-open TCP connections and the
318 * phenomenon that when closing a UDP connection the peer is not aware of the
319 * connection having been closed.
320 */
321void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
322{
323 if( socket == NULL )
324 return;
325
326 if( socket->input != NULL )
327 {
328 mbedtls_test_buffer_free( socket->input );
329 mbedtls_free( socket->input );
330 }
331
332 if( socket->output != NULL )
333 {
334 mbedtls_test_buffer_free( socket->output );
335 mbedtls_free( socket->output );
336 }
337
338 if( socket->peer != NULL )
339 memset( socket->peer, 0, sizeof( *socket->peer ) );
340
341 memset( socket, 0, sizeof( *socket ) );
342}
343
344/*
345 * Establishes a connection between \p peer1 and \p peer2.
346 *
347 * \p peer1 and \p peer2 must have been previously initialized by calling
348 * mbedtls_mock_socket_init().
349 *
350 * The capacites of the internal buffers are set to \p bufsize. Setting this to
351 * the correct value allows for simulation of MTU, sanity testing the mock
352 * implementation and mocking TCP connections with lower memory cost.
353 */
354int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
355 mbedtls_mock_socket* peer2,
356 size_t bufsize )
357{
358 int ret = -1;
359
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]360 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]361 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
362 if( peer1->output == NULL )
363 {
364 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
365 goto exit;
366 }
367 mbedtls_test_buffer_init( peer1->output );
368 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
369 {
370 goto exit;
371 }
372
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]373 peer2->output =
374 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
375 if( peer2->output == NULL )
376 {
377 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
378 goto exit;
379 }
380 mbedtls_test_buffer_init( peer2->output );
381 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
382 {
383 goto exit;
384 }
385
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]386 peer1->peer = peer2;
387 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100[diff] [blame]388 peer1->input = peer2->output;
389 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]390
391 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
392 ret = 0;
393
394exit:
395
396 if( ret != 0 )
397 {
398 mbedtls_mock_socket_close( peer1 );
399 mbedtls_mock_socket_close( peer2 );
400 }
401
402 return ret;
403}
404
405/*
406 * Callbacks for simulating blocking I/O over connection-oriented transport.
407 */
408
409int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
410{
411 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
412
413 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
414 return -1;
415
416 return mbedtls_test_buffer_put( socket->output, buf, len );
417}
418
419int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
420{
421 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
422
423 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
424 return -1;
425
426 return mbedtls_test_buffer_get( socket->input, buf, len );
427}
428
429/*
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]430 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
431 */
432
433int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
434{
435 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
436
437 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
438 return -1;
439
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]440 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]441 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]442 return MBEDTLS_ERR_SSL_WANT_WRITE;
443 }
444
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]445 return mbedtls_test_buffer_put( socket->output, buf, len );
446}
447
448int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
449{
450 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
451
452 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
453 return -1;
454
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]455 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]456 {
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]457 return MBEDTLS_ERR_SSL_WANT_READ;
458 }
459
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]460 return mbedtls_test_buffer_get( socket->input, buf, len );
461}
462
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]463/* Errors used in the message socket mocks */
464
465#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
466#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
467#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
468
469/*
470 * Structure used as an addon, or a wrapper, around the mocked sockets.
471 * Contains an input queue, to which the other socket pushes metadata,
472 * and an output queue, to which this one pushes metadata. This context is
473 * considered as an owner of the input queue only, which is initialized and
474 * freed in the respective setup and free calls.
475 */
476typedef struct mbedtls_test_message_socket_context
477{
478 mbedtls_test_message_queue* queue_input;
479 mbedtls_test_message_queue* queue_output;
480 mbedtls_mock_socket* socket;
481} mbedtls_test_message_socket_context;
482
483/*
484 * Setup a given mesasge socket context including initialization of
485 * input/output queues to a chosen capacity of messages. Also set the
486 * corresponding mock socket.
487 *
488 * \retval 0, if everything succeeds.
489 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
490 * queue failed.
491 */
492int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
493 mbedtls_test_message_queue* queue_output,
494 size_t queue_capacity,
495 mbedtls_mock_socket* socket,
496 mbedtls_test_message_socket_context* ctx )
497{
498 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
499 if( ret != 0 )
500 return ret;
501 ctx->queue_input = queue_input;
502 ctx->queue_output = queue_output;
503 ctx->socket = socket;
504 mbedtls_mock_socket_init( socket );
505
506 return 0;
507}
508
509/*
510 * Close a given message socket context, along with the socket itself. Free the
511 * memory allocated by the input queue.
512 */
513void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
514{
515 if( ctx == NULL )
516 return;
517
518 mbedtls_test_message_queue_free( ctx->queue_input );
519 mbedtls_mock_socket_close( ctx->socket );
520 memset( ctx, 0, sizeof( *ctx ) );
521}
522
523/*
524 * Send one message through a given message socket context.
525 *
526 * \retval \p len, if everything succeeds.
527 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
528 * elements or the context itself is null.
529 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]530 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]531 *
532 * This function will also return any error from
533 * mbedtls_test_message_queue_push_info.
534 */
535int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
536{
537 mbedtls_test_message_queue* queue;
538 mbedtls_mock_socket* socket;
539 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
540
541 if( context == NULL || context->socket == NULL
542 || context->queue_output == NULL )
543 {
544 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
545 }
546
547 queue = context->queue_output;
548 socket = context->socket;
549
550 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]551 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]552
553 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
554 return MBEDTLS_TEST_ERROR_SEND_FAILED;
555
556 return mbedtls_test_message_queue_push_info( queue, len );
557}
558
559/*
560 * Receive one message from a given message socket context and return message
561 * length or an error.
562 *
563 * \retval message length, if everything succeeds.
564 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
565 * elements or the context itself is null.
566 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
567 *
568 * This function will also return any error other than
569 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
570 */
571int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
572{
573 mbedtls_test_message_queue* queue;
574 mbedtls_mock_socket* socket;
575 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
576 size_t drop_len;
577 size_t msg_len;
578 int ret;
579
580 if( context == NULL || context->socket == NULL
581 || context->queue_input == NULL )
582 {
583 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
584 }
585
586 queue = context->queue_input;
587 socket = context->socket;
588
589 /* Peek first, so that in case of a socket error the data remains in
590 * the queue. */
591 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
592 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
593 {
594 /* Calculate how much to drop */
595 drop_len = msg_len - buf_len;
596
597 /* Set the requested message len to be buffer length */
598 msg_len = buf_len;
599 } else if( ret != 0 )
600 {
601 return ret;
602 }
603
604 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
605 return MBEDTLS_TEST_ERROR_RECV_FAILED;
606
607 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
608 {
609 /* Drop the remaining part of the message */
610 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
611 {
612 /* Inconsistent state - part of the message was read,
613 * and a part couldn't. Not much we can do here, but it should not
614 * happen in test environment, unless forced manually. */
615 }
616 }
617 mbedtls_test_message_queue_pop_info( queue, buf_len );
618
619 return msg_len;
620}
621
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]622#if defined(MBEDTLS_X509_CRT_PARSE_C)
623
624/*
625 * Structure with endpoint's certificates for SSL communication tests.
626 */
627typedef struct mbedtls_endpoint_certificate
628{
629 mbedtls_x509_crt ca_cert;
630 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]631 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]632} mbedtls_endpoint_certificate;
633
634/*
635 * Endpoint structure for SSL communication tests.
636 */
637typedef struct mbedtls_endpoint
638{
639 const char *name;
640 mbedtls_ssl_context ssl;
641 mbedtls_ssl_config conf;
642 mbedtls_ctr_drbg_context ctr_drbg;
643 mbedtls_entropy_context entropy;
644 mbedtls_mock_socket socket;
645 mbedtls_endpoint_certificate cert;
646} mbedtls_endpoint;
647
648/*
649 * Initializes \p ep_cert structure and assigns it to endpoint
650 * represented by \p ep.
651 *
652 * \retval 0 on success, otherwise error code.
653 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]654int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]655{
656 int i = 0;
657 int ret = -1;
658 mbedtls_endpoint_certificate *cert;
659
660 if( ep == NULL )
661 {
662 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
663 }
664
665 cert = &( ep->cert );
666 mbedtls_x509_crt_init( &( cert->ca_cert ) );
667 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]668 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]669
670 /* Load the trusted CA */
671
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]672 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
673 {
674 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
675 (const unsigned char *) mbedtls_test_cas_der[i],
676 mbedtls_test_cas_der_len[i] );
677 TEST_ASSERT( ret == 0 );
678 }
679
680 /* Load own certificate and private key */
681
682 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
683 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]684 if( pk_alg == MBEDTLS_PK_RSA )
685 {
686 ret = mbedtls_x509_crt_parse( &( cert->cert ),
687 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
688 mbedtls_test_srv_crt_rsa_sha256_der_len );
689 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]690
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]691 ret = mbedtls_pk_parse_key( &( cert->pkey ),
692 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
693 mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
694 TEST_ASSERT( ret == 0 );
695 }
696 else
697 {
698 ret = mbedtls_x509_crt_parse( &( cert->cert ),
699 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
700 mbedtls_test_srv_crt_ec_der_len );
701 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]702
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]703 ret = mbedtls_pk_parse_key( &( cert->pkey ),
704 (const unsigned char*) mbedtls_test_srv_key_ec_der,
705 mbedtls_test_srv_key_ec_der_len, NULL, 0 );
706 TEST_ASSERT( ret == 0 );
707 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]708 }
709 else
710 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]711 if( pk_alg == MBEDTLS_PK_RSA )
712 {
713 ret = mbedtls_x509_crt_parse( &( cert->cert ),
714 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
715 mbedtls_test_cli_crt_rsa_der_len );
716 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]717
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]718 ret = mbedtls_pk_parse_key( &( cert->pkey ),
719 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
720 mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
721 TEST_ASSERT( ret == 0 );
722 }
723 else
724 {
725 ret = mbedtls_x509_crt_parse( &( cert->cert ),
726 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
727 mbedtls_test_cli_crt_ec_len );
728 TEST_ASSERT( ret == 0 );
729
730 ret = mbedtls_pk_parse_key( &( cert->pkey ),
731 (const unsigned char *) mbedtls_test_cli_key_ec_der,
732 mbedtls_test_cli_key_ec_der_len, NULL, 0 );
733 TEST_ASSERT( ret == 0 );
734 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]735 }
736
737 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
738
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]739 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
740 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]741 TEST_ASSERT( ret == 0 );
742
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]743exit:
744 if( ret != 0 )
745 {
746 mbedtls_x509_crt_free( &( cert->ca_cert ) );
747 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]748 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]749 }
750
751 return ret;
752}
753
754/*
755 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
756 * after calling this function even if it fails.
757 *
758 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
759 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]760 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
761 * MBEDTLS_PK_ECDSA are supported.
762 * \p dtls_context - in case of DTLS - this is the context handling metadata.
763 * \p input_queue - used only in case of DTLS.
764 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]765 *
766 * \retval 0 on success, otherwise error code.
767 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]768int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
769 mbedtls_test_message_socket_context *dtls_context,
770 mbedtls_test_message_queue *input_queue,
771 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]772{
773 int ret = -1;
774
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]775 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]776 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]777
778 if( ep == NULL )
779 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]780
781 memset( ep, 0, sizeof( *ep ) );
782
783 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
784
785 mbedtls_ssl_init( &( ep->ssl ) );
786 mbedtls_ssl_config_init( &( ep->conf ) );
787 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
788 mbedtls_ssl_conf_rng( &( ep->conf ),
789 mbedtls_ctr_drbg_random,
790 &( ep->ctr_drbg ) );
791 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]792 if( dtls_context != NULL )
793 {
794 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
795 100, &( ep->socket ),
796 dtls_context ) == 0 );
797 }
798 else
799 {
800 mbedtls_mock_socket_init( &( ep->socket ) );
801 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]802
803 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
804 &( ep->entropy ), (const unsigned char *) ( ep->name ),
805 strlen( ep->name ) );
806 TEST_ASSERT( ret == 0 );
807
808 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]809 if( dtls_context != NULL )
810 {
811 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
812 mbedtls_mock_tcp_send_msg,
813 mbedtls_mock_tcp_recv_msg,
814 NULL );
815 }
816 else
817 {
818 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
819 mbedtls_mock_tcp_send_nb,
820 mbedtls_mock_tcp_recv_nb,
821 NULL );
822 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]823
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]824 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]825 ( dtls_context != NULL ) ?
826 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
827 MBEDTLS_SSL_TRANSPORT_STREAM,
828 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]829 TEST_ASSERT( ret == 0 );
830
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500[diff] [blame]831 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
832 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]833
834#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
835 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
836 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
837#endif
838
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]839 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]840 TEST_ASSERT( ret == 0 );
841
842exit:
843 return ret;
844}
845
846/*
847 * Deinitializes certificates from endpoint represented by \p ep.
848 */
849void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
850{
851 mbedtls_endpoint_certificate *cert = &( ep->cert );
852 mbedtls_x509_crt_free( &( cert->ca_cert ) );
853 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]854 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]855}
856
857/*
858 * Deinitializes endpoint represented by \p ep.
859 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]860void mbedtls_endpoint_free( mbedtls_endpoint *ep,
861 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]862{
863 mbedtls_endpoint_certificate_free( ep );
864
865 mbedtls_ssl_free( &( ep->ssl ) );
866 mbedtls_ssl_config_free( &( ep->conf ) );
867 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
868 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]869
870 if( context != NULL )
871 {
872 mbedtls_message_socket_close( context );
873 }
874 else
875 {
876 mbedtls_mock_socket_close( &( ep->socket ) );
877 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]878}
879
880/*
881 * This function moves ssl handshake from \p ssl to prescribed \p state.
882 * /p second_ssl is used as second endpoint and their sockets have to be
883 * connected before calling this function.
884 *
885 * \retval 0 on success, otherwise error code.
886 */
887int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
888 mbedtls_ssl_context *second_ssl,
889 int state )
890{
891 enum { BUFFSIZE = 1024 };
892 int max_steps = 1000;
893 int ret = 0;
894
895 if( ssl == NULL || second_ssl == NULL )
896 {
897 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
898 }
899
900 /* Perform communication via connected sockets */
901 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
902 {
903 /* If /p second_ssl ends the handshake procedure before /p ssl then
904 * there is no need to call the next step */
905 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
906 {
907 ret = mbedtls_ssl_handshake_step( second_ssl );
908 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
909 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
910 {
911 return ret;
912 }
913 }
914
915 /* We only care about the \p ssl state and returns, so we call it last,
916 * to leave the iteration as soon as the state is as expected. */
917 ret = mbedtls_ssl_handshake_step( ssl );
918 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
919 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
920 {
921 return ret;
922 }
923 }
924
925 return ( max_steps >= 0 ) ? ret : -1;
926}
927
928#endif /* MBEDTLS_X509_CRT_PARSE_C */
929
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]930/*
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]931 * Write application data. Then increase write and fragments counter
932 */
933int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
934 int ln, int *writen, int *fragments )
935{
936 int ret = mbedtls_ssl_write( ssl, buf + *writen, ln - *writen );
937 if( ret >= 0 )
938 {
939 (*fragments)++;
940 *writen += ret;
941 }
942 return ret;
943}
944
945/*
946 * Read application data and increase read counter
947 */
948int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf, int ln, int *read )
949{
950 int ret = mbedtls_ssl_read( ssl, buf + *read, ln - *read );
951 if( ret >= 0 )
952 {
953 *read += ret;
954 }
955 return ret;
956}
957
958/*
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]959 * Helper function setting up inverse record transformations
960 * using given cipher, hash, EtM mode, authentication tag length,
961 * and version.
962 */
963
964#define CHK( x ) \
965 do \
966 { \
967 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]968 { \
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]969 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]970 goto cleanup; \
971 } \
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]972 } while( 0 )
973
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]974void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
975 int* forced_ciphersuite )
976{
977 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
978 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
979 forced_ciphersuite[1] = 0;
980
981 ciphersuite_info =
982 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
983
984 TEST_ASSERT( ciphersuite_info != NULL );
985 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
986 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
987
988 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
989 {
990 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
991 }
992 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
993 {
994 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
995 }
996
997 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
998
999exit:
1000 return;
1001}
1002
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]1003int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1004 const unsigned char *name, size_t name_len )
1005{
1006 (void) p_info;
1007 (void) ssl;
1008 (void) name;
1009 (void) name_len;
1010
1011 return ( 0 );
1012}
1013
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1014#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1015#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1016#else
1017#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1018#endif
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1019
1020static int build_transforms( mbedtls_ssl_transform *t_in,
1021 mbedtls_ssl_transform *t_out,
1022 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1023 int etm, int tag_mode, int ver,
1024 size_t cid0_len,
1025 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1026{
1027 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1028 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1029
1030 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1031 unsigned char *key0 = NULL, *key1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1032 unsigned char iv_enc[16], iv_dec[16];
1033
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1034#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1035 unsigned char cid0[ SSL_CID_LEN_MIN ];
1036 unsigned char cid1[ SSL_CID_LEN_MIN ];
1037
1038 rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1039 rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +0100[diff] [blame]1040#else
1041 ((void) cid0_len);
1042 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1043#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1044
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1045 maclen = 0;
1046
1047 /* Pick cipher */
1048 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1049 CHK( cipher_info != NULL );
1050 CHK( cipher_info->iv_size <= 16 );
1051 CHK( cipher_info->key_bitlen % 8 == 0 );
1052
1053 /* Pick keys */
1054 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +0100[diff] [blame]1055 /* Allocate `keylen + 1` bytes to ensure that we get
1056 * a non-NULL pointers from `mbedtls_calloc` even if
1057 * `keylen == 0` in the case of the NULL cipher. */
1058 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1059 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1060 memset( key0, 0x1, keylen );
1061 memset( key1, 0x2, keylen );
1062
1063 /* Setup cipher contexts */
1064 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1065 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1066 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1067 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1068
1069#if defined(MBEDTLS_CIPHER_MODE_CBC)
1070 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1071 {
1072 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1073 MBEDTLS_PADDING_NONE ) == 0 );
1074 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1075 MBEDTLS_PADDING_NONE ) == 0 );
1076 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1077 MBEDTLS_PADDING_NONE ) == 0 );
1078 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1079 MBEDTLS_PADDING_NONE ) == 0 );
1080 }
1081#endif /* MBEDTLS_CIPHER_MODE_CBC */
1082
1083 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1084 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1085 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1086 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1087 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1088 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1089 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1090 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1091
1092 /* Setup MAC contexts */
1093#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
1094 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1095 cipher_info->mode == MBEDTLS_MODE_STREAM )
1096 {
1097 mbedtls_md_info_t const *md_info;
1098 unsigned char *md0, *md1;
1099
1100 /* Pick hash */
1101 md_info = mbedtls_md_info_from_type( hash_id );
1102 CHK( md_info != NULL );
1103
1104 /* Pick hash keys */
1105 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1106 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1107 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1108 memset( md0, 0x5, maclen );
1109 memset( md1, 0x6, maclen );
1110
1111 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1112 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1113 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1114 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1115
1116 if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
1117 {
1118 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1119 md0, maclen ) == 0 );
1120 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1121 md1, maclen ) == 0 );
1122 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1123 md1, maclen ) == 0 );
1124 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1125 md0, maclen ) == 0 );
1126 }
1127#if defined(MBEDTLS_SSL_PROTO_SSL3)
1128 else
1129 {
1130 memcpy( &t_in->mac_enc, md0, maclen );
1131 memcpy( &t_in->mac_dec, md1, maclen );
1132 memcpy( &t_out->mac_enc, md1, maclen );
1133 memcpy( &t_out->mac_dec, md0, maclen );
1134 }
1135#endif
1136
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1137 mbedtls_free( md0 );
1138 mbedtls_free( md1 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1139 }
1140#else
1141 ((void) hash_id);
1142#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
1143
1144
1145 /* Pick IV's (regardless of whether they
1146 * are being used by the transform). */
1147 ivlen = cipher_info->iv_size;
1148 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1149 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1150
1151 /*
1152 * Setup transforms
1153 */
1154
Jaeden Amero2de07f12019-06-05 13:32:08 +0100[diff] [blame]1155#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
1156 defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1157 t_out->encrypt_then_mac = etm;
1158 t_in->encrypt_then_mac = etm;
1159#else
1160 ((void) etm);
1161#endif
1162
1163 t_out->minor_ver = ver;
1164 t_in->minor_ver = ver;
1165 t_out->ivlen = ivlen;
1166 t_in->ivlen = ivlen;
1167
1168 switch( cipher_info->mode )
1169 {
1170 case MBEDTLS_MODE_GCM:
1171 case MBEDTLS_MODE_CCM:
1172 t_out->fixed_ivlen = 4;
1173 t_in->fixed_ivlen = 4;
1174 t_out->maclen = 0;
1175 t_in->maclen = 0;
1176 switch( tag_mode )
1177 {
1178 case 0: /* Full tag */
1179 t_out->taglen = 16;
1180 t_in->taglen = 16;
1181 break;
1182 case 1: /* Partial tag */
1183 t_out->taglen = 8;
1184 t_in->taglen = 8;
1185 break;
1186 default:
1187 return( 1 );
1188 }
1189 break;
1190
1191 case MBEDTLS_MODE_CHACHAPOLY:
1192 t_out->fixed_ivlen = 12;
1193 t_in->fixed_ivlen = 12;
1194 t_out->maclen = 0;
1195 t_in->maclen = 0;
1196 switch( tag_mode )
1197 {
1198 case 0: /* Full tag */
1199 t_out->taglen = 16;
1200 t_in->taglen = 16;
1201 break;
1202 case 1: /* Partial tag */
1203 t_out->taglen = 8;
1204 t_in->taglen = 8;
1205 break;
1206 default:
1207 return( 1 );
1208 }
1209 break;
1210
1211 case MBEDTLS_MODE_STREAM:
1212 case MBEDTLS_MODE_CBC:
1213 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1214 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1215 t_out->taglen = 0;
1216 t_in->taglen = 0;
1217 switch( tag_mode )
1218 {
1219 case 0: /* Full tag */
1220 t_out->maclen = maclen;
1221 t_in->maclen = maclen;
1222 break;
1223 case 1: /* Partial tag */
1224 t_out->maclen = 10;
1225 t_in->maclen = 10;
1226 break;
1227 default:
1228 return( 1 );
1229 }
1230 break;
1231 default:
1232 return( 1 );
1233 break;
1234 }
1235
1236 /* Setup IV's */
1237
1238 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1239 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1240 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1241 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1242
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1243#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1244 /* Add CID */
1245 memcpy( &t_in->in_cid, cid0, cid0_len );
1246 memcpy( &t_in->out_cid, cid1, cid1_len );
1247 t_in->in_cid_len = cid0_len;
1248 t_in->out_cid_len = cid1_len;
1249 memcpy( &t_out->in_cid, cid1, cid1_len );
1250 memcpy( &t_out->out_cid, cid0, cid0_len );
1251 t_out->in_cid_len = cid1_len;
1252 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1253#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1254
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1255cleanup:
1256
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]1257 mbedtls_free( key0 );
1258 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1259
Hanno Beckera5780f12019-04-05 09:55:37 +0100[diff] [blame]1260 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1261}
1262
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1263/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1264 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1265 * Choose dummy values, mostly non-0 to distinguish from the init default.
1266 */
1267static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1268 int ticket_len,
1269 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1270{
1271#if defined(MBEDTLS_HAVE_TIME)
1272 session->start = mbedtls_time( NULL ) - 42;
1273#endif
1274 session->ciphersuite = 0xabcd;
1275 session->compression = 1;
1276 session->id_len = sizeof( session->id );
1277 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1278 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1279
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +0200[diff] [blame]1280#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1281 if( strlen( crt_file ) != 0 )
1282 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1283 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1284 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1285
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1286 mbedtls_x509_crt_init( &tmp_crt );
1287 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1288 if( ret != 0 )
1289 return( ret );
1290
1291#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1292 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]1293 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1294 if( session->peer_cert == NULL )
1295 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1296 *session->peer_cert = tmp_crt;
1297 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1298#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1299 /* Calculate digest of temporary CRT. */
1300 session->peer_cert_digest =
1301 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1302 if( session->peer_cert_digest == NULL )
1303 return( -1 );
1304 ret = mbedtls_md( mbedtls_md_info_from_type(
1305 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1306 tmp_crt.raw.p, tmp_crt.raw.len,
1307 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1308 if( ret != 0 )
1309 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1310 session->peer_cert_digest_type =
1311 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1312 session->peer_cert_digest_len =
1313 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1314#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1315
1316 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1317 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1318#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1319 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1320#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1321 session->verify_result = 0xdeadbeef;
1322
1323#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1324 if( ticket_len != 0 )
1325 {
1326 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]1327 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1328 return( -1 );
1329 memset( session->ticket, 33, ticket_len );
1330 }
1331 session->ticket_len = ticket_len;
1332 session->ticket_lifetime = 86401;
1333#else
1334 (void) ticket_len;
1335#endif
1336
1337#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1338 session->mfl_code = 1;
1339#endif
1340#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1341 session->trunc_hmac = 1;
1342#endif
1343#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1344 session->encrypt_then_mac = 1;
1345#endif
1346
1347 return( 0 );
1348}
1349
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1350/* END_HEADER */
1351
1352/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1353 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1354 * END_DEPENDENCIES
1355 */
1356
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1357/* BEGIN_CASE */
1358void test_callback_buffer_sanity()
1359{
1360 enum { MSGLEN = 10 };
1361 mbedtls_test_buffer buf;
1362 unsigned char input[MSGLEN];
1363 unsigned char output[MSGLEN];
1364
1365 memset( input, 0, sizeof(input) );
1366
1367 /* Make sure calling put and get on NULL buffer results in error. */
1368 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
1369 == -1 );
1370 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
1371 == -1 );
1372 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1373
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1374 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
1375 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
1376
1377 /* Make sure calling put and get on a buffer that hasn't been set up results
1378 * in eror. */
1379 mbedtls_test_buffer_init( &buf );
1380
1381 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
1382 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
1383 == -1 );
1384 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1385
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1386 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
1387 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
1388
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1389 /* Make sure calling put and get on NULL input only results in
1390 * error if the length is not zero, and that a NULL output is valid for data
1391 * dropping.
1392 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1393
1394 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
1395
1396 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
1397 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]1398 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1399 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
1400 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
1401
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]1402 /* Make sure calling put several times in the row is safe */
1403
1404 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
1405 == sizeof( input ) );
1406 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
1407 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
1408 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
1409 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
1410
1411
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1412exit:
1413
1414 mbedtls_test_buffer_free( &buf );
1415}
1416/* END_CASE */
1417
1418/*
1419 * Test if the implementation of `mbedtls_test_buffer` related functions is
1420 * correct and works as expected.
1421 *
1422 * That is
1423 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
1424 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1425 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
1426 * bytes.
1427 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
1428 * - All of the bytes we got match the bytes we put in in a FIFO manner.
1429 */
1430
1431/* BEGIN_CASE */
1432void test_callback_buffer( int size, int put1, int put1_ret,
1433 int get1, int get1_ret, int put2, int put2_ret,
1434 int get2, int get2_ret )
1435{
1436 enum { ROUNDS = 2 };
1437 size_t put[ROUNDS];
1438 int put_ret[ROUNDS];
1439 size_t get[ROUNDS];
1440 int get_ret[ROUNDS];
1441 mbedtls_test_buffer buf;
1442 unsigned char* input = NULL;
1443 size_t input_len;
1444 unsigned char* output = NULL;
1445 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1446 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]1447
1448 mbedtls_test_buffer_init( &buf );
1449 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
1450
1451 /* Check the sanity of input parameters and initialise local variables. That
1452 * is, ensure that the amount of data is not negative and that we are not
1453 * expecting more to put or get than we actually asked for. */
1454 TEST_ASSERT( put1 >= 0 );
1455 put[0] = put1;
1456 put_ret[0] = put1_ret;
1457 TEST_ASSERT( put1_ret <= put1 );
1458 TEST_ASSERT( put2 >= 0 );
1459 put[1] = put2;
1460 put_ret[1] = put2_ret;
1461 TEST_ASSERT( put2_ret <= put2 );
1462
1463 TEST_ASSERT( get1 >= 0 );
1464 get[0] = get1;
1465 get_ret[0] = get1_ret;
1466 TEST_ASSERT( get1_ret <= get1 );
1467 TEST_ASSERT( get2 >= 0 );
1468 get[1] = get2;
1469 get_ret[1] = get2_ret;
1470 TEST_ASSERT( get2_ret <= get2 );
1471
1472 input_len = 0;
1473 /* Calculate actual input and output lengths */
1474 for( j = 0; j < ROUNDS; j++ )
1475 {
1476 if( put_ret[j] > 0 )
1477 {
1478 input_len += put_ret[j];
1479 }
1480 }
1481 /* In order to always have a valid pointer we always allocate at least 1
1482 * byte. */
1483 if( input_len == 0 )
1484 input_len = 1;
1485 ASSERT_ALLOC( input, input_len );
1486
1487 output_len = 0;
1488 for( j = 0; j < ROUNDS; j++ )
1489 {
1490 if( get_ret[j] > 0 )
1491 {
1492 output_len += get_ret[j];
1493 }
1494 }
1495 TEST_ASSERT( output_len <= input_len );
1496 /* In order to always have a valid pointer we always allocate at least 1
1497 * byte. */
1498 if( output_len == 0 )
1499 output_len = 1;
1500 ASSERT_ALLOC( output, output_len );
1501
1502 /* Fill up the buffer with structured data so that unwanted changes
1503 * can be detected */
1504 for( i = 0; i < input_len; i++ )
1505 {
1506 input[i] = i & 0xFF;
1507 }
1508
1509 written = read = 0;
1510 for( j = 0; j < ROUNDS; j++ )
1511 {
1512 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
1513 input + written, put[j] ) );
1514 written += put_ret[j];
1515 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
1516 output + read, get[j] ) );
1517 read += get_ret[j];
1518 TEST_ASSERT( read <= written );
1519 if( get_ret[j] > 0 )
1520 {
1521 TEST_ASSERT( memcmp( output + read - get_ret[j],
1522 input + read - get_ret[j], get_ret[j] )
1523 == 0 );
1524 }
1525 }
1526
1527exit:
1528
1529 mbedtls_free( input );
1530 mbedtls_free( output );
1531 mbedtls_test_buffer_free( &buf );
1532}
1533/* END_CASE */
1534
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1535/*
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1536 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
1537 * correct and works as expected on unconnected sockets.
1538 */
1539
1540/* BEGIN_CASE */
1541void ssl_mock_sanity( )
1542{
1543 enum { MSGLEN = 105 };
1544 unsigned char message[MSGLEN];
1545 unsigned char received[MSGLEN];
1546 mbedtls_mock_socket socket;
1547
1548 mbedtls_mock_socket_init( &socket );
1549 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
1550 mbedtls_mock_socket_close( &socket );
1551 mbedtls_mock_socket_init( &socket );
1552 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
1553 mbedtls_mock_socket_close( &socket );
1554
1555 mbedtls_mock_socket_init( &socket );
1556 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
1557 mbedtls_mock_socket_close( &socket );
1558 mbedtls_mock_socket_init( &socket );
1559 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
1560 mbedtls_mock_socket_close( &socket );
1561
1562exit:
1563
1564 mbedtls_mock_socket_close( &socket );
1565}
1566/* END_CASE */
1567
1568/*
1569 * Test if the implementation of `mbedtls_mock_socket` related functions can
1570 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1571 */
1572
1573/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1574void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1575{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1576 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1577 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1578 unsigned char message[MSGLEN];
1579 unsigned char received[MSGLEN];
1580 mbedtls_mock_socket client;
1581 mbedtls_mock_socket server;
1582 size_t written, read;
1583 int send_ret, recv_ret;
1584 mbedtls_ssl_send_t *send;
1585 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1586 unsigned i;
1587
1588 if( blocking == 0 )
1589 {
1590 send = mbedtls_mock_tcp_send_nb;
1591 recv = mbedtls_mock_tcp_recv_nb;
1592 }
1593 else
1594 {
1595 send = mbedtls_mock_tcp_send_b;
1596 recv = mbedtls_mock_tcp_recv_b;
1597 }
1598
1599 mbedtls_mock_socket_init( &client );
1600 mbedtls_mock_socket_init( &server );
1601
1602 /* Fill up the buffer with structured data so that unwanted changes
1603 * can be detected */
1604 for( i = 0; i < MSGLEN; i++ )
1605 {
1606 message[i] = i & 0xFF;
1607 }
1608
1609 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1610 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1611
1612 /* Send the message to the server */
1613 send_ret = recv_ret = 1;
1614 written = read = 0;
1615 while( send_ret != 0 || recv_ret != 0 )
1616 {
1617 send_ret = send( &client, message + written, MSGLEN - written );
1618
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1619 TEST_ASSERT( send_ret >= 0 );
1620 TEST_ASSERT( send_ret <= BUFLEN );
1621 written += send_ret;
1622
1623 /* If the buffer is full we can test blocking and non-blocking send */
1624 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1625 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1626 int blocking_ret = send( &client, message , 1 );
1627 if ( blocking )
1628 {
1629 TEST_ASSERT( blocking_ret == 0 );
1630 }
1631 else
1632 {
1633 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1634 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1635 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1636
1637 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1638
1639 /* The result depends on whether any data was sent */
1640 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1641 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1642 TEST_ASSERT( recv_ret > 0 );
1643 TEST_ASSERT( recv_ret <= BUFLEN );
1644 read += recv_ret;
1645 }
1646 else if( blocking )
1647 {
1648 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1649 }
1650 else
1651 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1652 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
1653 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1654 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1655
1656 /* If the buffer is empty we can test blocking and non-blocking read */
1657 if ( recv_ret == BUFLEN )
1658 {
1659 int blocking_ret = recv( &server, received, 1 );
1660 if ( blocking )
1661 {
1662 TEST_ASSERT( blocking_ret == 0 );
1663 }
1664 else
1665 {
1666 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1667 }
1668 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1669 }
1670 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
1671
1672exit:
1673
1674 mbedtls_mock_socket_close( &client );
1675 mbedtls_mock_socket_close( &server );
1676}
1677/* END_CASE */
1678
1679/*
1680 * Test if the implementation of `mbedtls_mock_socket` related functions can
1681 * send messages in both direction at the same time (with the I/O calls
1682 * interleaving).
1683 */
1684
1685/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1686void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]1687{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1688 enum { ROUNDS = 2 };
1689 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1690 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1691 unsigned char message[ROUNDS][MSGLEN];
1692 unsigned char received[ROUNDS][MSGLEN];
1693 mbedtls_mock_socket client;
1694 mbedtls_mock_socket server;
1695 size_t written[ROUNDS];
1696 size_t read[ROUNDS];
1697 int send_ret[ROUNDS];
1698 int recv_ret[ROUNDS];
1699 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1700 mbedtls_ssl_send_t *send;
1701 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1702
1703 if( blocking == 0 )
1704 {
1705 send = mbedtls_mock_tcp_send_nb;
1706 recv = mbedtls_mock_tcp_recv_nb;
1707 }
1708 else
1709 {
1710 send = mbedtls_mock_tcp_send_b;
1711 recv = mbedtls_mock_tcp_recv_b;
1712 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1713
1714 mbedtls_mock_socket_init( &client );
1715 mbedtls_mock_socket_init( &server );
1716
1717 /* Fill up the buffers with structured data so that unwanted changes
1718 * can be detected */
1719 for( i = 0; i < ROUNDS; i++ )
1720 {
1721 for( j = 0; j < MSGLEN; j++ )
1722 {
1723 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
1724 }
1725 }
1726
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1727 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1728 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1729
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1730 /* Send the message from both sides, interleaving. */
1731 progress = 1;
1732 for( i = 0; i < ROUNDS; i++ )
1733 {
1734 written[i] = 0;
1735 read[i] = 0;
1736 }
1737 /* This loop does not stop as long as there was a successful write or read
1738 * of at least one byte on either side. */
1739 while( progress != 0 )
1740 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1741 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1742
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1743 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1744 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1745 /* First sending is from the client */
1746 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1747
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1748 send_ret[i] = send( socket, message[i] + written[i],
1749 MSGLEN - written[i] );
1750 TEST_ASSERT( send_ret[i] >= 0 );
1751 TEST_ASSERT( send_ret[i] <= BUFLEN );
1752 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1753
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1754 /* If the buffer is full we can test blocking and non-blocking
1755 * send */
1756 if ( send_ret[i] == BUFLEN )
1757 {
1758 int blocking_ret = send( socket, message[i] , 1 );
1759 if ( blocking )
1760 {
1761 TEST_ASSERT( blocking_ret == 0 );
1762 }
1763 else
1764 {
1765 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1766 }
1767 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1768 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1769
1770 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1771 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1772 /* First receiving is from the server */
1773 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
1774
1775 recv_ret[i] = recv( socket, received[i] + read[i],
1776 MSGLEN - read[i] );
1777
1778 /* The result depends on whether any data was sent */
1779 if ( send_ret[i] > 0 )
1780 {
1781 TEST_ASSERT( recv_ret[i] > 0 );
1782 TEST_ASSERT( recv_ret[i] <= BUFLEN );
1783 read[i] += recv_ret[i];
1784 }
1785 else if( blocking )
1786 {
1787 TEST_ASSERT( recv_ret[i] == 0 );
1788 }
1789 else
1790 {
1791 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
1792 recv_ret[i] = 0;
1793 }
1794
1795 /* If the buffer is empty we can test blocking and non-blocking
1796 * read */
1797 if ( recv_ret[i] == BUFLEN )
1798 {
1799 int blocking_ret = recv( socket, received[i], 1 );
1800 if ( blocking )
1801 {
1802 TEST_ASSERT( blocking_ret == 0 );
1803 }
1804 else
1805 {
1806 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
1807 }
1808 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]1809 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1810
1811 progress = 0;
1812 for( i = 0; i < ROUNDS; i++ )
1813 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]1814 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]1815 }
1816 }
1817
1818 for( i = 0; i < ROUNDS; i++ )
1819 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
1820
1821exit:
1822
1823 mbedtls_mock_socket_close( &client );
1824 mbedtls_mock_socket_close( &server );
1825}
1826/* END_CASE */
1827
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1828/* BEGIN_CASE */
1829void ssl_message_queue_sanity( )
1830{
1831 mbedtls_test_message_queue queue;
1832
1833 /* Trying to push/pull to an empty queue */
1834 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
1835 == MBEDTLS_TEST_ERROR_ARG_NULL );
1836 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
1837 == MBEDTLS_TEST_ERROR_ARG_NULL );
1838
1839 mbedtls_test_message_queue_setup( &queue, 3 );
1840 TEST_ASSERT( queue.capacity == 3 );
1841 TEST_ASSERT( queue.num == 0 );
1842
1843exit:
1844 mbedtls_test_message_queue_free( &queue );
1845}
1846/* END_CASE */
1847
1848/* BEGIN_CASE */
1849void ssl_message_queue_basic( )
1850{
1851 mbedtls_test_message_queue queue;
1852
1853 mbedtls_test_message_queue_setup( &queue, 3 );
1854
1855 /* Sanity test - 3 pushes and 3 pops with sufficient space */
1856 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1857 TEST_ASSERT( queue.capacity == 3 );
1858 TEST_ASSERT( queue.num == 1 );
1859 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1860 TEST_ASSERT( queue.capacity == 3 );
1861 TEST_ASSERT( queue.num == 2 );
1862 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1863 TEST_ASSERT( queue.capacity == 3 );
1864 TEST_ASSERT( queue.num == 3 );
1865
1866 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1867 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1868 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1869
1870exit:
1871 mbedtls_test_message_queue_free( &queue );
1872}
1873/* END_CASE */
1874
1875/* BEGIN_CASE */
1876void ssl_message_queue_overflow_underflow( )
1877{
1878 mbedtls_test_message_queue queue;
1879
1880 mbedtls_test_message_queue_setup( &queue, 3 );
1881
1882 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
1883 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1884 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1885 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1886 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]1887 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1888
1889 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1890 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1891 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1892
1893 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]1894 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]1895
1896exit:
1897 mbedtls_test_message_queue_free( &queue );
1898}
1899/* END_CASE */
1900
1901/* BEGIN_CASE */
1902void ssl_message_queue_interleaved( )
1903{
1904 mbedtls_test_message_queue queue;
1905
1906 mbedtls_test_message_queue_setup( &queue, 3 );
1907
1908 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
1909 * (to wrap around the buffer) */
1910 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1911 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
1912
1913 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1914
1915 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
1916 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
1917
1918 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
1919 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
1920
1921 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
1922 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
1923
1924 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
1925
1926 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
1927
1928 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
1929
1930exit:
1931 mbedtls_test_message_queue_free( &queue );
1932}
1933/* END_CASE */
1934
1935/* BEGIN_CASE */
1936void ssl_message_queue_insufficient_buffer( )
1937{
1938 mbedtls_test_message_queue queue;
1939 size_t message_len = 10;
1940 size_t buffer_len = 5;
1941
1942 mbedtls_test_message_queue_setup( &queue, 1 );
1943
1944 /* Popping without a sufficient buffer */
1945 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
1946 == (int) message_len );
1947 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
1948 == (int) buffer_len );
1949exit:
1950 mbedtls_test_message_queue_free( &queue );
1951}
1952/* END_CASE */
1953
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1954/* BEGIN_CASE */
1955void ssl_message_mock_uninitialized( )
1956{
1957 enum { MSGLEN = 10 };
1958 unsigned char message[MSGLEN], received[MSGLEN];
1959 mbedtls_mock_socket client, server;
1960 mbedtls_test_message_queue server_queue, client_queue;
1961 mbedtls_test_message_socket_context server_context, client_context;
1962
1963 /* Send with a NULL context */
1964 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
1965 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1966
1967 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
1968 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
1969
1970 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
1971 &server,
1972 &server_context ) == 0 );
1973
1974 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
1975 &client,
1976 &client_context ) == 0 );
1977
1978 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
1979 == MBEDTLS_TEST_ERROR_SEND_FAILED );
1980
1981 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]1982 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1983
1984 /* Push directly to a queue to later simulate a disconnected behavior */
1985 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
1986 == MSGLEN );
1987
1988 /* Test if there's an error when trying to read from a disconnected
1989 * socket */
1990 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
1991 == MBEDTLS_TEST_ERROR_RECV_FAILED );
1992 exit:
1993 mbedtls_message_socket_close( &server_context );
1994 mbedtls_message_socket_close( &client_context );
1995}
1996/* END_CASE */
1997
1998/* BEGIN_CASE */
1999void ssl_message_mock_basic( )
2000{
2001 enum { MSGLEN = 10 };
2002 unsigned char message[MSGLEN], received[MSGLEN];
2003 mbedtls_mock_socket client, server;
2004 unsigned i;
2005 mbedtls_test_message_queue server_queue, client_queue;
2006 mbedtls_test_message_socket_context server_context, client_context;
2007
2008 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2009 &server,
2010 &server_context ) == 0 );
2011
2012 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2013 &client,
2014 &client_context ) == 0 );
2015
2016 /* Fill up the buffer with structured data so that unwanted changes
2017 * can be detected */
2018 for( i = 0; i < MSGLEN; i++ )
2019 {
2020 message[i] = i & 0xFF;
2021 }
2022 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2023 MSGLEN ) );
2024
2025 /* Send the message to the server */
2026 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2027 MSGLEN ) == MSGLEN );
2028
2029 /* Read from the server */
2030 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2031 == MSGLEN );
2032
2033 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2034 memset( received, 0, MSGLEN );
2035
2036 /* Send the message to the client */
2037 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2038 MSGLEN ) == MSGLEN );
2039
2040 /* Read from the client */
2041 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2042 == MSGLEN );
2043 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2044
2045 exit:
2046 mbedtls_message_socket_close( &server_context );
2047 mbedtls_message_socket_close( &client_context );
2048}
2049/* END_CASE */
2050
2051/* BEGIN_CASE */
2052void ssl_message_mock_queue_overflow_underflow( )
2053{
2054 enum { MSGLEN = 10 };
2055 unsigned char message[MSGLEN], received[MSGLEN];
2056 mbedtls_mock_socket client, server;
2057 unsigned i;
2058 mbedtls_test_message_queue server_queue, client_queue;
2059 mbedtls_test_message_socket_context server_context, client_context;
2060
2061 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2062 &server,
2063 &server_context ) == 0 );
2064
2065 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2066 &client,
2067 &client_context ) == 0 );
2068
2069 /* Fill up the buffer with structured data so that unwanted changes
2070 * can be detected */
2071 for( i = 0; i < MSGLEN; i++ )
2072 {
2073 message[i] = i & 0xFF;
2074 }
2075 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2076 MSGLEN*2 ) );
2077
2078 /* Send three message to the server, last one with an error */
2079 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2080 MSGLEN - 1 ) == MSGLEN - 1 );
2081
2082 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2083 MSGLEN ) == MSGLEN );
2084
2085 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2086 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2087 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2088
2089 /* Read three messages from the server, last one with an error */
2090 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2091 MSGLEN - 1 ) == MSGLEN - 1 );
2092
2093 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2094 == MSGLEN );
2095
2096 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2097
2098 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2099 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2100
2101 exit:
2102 mbedtls_message_socket_close( &server_context );
2103 mbedtls_message_socket_close( &client_context );
2104}
2105/* END_CASE */
2106
2107/* BEGIN_CASE */
2108void ssl_message_mock_socket_overflow( )
2109{
2110 enum { MSGLEN = 10 };
2111 unsigned char message[MSGLEN], received[MSGLEN];
2112 mbedtls_mock_socket client, server;
2113 unsigned i;
2114 mbedtls_test_message_queue server_queue, client_queue;
2115 mbedtls_test_message_socket_context server_context, client_context;
2116
2117 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2118 &server,
2119 &server_context ) == 0 );
2120
2121 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2122 &client,
2123 &client_context ) == 0 );
2124
2125 /* Fill up the buffer with structured data so that unwanted changes
2126 * can be detected */
2127 for( i = 0; i < MSGLEN; i++ )
2128 {
2129 message[i] = i & 0xFF;
2130 }
2131 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2132 MSGLEN ) );
2133
2134 /* Send two message to the server, second one with an error */
2135 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2136 MSGLEN ) == MSGLEN );
2137
2138 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2139 MSGLEN )
2140 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2141
2142 /* Read the only message from the server */
2143 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2144 == MSGLEN );
2145
2146 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2147
2148 exit:
2149 mbedtls_message_socket_close( &server_context );
2150 mbedtls_message_socket_close( &client_context );
2151}
2152/* END_CASE */
2153
2154/* BEGIN_CASE */
2155void ssl_message_mock_truncated( )
2156{
2157 enum { MSGLEN = 10 };
2158 unsigned char message[MSGLEN], received[MSGLEN];
2159 mbedtls_mock_socket client, server;
2160 unsigned i;
2161 mbedtls_test_message_queue server_queue, client_queue;
2162 mbedtls_test_message_socket_context server_context, client_context;
2163
2164 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2165 &server,
2166 &server_context ) == 0 );
2167
2168 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2169 &client,
2170 &client_context ) == 0 );
2171
2172 memset( received, 0, MSGLEN );
2173 /* Fill up the buffer with structured data so that unwanted changes
2174 * can be detected */
2175 for( i = 0; i < MSGLEN; i++ )
2176 {
2177 message[i] = i & 0xFF;
2178 }
2179 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2180 2 * MSGLEN ) );
2181
2182 /* Send two messages to the server, the second one small enough to fit in the
2183 * receiver's buffer. */
2184 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2185 MSGLEN ) == MSGLEN );
2186 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2187 MSGLEN / 2 ) == MSGLEN / 2 );
2188 /* Read a truncated message from the server */
2189 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2190 == MSGLEN/2 );
2191
2192 /* Test that the first half of the message is valid, and second one isn't */
2193 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2194 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2195 != 0 );
2196 memset( received, 0, MSGLEN );
2197
2198 /* Read a full message from the server */
2199 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2200 == MSGLEN / 2 );
2201
2202 /* Test that the first half of the message is valid */
2203 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2204
2205 exit:
2206 mbedtls_message_socket_close( &server_context );
2207 mbedtls_message_socket_close( &client_context );
2208}
2209/* END_CASE */
2210
2211/* BEGIN_CASE */
2212void ssl_message_mock_socket_read_error( )
2213{
2214 enum { MSGLEN = 10 };
2215 unsigned char message[MSGLEN], received[MSGLEN];
2216 mbedtls_mock_socket client, server;
2217 unsigned i;
2218 mbedtls_test_message_queue server_queue, client_queue;
2219 mbedtls_test_message_socket_context server_context, client_context;
2220
2221 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2222 &server,
2223 &server_context ) == 0 );
2224
2225 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2226 &client,
2227 &client_context ) == 0 );
2228
2229 /* Fill up the buffer with structured data so that unwanted changes
2230 * can be detected */
2231 for( i = 0; i < MSGLEN; i++ )
2232 {
2233 message[i] = i & 0xFF;
2234 }
2235 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2236 MSGLEN ) );
2237
2238 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2239 MSGLEN ) == MSGLEN );
2240
2241 /* Force a read error by disconnecting the socket by hand */
2242 server.status = 0;
2243 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2244 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2245 /* Return to a valid state */
2246 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2247
2248 memset( received, 0, sizeof( received ) );
2249
2250 /* Test that even though the server tried to read once disconnected, the
2251 * continuity is preserved */
2252 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2253 == MSGLEN );
2254
2255 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2256
2257 exit:
2258 mbedtls_message_socket_close( &server_context );
2259 mbedtls_message_socket_close( &client_context );
2260}
2261/* END_CASE */
2262
2263/* BEGIN_CASE */
2264void ssl_message_mock_interleaved_one_way( )
2265{
2266 enum { MSGLEN = 10 };
2267 unsigned char message[MSGLEN], received[MSGLEN];
2268 mbedtls_mock_socket client, server;
2269 unsigned i;
2270 mbedtls_test_message_queue server_queue, client_queue;
2271 mbedtls_test_message_socket_context server_context, client_context;
2272
2273 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2274 &server,
2275 &server_context ) == 0 );
2276
2277 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2278 &client,
2279 &client_context ) == 0 );
2280
2281 /* Fill up the buffer with structured data so that unwanted changes
2282 * can be detected */
2283 for( i = 0; i < MSGLEN; i++ )
2284 {
2285 message[i] = i & 0xFF;
2286 }
2287 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2288 MSGLEN*3 ) );
2289
2290 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
2291 * (to wrap around the buffer) */
2292 for( i = 0; i < 2; i++ )
2293 {
2294 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2295 MSGLEN ) == MSGLEN );
2296
2297 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2298 MSGLEN ) == MSGLEN );
2299
2300 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2301 MSGLEN ) == MSGLEN );
2302 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2303 memset( received, 0, sizeof( received ) );
2304 }
2305
2306 for( i = 0; i < 2; i++ )
2307 {
2308 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2309 MSGLEN ) == MSGLEN );
2310
2311 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2312 }
2313 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2314 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2315 exit:
2316 mbedtls_message_socket_close( &server_context );
2317 mbedtls_message_socket_close( &client_context );
2318}
2319/* END_CASE */
2320
2321/* BEGIN_CASE */
2322void ssl_message_mock_interleaved_two_ways( )
2323{
2324 enum { MSGLEN = 10 };
2325 unsigned char message[MSGLEN], received[MSGLEN];
2326 mbedtls_mock_socket client, server;
2327 unsigned i;
2328 mbedtls_test_message_queue server_queue, client_queue;
2329 mbedtls_test_message_socket_context server_context, client_context;
2330
2331 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2332 &server,
2333 &server_context ) == 0 );
2334
2335 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2336 &client,
2337 &client_context ) == 0 );
2338
2339 /* Fill up the buffer with structured data so that unwanted changes
2340 * can be detected */
2341 for( i = 0; i < MSGLEN; i++ )
2342 {
2343 message[i] = i & 0xFF;
2344 }
2345 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2346 MSGLEN*3 ) );
2347
2348 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
2349 * (to wrap around the buffer) both ways. */
2350 for( i = 0; i < 2; i++ )
2351 {
2352 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2353 MSGLEN ) == MSGLEN );
2354
2355 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2356 MSGLEN ) == MSGLEN );
2357
2358 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2359 MSGLEN ) == MSGLEN );
2360
2361 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2362 MSGLEN ) == MSGLEN );
2363
2364 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2365 MSGLEN ) == MSGLEN );
2366
2367 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2368
2369 memset( received, 0, sizeof( received ) );
2370
2371 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2372 MSGLEN ) == MSGLEN );
2373
2374 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2375
2376 memset( received, 0, sizeof( received ) );
2377 }
2378
2379 for( i = 0; i < 2; i++ )
2380 {
2381 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2382 MSGLEN ) == MSGLEN );
2383
2384 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2385 memset( received, 0, sizeof( received ) );
2386
2387 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
2388 MSGLEN ) == MSGLEN );
2389
2390 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2391 memset( received, 0, sizeof( received ) );
2392 }
2393
2394 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2395 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2396
2397 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500[diff] [blame]2398 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]2399 exit:
2400 mbedtls_message_socket_close( &server_context );
2401 mbedtls_message_socket_close( &client_context );
2402}
2403/* END_CASE */
2404
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2405/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]2406void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2407{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2408 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2409 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2410 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2411
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2412 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2413 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]2414
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]2415 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
2416 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]2417 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2418 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2419 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2420
2421 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2422 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2423 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2424 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2425 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2426 }
2427
2428 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2429 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2430 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2431
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2432 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]2433 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]2434}
2435/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]2436
2437/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
2438void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
2439{
2440 mbedtls_ssl_context ssl;
2441 mbedtls_ssl_init( &ssl );
2442
2443 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
2444 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
2445
2446 mbedtls_ssl_free( &ssl );
2447}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]2448/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2449
2450/* BEGIN_CASE */
2451void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2452 int etm, int tag_mode, int ver,
2453 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2454{
2455 /*
2456 * Test several record encryptions and decryptions
2457 * with plenty of space before and after the data
2458 * within the record buffer.
2459 */
2460
2461 int ret;
2462 int num_records = 16;
2463 mbedtls_ssl_context ssl; /* ONLY for debugging */
2464
2465 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2466 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2467 size_t const buflen = 512;
2468 mbedtls_record rec, rec_backup;
2469
2470 mbedtls_ssl_init( &ssl );
2471 mbedtls_ssl_transform_init( &t0 );
2472 mbedtls_ssl_transform_init( &t1 );
2473 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2474 etm, tag_mode, ver,
2475 (size_t) cid0_len,
2476 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2477
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2478 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2479
2480 while( num_records-- > 0 )
2481 {
2482 mbedtls_ssl_transform *t_dec, *t_enc;
2483 /* Take turns in who's sending and who's receiving. */
2484 if( num_records % 3 == 0 )
2485 {
2486 t_dec = &t0;
2487 t_enc = &t1;
2488 }
2489 else
2490 {
2491 t_dec = &t1;
2492 t_enc = &t0;
2493 }
2494
2495 /*
2496 * The record header affects the transformation in two ways:
2497 * 1) It determines the AEAD additional data
2498 * 2) The record counter sometimes determines the IV.
2499 *
2500 * Apart from that, the fields don't have influence.
2501 * In particular, it is currently not the responsibility
2502 * of ssl_encrypt/decrypt_buf to check if the transform
2503 * version matches the record version, or that the
2504 * type is sensible.
2505 */
2506
2507 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
2508 rec.type = 42;
2509 rec.ver[0] = num_records;
2510 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2511#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2512 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2513#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2514
2515 rec.buf = buf;
2516 rec.buf_len = buflen;
2517 rec.data_offset = 16;
2518 /* Make sure to vary the length to exercise different
2519 * paddings. */
2520 rec.data_len = 1 + num_records;
2521
2522 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2523
2524 /* Make a copy for later comparison */
2525 rec_backup = rec;
2526
2527 /* Encrypt record */
2528 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
2529 rnd_std_rand, NULL );
2530 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2531 if( ret != 0 )
2532 {
2533 continue;
2534 }
2535
2536 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2537 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
2538 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2539
2540 /* Compare results */
2541 TEST_ASSERT( rec.type == rec_backup.type );
2542 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2543 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2544 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2545 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2546 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2547 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2548 rec_backup.buf + rec_backup.data_offset,
2549 rec.data_len ) == 0 );
2550 }
2551
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2552exit:
2553
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2554 /* Cleanup */
2555 mbedtls_ssl_free( &ssl );
2556 mbedtls_ssl_transform_free( &t0 );
2557 mbedtls_ssl_transform_free( &t1 );
2558
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2559 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]2560}
2561/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2562
2563/* BEGIN_CASE */
2564void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2565 int etm, int tag_mode, int ver,
2566 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2567{
2568 /*
2569 * Test pairs of encryption and decryption with an increasing
2570 * amount of space in the record buffer - in more detail:
2571 * 1) Try to encrypt with 0, 1, 2, ... bytes available
2572 * in front of the plaintext, and expect the encryption
2573 * to succeed starting from some offset. Always keep
2574 * enough space in the end of the buffer.
2575 * 2) Try to encrypt with 0, 1, 2, ... bytes available
2576 * at the end of the plaintext, and expect the encryption
2577 * to succeed starting from some offset. Always keep
2578 * enough space at the beginning of the buffer.
2579 * 3) Try to encrypt with 0, 1, 2, ... bytes available
2580 * both at the front and end of the plaintext,
2581 * and expect the encryption to succeed starting from
2582 * some offset.
2583 *
2584 * If encryption succeeds, check that decryption succeeds
2585 * and yields the original record.
2586 */
2587
2588 mbedtls_ssl_context ssl; /* ONLY for debugging */
2589
2590 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2591 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2592 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2593 mbedtls_record rec, rec_backup;
2594
2595 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2596 int mode; /* Mode 1, 2 or 3 as explained above */
2597 size_t offset; /* Available space at beginning/end/both */
2598 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2599
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2600 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
2601 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2602
2603 int seen_success; /* Indicates if in the current mode we've
2604 * already seen a successful test. */
2605
2606 mbedtls_ssl_init( &ssl );
2607 mbedtls_ssl_transform_init( &t0 );
2608 mbedtls_ssl_transform_init( &t1 );
2609 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2610 etm, tag_mode, ver,
2611 (size_t) cid0_len,
2612 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2613
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2614 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2615
2616 for( mode=1; mode <= 3; mode++ )
2617 {
2618 seen_success = 0;
2619 for( offset=0; offset <= threshold; offset++ )
2620 {
2621 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]2622 t_dec = &t0;
2623 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2624
2625 memset( rec.ctr, offset, sizeof( rec.ctr ) );
2626 rec.type = 42;
2627 rec.ver[0] = offset;
2628 rec.ver[1] = offset;
2629 rec.buf = buf;
2630 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2631#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]2632 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]2633#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2634
2635 switch( mode )
2636 {
2637 case 1: /* Space in the beginning */
2638 rec.data_offset = offset;
2639 rec.data_len = buflen - offset - default_post_padding;
2640 break;
2641
2642 case 2: /* Space in the end */
2643 rec.data_offset = default_pre_padding;
2644 rec.data_len = buflen - default_pre_padding - offset;
2645 break;
2646
2647 case 3: /* Space in the beginning and end */
2648 rec.data_offset = offset;
2649 rec.data_len = buflen - 2 * offset;
2650 break;
2651
2652 default:
2653 TEST_ASSERT( 0 );
2654 break;
2655 }
2656
2657 memset( rec.buf + rec.data_offset, 42, rec.data_len );
2658
2659 /* Make a copy for later comparison */
2660 rec_backup = rec;
2661
2662 /* Encrypt record */
2663 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
2664
2665 if( ( mode == 1 || mode == 2 ) && seen_success )
2666 {
2667 TEST_ASSERT( ret == 0 );
2668 }
2669 else
2670 {
2671 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2672 if( ret == 0 )
2673 seen_success = 1;
2674 }
2675
2676 if( ret != 0 )
2677 continue;
2678
2679 /* Decrypt record with t_dec */
2680 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
2681
2682 /* Compare results */
2683 TEST_ASSERT( rec.type == rec_backup.type );
2684 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
2685 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
2686 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
2687 TEST_ASSERT( rec.data_len == rec_backup.data_len );
2688 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
2689 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
2690 rec_backup.buf + rec_backup.data_offset,
2691 rec.data_len ) == 0 );
2692 }
2693
2694 TEST_ASSERT( seen_success == 1 );
2695 }
2696
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]2697exit:
2698
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2699 /* Cleanup */
2700 mbedtls_ssl_free( &ssl );
2701 mbedtls_ssl_transform_free( &t0 );
2702 mbedtls_ssl_transform_free( &t1 );
2703
Hanno Becker3ee54212019-04-04 16:31:26 +0100[diff] [blame]2704 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]2705}
2706/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2707
2708/* BEGIN_CASE */
2709void ssl_tls_prf( int type, data_t * secret, data_t * random,
2710 char *label, data_t *result_hex_str, int exp_ret )
2711{
2712 unsigned char *output;
2713
2714 output = mbedtls_calloc( 1, result_hex_str->len );
2715 if( output == NULL )
2716 goto exit;
2717
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]2718#if defined(MBEDTLS_USE_PSA_CRYPTO)
2719 TEST_ASSERT( psa_crypto_init() == 0 );
2720#endif
2721
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]2722 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
2723 label, random->x, random->len,
2724 output, result_hex_str->len ) == exp_ret );
2725
2726 if( exp_ret == 0 )
2727 {
2728 TEST_ASSERT( hexcmp( output, result_hex_str->x,
2729 result_hex_str->len, result_hex_str->len ) == 0 );
2730 }
2731exit:
2732
2733 mbedtls_free( output );
2734}
2735/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2736
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2737/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2738void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2739{
2740 mbedtls_ssl_session original, restored;
2741 unsigned char *buf = NULL;
2742 size_t len;
2743
2744 /*
2745 * Test that a save-load pair is the identity
2746 */
2747
2748 mbedtls_ssl_session_init( &original );
2749 mbedtls_ssl_session_init( &restored );
2750
2751 /* Prepare a dummy session to work on */
2752 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
2753
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2754 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2755 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
2756 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2757 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
2758 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
2759 == 0 );
2760
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2761 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2762 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
2763
2764 /*
2765 * Make sure both session structures are identical
2766 */
2767#if defined(MBEDTLS_HAVE_TIME)
2768 TEST_ASSERT( original.start == restored.start );
2769#endif
2770 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
2771 TEST_ASSERT( original.compression == restored.compression );
2772 TEST_ASSERT( original.id_len == restored.id_len );
2773 TEST_ASSERT( memcmp( original.id,
2774 restored.id, sizeof( original.id ) ) == 0 );
2775 TEST_ASSERT( memcmp( original.master,
2776 restored.master, sizeof( original.master ) ) == 0 );
2777
2778#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2779#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2780 TEST_ASSERT( ( original.peer_cert == NULL ) ==
2781 ( restored.peer_cert == NULL ) );
2782 if( original.peer_cert != NULL )
2783 {
2784 TEST_ASSERT( original.peer_cert->raw.len ==
2785 restored.peer_cert->raw.len );
2786 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
2787 restored.peer_cert->raw.p,
2788 original.peer_cert->raw.len ) == 0 );
2789 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]2790#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2791 TEST_ASSERT( original.peer_cert_digest_type ==
2792 restored.peer_cert_digest_type );
2793 TEST_ASSERT( original.peer_cert_digest_len ==
2794 restored.peer_cert_digest_len );
2795 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
2796 ( restored.peer_cert_digest == NULL ) );
2797 if( original.peer_cert_digest != NULL )
2798 {
2799 TEST_ASSERT( memcmp( original.peer_cert_digest,
2800 restored.peer_cert_digest,
2801 original.peer_cert_digest_len ) == 0 );
2802 }
2803#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2804#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]2805 TEST_ASSERT( original.verify_result == restored.verify_result );
2806
2807#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2808 TEST_ASSERT( original.ticket_len == restored.ticket_len );
2809 if( original.ticket_len != 0 )
2810 {
2811 TEST_ASSERT( original.ticket != NULL );
2812 TEST_ASSERT( restored.ticket != NULL );
2813 TEST_ASSERT( memcmp( original.ticket,
2814 restored.ticket, original.ticket_len ) == 0 );
2815 }
2816 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
2817#endif
2818
2819#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2820 TEST_ASSERT( original.mfl_code == restored.mfl_code );
2821#endif
2822
2823#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2824 TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
2825#endif
2826
2827#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2828 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
2829#endif
2830
2831exit:
2832 mbedtls_ssl_session_free( &original );
2833 mbedtls_ssl_session_free( &restored );
2834 mbedtls_free( buf );
2835}
2836/* END_CASE */
2837
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]2838/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2839void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2840{
2841 mbedtls_ssl_session session;
2842 unsigned char *buf1 = NULL, *buf2 = NULL;
2843 size_t len0, len1, len2;
2844
2845 /*
2846 * Test that a load-save pair is the identity
2847 */
2848
2849 mbedtls_ssl_session_init( &session );
2850
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2851 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2852 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]2853
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2854 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2855 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
2856 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2857
2858 /* Allocate first buffer */
2859 buf1 = mbedtls_calloc( 1, len0 );
2860 TEST_ASSERT( buf1 != NULL );
2861
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2862 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2863 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
2864 == 0 );
2865 TEST_ASSERT( len0 == len1 );
2866 mbedtls_ssl_session_free( &session );
2867
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2868 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +0200[diff] [blame]2869 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2870
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2871 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2872 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +0200[diff] [blame]2873 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2874 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
2875 == 0 );
2876
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2877 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]2878 TEST_ASSERT( len1 == len2 );
2879 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
2880
2881exit:
2882 mbedtls_ssl_session_free( &session );
2883 mbedtls_free( buf1 );
2884 mbedtls_free( buf2 );
2885}
2886/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2887
2888/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2889void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2890{
2891 mbedtls_ssl_session session;
2892 unsigned char *buf = NULL;
2893 size_t good_len, bad_len, test_len;
2894
2895 /*
2896 * Test that session_save() fails cleanly on small buffers
2897 */
2898
2899 mbedtls_ssl_session_init( &session );
2900
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2901 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2902 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]2903 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2904 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2905
2906 /* Try all possible bad lengths */
2907 for( bad_len = 1; bad_len < good_len; bad_len++ )
2908 {
2909 /* Allocate exact size so that asan/valgrind can detect any overwrite */
2910 mbedtls_free( buf );
2911 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
2912 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
2913 &test_len )
2914 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2915 TEST_ASSERT( test_len == good_len );
2916 }
2917
2918exit:
2919 mbedtls_ssl_session_free( &session );
2920 mbedtls_free( buf );
2921}
2922/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2923
2924/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2925void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2926{
2927 mbedtls_ssl_session session;
2928 unsigned char *good_buf = NULL, *bad_buf = NULL;
2929 size_t good_len, bad_len;
2930
2931 /*
2932 * Test that session_load() fails cleanly on small buffers
2933 */
2934
2935 mbedtls_ssl_session_init( &session );
2936
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]2937 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +0200[diff] [blame]2938 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]2939 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
2940 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
2941 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
2942 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
2943 &good_len ) == 0 );
2944 mbedtls_ssl_session_free( &session );
2945
2946 /* Try all possible bad lengths */
2947 for( bad_len = 0; bad_len < good_len; bad_len++ )
2948 {
2949 /* Allocate exact size so that asan/valgrind can detect any overread */
2950 mbedtls_free( bad_buf );
2951 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
2952 TEST_ASSERT( bad_buf != NULL );
2953 memcpy( bad_buf, good_buf, bad_len );
2954
2955 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
2956 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
2957 }
2958
2959exit:
2960 mbedtls_ssl_session_free( &session );
2961 mbedtls_free( good_buf );
2962 mbedtls_free( bad_buf );
2963}
2964/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2965
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2966/* BEGIN_CASE */
2967void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2968 int corrupt_minor,
2969 int corrupt_patch,
2970 int corrupt_config )
2971{
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2972 unsigned char serialized_session[ 2048 ];
2973 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2974 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2975 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2976 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
2977 corrupt_minor == 1,
2978 corrupt_patch == 1,
2979 corrupt_config == 1,
2980 corrupt_config == 1 };
2981
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2982 mbedtls_ssl_session_init( &session );
2983
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2984 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2985 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2986 serialized_session,
2987 sizeof( serialized_session ),
2988 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2989
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2990 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2991
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2992 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2993 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2994 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]2995 serialized_session,
2996 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]2997 mbedtls_ssl_session_free( &session );
2998
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]2999 /* Go through the bytes in the serialized session header and
3000 * corrupt them bit-by-bit. */
3001 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3002 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3003 int cur_bit;
3004 unsigned char * const byte = &serialized_session[ cur_byte ];
3005
3006 if( should_corrupt_byte[ cur_byte ] == 0 )
3007 continue;
3008
3009 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
3010 {
3011 unsigned char const corrupted_bit = 0x1u << cur_bit;
3012 /* Modify a single bit in the serialized session. */
3013 *byte ^= corrupted_bit;
3014
3015 /* Attempt to deserialize */
3016 TEST_ASSERT( mbedtls_ssl_session_load( &session,
3017 serialized_session,
3018 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +0100[diff] [blame]3019 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]3020
3021 /* Undo the change */
3022 *byte ^= corrupted_bit;
3023 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3024 }
3025
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]3026}
3027/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3028
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3029/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3030void mbedtls_endpoint_sanity( int endpoint_type )
3031{
3032 enum { BUFFSIZE = 1024 };
3033 mbedtls_endpoint ep;
3034 int ret = -1;
3035
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3036 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
3037 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3038 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3039
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3040 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3041 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
3042
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3043 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
3044 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3045 TEST_ASSERT( ret == 0 );
3046
3047exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3048 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3049}
3050/* END_CASE */
3051
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3052/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3053void move_handshake_to_state(int endpoint_type, int state, int need_pass)
3054{
3055 enum { BUFFSIZE = 1024 };
3056 mbedtls_endpoint base_ep, second_ep;
3057 int ret = -1;
3058
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3059 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
3060 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3061 TEST_ASSERT( ret == 0 );
3062
3063 ret = mbedtls_endpoint_init( &second_ep,
3064 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -0500[diff] [blame]3065 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3066 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3067 TEST_ASSERT( ret == 0 );
3068
3069 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
3070 &(second_ep.socket),
3071 BUFFSIZE );
3072 TEST_ASSERT( ret == 0 );
3073
3074 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
3075 &(second_ep.ssl),
3076 state );
3077 if( need_pass )
3078 {
3079 TEST_ASSERT( ret == 0 );
3080 TEST_ASSERT( base_ep.ssl.state == state );
3081 }
3082 else
3083 {
3084 TEST_ASSERT( ret != 0 );
3085 TEST_ASSERT( base_ep.ssl.state != state );
3086 }
3087
3088exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3089 mbedtls_endpoint_free( &base_ep, NULL );
3090 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]3091}
3092/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3093
3094/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3095void handshake( const char *cipher, int version, int pk_alg,
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3096 data_t *psk_str, int dtls )
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3097{
3098 /* forced_ciphersuite needs to last until the end of the handshake */
3099 int forced_ciphersuite[2];
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3100 enum { BUFFSIZE = 16384 };
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3101 mbedtls_endpoint client, server;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3102#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3103 const char *psk_identity = "foo";
3104#else
3105 (void) psk_str;
3106#endif
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3107#if defined(MBEDTLS_TIMING_C)
3108 mbedtls_timing_delay_context timer_client, timer_server;
3109#endif
3110 mbedtls_test_message_queue server_queue, client_queue;
3111 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3112
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3113 /* Client side */
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3114 if( dtls != 0 )
3115 {
3116 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
3117 pk_alg, &client_context,
3118 &client_queue,
3119 &server_queue ) == 0 );
3120#if defined(MBEDTLS_TIMING_C)
3121 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
3122 mbedtls_timing_set_delay,
3123 mbedtls_timing_get_delay );
3124#endif
3125 }
3126 else
3127 {
3128 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
3129 pk_alg, NULL, NULL, NULL ) == 0 );
3130 }
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3131 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3132 version );
3133 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3134 version );
3135
3136 if( strlen( cipher ) > 0 )
3137 {
3138 set_ciphersuite( &client.conf, cipher, forced_ciphersuite );
3139 }
3140 /* Server side */
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3141 if( dtls != 0 )
3142 {
3143 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
3144 pk_alg, &server_context,
3145 &server_queue,
3146 &client_queue) == 0 );
3147#if defined(MBEDTLS_TIMING_C)
3148 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
3149 mbedtls_timing_set_delay,
3150 mbedtls_timing_get_delay );
3151#endif
3152 }
3153 else
3154 {
3155 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
3156 pk_alg, NULL, NULL, NULL ) == 0 );
3157 }
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3158 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
3159 version );
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3160#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3161 if( psk_str->len > 0 )
3162 {
3163 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x,
3164 psk_str->len,
3165 (const unsigned char *) psk_identity,
3166 strlen( psk_identity ) ) == 0 );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3167
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]3168 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x,
3169 psk_str->len,
3170 (const unsigned char *) psk_identity,
3171 strlen( psk_identity ) ) == 0 );
3172
3173 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
3174 }
3175#endif
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3176 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
3177 &(server.socket),
3178 BUFFSIZE ) == 0 );
3179
3180 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
3181 &(server.ssl),
3182 MBEDTLS_SSL_HANDSHAKE_OVER )
3183 == 0 );
3184 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3185 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3186
3187exit:
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]3188 mbedtls_endpoint_free( &client, dtls != 0 ? &client_context : NULL );
3189 mbedtls_endpoint_free( &server, dtls != 0 ? &server_context : NULL );
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]3190}
3191/* END_CASE */
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3192
3193/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
3194void send_application_data( int mfl, int cli_msg_len, int srv_msg_len,
3195 const int expected_cli_frames,
3196 const int expected_srv_frames )
3197{
3198 enum { BUFFSIZE = 2048 };
3199 mbedtls_endpoint server, client;
3200 unsigned char *cli_msg_buf = malloc( cli_msg_len );
3201 unsigned char *cli_in_buf = malloc( srv_msg_len );
3202 unsigned char *srv_msg_buf = malloc( srv_msg_len );
3203 unsigned char *srv_in_buf = malloc( cli_msg_len );
3204 int ret = -1;
3205
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3206 ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA,
3207 NULL, NULL, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3208 TEST_ASSERT( ret == 0 );
3209
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3210 ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
3211 NULL, NULL, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3212 TEST_ASSERT( ret == 0 );
3213
3214#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3215 ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
3216 TEST_ASSERT( ret == 0 );
3217
3218 ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
3219 TEST_ASSERT( ret == 0 );
3220#else
3221 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
3222#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
3223
3224 ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
3225 BUFFSIZE );
3226 TEST_ASSERT( ret == 0 );
3227
3228 ret = mbedtls_move_handshake_to_state( &(client.ssl),
3229 &(server.ssl),
3230 MBEDTLS_SSL_HANDSHAKE_OVER );
3231 TEST_ASSERT( ret == 0 );
3232 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3233 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
3234
3235 /* Perform this test with two message types. At first use a message
3236 * consisting of only 0x00 for the client and only 0xFF for the server.
3237 * At the second time use message with generated data */
3238 for( int msg_type = 0; msg_type < 2; msg_type++ )
3239 {
3240 int cli_writen = 0;
3241 int srv_writen = 0;
3242 int cli_read = 0;
3243 int srv_read = 0;
3244 int cli_fragments = 0;
3245 int srv_fragments = 0;
3246
3247 if( msg_type == 0 )
3248 {
3249 memset( cli_msg_buf, 0x00, cli_msg_len );
3250 memset( srv_msg_buf, 0xff, srv_msg_len );
3251 }
3252 else
3253 {
3254 int j = 0;
3255 for( int i = 0; i < cli_msg_len; i++ )
3256 cli_msg_buf[i] = j++ & 0xFF;
3257 for( int i = 0; i < srv_msg_len; i++ )
3258 srv_msg_buf[i] = ( j -= 5 ) & 0xFF;
3259 }
3260
3261 while( cli_read < srv_msg_len || srv_read < cli_msg_len )
3262 {
3263 /* Client sending */
3264 if( cli_msg_len > cli_writen )
3265 {
3266 ret = mbedtls_ssl_write_fragment( &(client.ssl), cli_msg_buf,
3267 cli_msg_len, &cli_writen, &cli_fragments );
3268 TEST_ASSERT( ( ret >= 0 && ret <= cli_msg_len ) ||
3269 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3270 }
3271
3272 /* Server sending */
3273 if( srv_msg_len > srv_writen )
3274 {
3275 ret = mbedtls_ssl_write_fragment( &(server.ssl), srv_msg_buf,
3276 srv_msg_len, &srv_writen, &srv_fragments );
3277 TEST_ASSERT( ( ret >= 0 && ret <= srv_msg_len ) ||
3278 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3279 }
3280
3281 /* Client reading */
3282 if( cli_read < srv_msg_len )
3283 {
3284 ret = mbedtls_ssl_read_fragment( &(client.ssl), cli_in_buf,
3285 srv_msg_len, &cli_read );
3286 TEST_ASSERT( ( ret >= 0 && ret <= srv_msg_len ) ||
3287 ret == MBEDTLS_ERR_SSL_WANT_READ );
3288 }
3289
3290 /* Server reading */
3291 if( srv_read < cli_msg_len )
3292 {
3293 ret = mbedtls_ssl_read_fragment( &(server.ssl), srv_in_buf,
3294 cli_msg_len, &srv_read );
3295 TEST_ASSERT( ( ret >= 0 && ret <= cli_msg_len ) ||
3296 ret == MBEDTLS_ERR_SSL_WANT_READ );
3297 }
3298 }
3299
3300 TEST_ASSERT( 0 == memcmp( cli_msg_buf, srv_in_buf, cli_msg_len ) );
3301 TEST_ASSERT( 0 == memcmp( srv_msg_buf, cli_in_buf, srv_msg_len ) );
3302 TEST_ASSERT( cli_fragments == expected_cli_frames );
3303 TEST_ASSERT( srv_fragments == expected_srv_frames );
3304 }
3305
3306exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -0500[diff] [blame]3307 mbedtls_endpoint_free( &client, NULL );
3308 mbedtls_endpoint_free( &server, NULL );
Piotr Nowickic3fca5e2020-01-30 15:33:42 +0100[diff] [blame]3309 free( cli_msg_buf );
3310 free( cli_in_buf );
3311 free( srv_msg_buf );
3312 free( srv_in_buf );
3313}
3314/* END_CASE */