blob: 98ed11fd443a2c520c4d7950504a90e04a32165f [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include <mbedtls/ssl.h>
Chris Jones84a773f2021-03-05 18:38:47 +00003#include <ssl_misc.h>
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004#include <mbedtls/ctr_drbg.h>
5#include <mbedtls/entropy.h>
Andrzej Kurek941962e2020-02-07 09:20:32 -05006#include <mbedtls/timing.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +01007#include <mbedtls/debug.h>
Hanno Becker73c825a2020-09-08 10:52:58 +01008#include <ssl_tls13_keys.h>
Mateusz Starzyk1aec6462021-02-08 15:34:42 +01009#include "test/certs.h"
Piotr Nowickibde7ee82020-02-21 10:59:50 +010010
Hanno Becker6667ffd2021-04-19 21:59:22 +010011#include <psa/crypto.h>
12
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +020013#include <ssl_invasive.h>
14
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +020015#include <test/constant_flow.h>
16
Hanno Becker1413bd82020-09-09 12:46:09 +010017enum
18{
19#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
20 tls1_3_label_ ## name,
Hanno Becker70d7fb02020-09-09 10:11:21 +010021MBEDTLS_SSL_TLS1_3_LABEL_LIST
22#undef MBEDTLS_SSL_TLS1_3_LABEL
Hanno Becker1413bd82020-09-09 12:46:09 +010023};
Hanno Becker70d7fb02020-09-09 10:11:21 +010024
Piotr Nowickibde7ee82020-02-21 10:59:50 +010025typedef struct log_pattern
26{
27 const char *pattern;
28 size_t counter;
29} log_pattern;
30
Piotr Nowicki438bf3b2020-03-10 12:59:10 +010031/*
32 * This function can be passed to mbedtls to receive output logs from it. In
Piotr Nowickibde7ee82020-02-21 10:59:50 +010033 * this case, it will count the instances of a log_pattern in the received
34 * logged messages.
35 */
36void log_analyzer( void *ctx, int level,
37 const char *file, int line,
38 const char *str )
39{
40 log_pattern *p = (log_pattern *) ctx;
41
42 (void) level;
43 (void) line;
44 (void) file;
45
46 if( NULL != p &&
47 NULL != p->pattern &&
48 NULL != strstr( str, p->pattern ) )
49 {
50 p->counter++;
51 }
52}
Janos Follath6264e662019-11-26 11:11:15 +000053
Paul Elliottc8570442020-04-15 17:00:50 +010054/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
55#define TEST_SSL_MINOR_VERSION_NONE -1
56
Andrzej Kurek8a6ff152020-02-26 09:10:14 -050057typedef struct handshake_test_options
58{
59 const char *cipher;
Paul Elliottc8570442020-04-15 17:00:50 +010060 int client_min_version;
61 int client_max_version;
62 int server_min_version;
63 int server_max_version;
64 int expected_negotiated_version;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -050065 int pk_alg;
66 data_t *psk_str;
67 int dtls;
Piotr Nowickibde7ee82020-02-21 10:59:50 +010068 int srv_auth_mode;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -050069 int serialize;
70 int mfl;
71 int cli_msg_len;
72 int srv_msg_len;
73 int expected_cli_fragments;
74 int expected_srv_fragments;
75 int renegotiate;
76 int legacy_renegotiation;
Piotr Nowickibde7ee82020-02-21 10:59:50 +010077 void *srv_log_obj;
78 void *cli_log_obj;
79 void (*srv_log_fun)(void *, int, const char *, int, const char *);
80 void (*cli_log_fun)(void *, int, const char *, int, const char *);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -050081 int resize_buffers;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -050082} handshake_test_options;
83
84void init_handshake_options( handshake_test_options *opts )
85{
86 opts->cipher = "";
Paul Elliottc8570442020-04-15 17:00:50 +010087 opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
88 opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
89 opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
90 opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
91 opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -050092 opts->pk_alg = MBEDTLS_PK_RSA;
93 opts->psk_str = NULL;
94 opts->dtls = 0;
Piotr Nowickibde7ee82020-02-21 10:59:50 +010095 opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -050096 opts->serialize = 0;
97 opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
98 opts->cli_msg_len = 100;
99 opts->srv_msg_len = 100;
100 opts->expected_cli_fragments = 1;
101 opts->expected_srv_fragments = 1;
102 opts->renegotiate = 0;
103 opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100104 opts->srv_log_obj = NULL;
105 opts->srv_log_obj = NULL;
106 opts->srv_log_fun = NULL;
107 opts->cli_log_fun = NULL;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500108 opts->resize_buffers = 1;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500109}
Janos Follath6264e662019-11-26 11:11:15 +0000110/*
111 * Buffer structure for custom I/O callbacks.
112 */
113
114typedef struct mbedtls_test_buffer
115{
116 size_t start;
117 size_t content_length;
118 size_t capacity;
119 unsigned char *buffer;
120} mbedtls_test_buffer;
121
122/*
123 * Initialises \p buf. After calling this function it is safe to call
124 * `mbedtls_test_buffer_free()` on \p buf.
125 */
126void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
127{
128 memset( buf, 0, sizeof( *buf ) );
129}
130
131/*
132 * Sets up \p buf. After calling this function it is safe to call
133 * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
134 */
135int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
136{
137 buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
138 sizeof(unsigned char) );
139 if( NULL == buf->buffer )
140 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
141 buf->capacity = capacity;
142
143 return 0;
144}
145
146void mbedtls_test_buffer_free( mbedtls_test_buffer *buf )
147{
148 if( buf->buffer != NULL )
149 mbedtls_free( buf->buffer );
150
151 memset( buf, 0, sizeof( *buf ) );
152}
153
154/*
155 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
156 *
157 * \p buf must have been initialized and set up by calling
158 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
159 *
160 * \retval \p input_len, if the data fits.
161 * \retval 0 <= value < \p input_len, if the data does not fit.
162 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
163 * zero and \p input is NULL.
164 */
165int mbedtls_test_buffer_put( mbedtls_test_buffer *buf,
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100166 const unsigned char *input, size_t input_len )
Janos Follath6264e662019-11-26 11:11:15 +0000167{
168 size_t overflow = 0;
169
170 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
171 return -1;
172
173 /* Reduce input_len to a number that fits in the buffer. */
174 if ( ( buf->content_length + input_len ) > buf->capacity )
175 {
176 input_len = buf->capacity - buf->content_length;
177 }
178
179 if( input == NULL )
180 {
181 return ( input_len == 0 ) ? 0 : -1;
182 }
183
Piotr Nowickifb437d72020-01-13 16:59:12 +0100184 /* Check if the buffer has not come full circle and free space is not in
185 * the middle */
186 if( buf->start + buf->content_length < buf->capacity )
Janos Follath6264e662019-11-26 11:11:15 +0000187 {
Piotr Nowickifb437d72020-01-13 16:59:12 +0100188
189 /* Calculate the number of bytes that need to be placed at lower memory
190 * address */
191 if( buf->start + buf->content_length + input_len
192 > buf->capacity )
193 {
194 overflow = ( buf->start + buf->content_length + input_len )
195 % buf->capacity;
196 }
197
198 memcpy( buf->buffer + buf->start + buf->content_length, input,
199 input_len - overflow );
200 memcpy( buf->buffer, input + input_len - overflow, overflow );
201
202 }
203 else
204 {
205 /* The buffer has come full circle and free space is in the middle */
206 memcpy( buf->buffer + buf->start + buf->content_length - buf->capacity,
207 input, input_len );
Janos Follath6264e662019-11-26 11:11:15 +0000208 }
209
Janos Follath6264e662019-11-26 11:11:15 +0000210 buf->content_length += input_len;
Janos Follath6264e662019-11-26 11:11:15 +0000211 return input_len;
212}
213
214/*
Andrzej Kurekf7774142020-01-22 06:34:59 -0500215 * Gets \p output_len bytes from the ring buffer \p buf into the
216 * \p output buffer. The output buffer can be NULL, in this case a part of the
217 * ring buffer will be dropped, if the requested length is available.
Janos Follath6264e662019-11-26 11:11:15 +0000218 *
219 * \p buf must have been initialized and set up by calling
220 * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
221 *
222 * \retval \p output_len, if the data is available.
223 * \retval 0 <= value < \p output_len, if the data is not available.
Andrzej Kurekf7774142020-01-22 06:34:59 -0500224 * \retval -1, if \buf is NULL or it hasn't been set up.
Janos Follath6264e662019-11-26 11:11:15 +0000225 */
226int mbedtls_test_buffer_get( mbedtls_test_buffer *buf,
227 unsigned char* output, size_t output_len )
228{
229 size_t overflow = 0;
230
231 if( ( buf == NULL ) || ( buf->buffer == NULL ) )
232 return -1;
233
Andrzej Kurekf7774142020-01-22 06:34:59 -0500234 if( output == NULL && output_len == 0 )
235 return 0;
Janos Follath6264e662019-11-26 11:11:15 +0000236
237 if( buf->content_length < output_len )
238 output_len = buf->content_length;
239
240 /* Calculate the number of bytes that need to be drawn from lower memory
241 * address */
242 if( buf->start + output_len > buf->capacity )
243 {
244 overflow = ( buf->start + output_len ) % buf->capacity;
245 }
246
Andrzej Kurekf7774142020-01-22 06:34:59 -0500247 if( output != NULL )
248 {
249 memcpy( output, buf->buffer + buf->start, output_len - overflow );
250 memcpy( output + output_len - overflow, buf->buffer, overflow );
251 }
252
Janos Follath6264e662019-11-26 11:11:15 +0000253 buf->content_length -= output_len;
254 buf->start = ( buf->start + output_len ) % buf->capacity;
255
256 return output_len;
257}
258
Hanno Beckera18d1322018-01-03 14:27:32 +0000259/*
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500260 * Errors used in the message transport mock tests
261 */
262 #define MBEDTLS_TEST_ERROR_ARG_NULL -11
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500263 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
264
265/*
266 * Context for a message metadata queue (fifo) that is on top of the ring buffer.
267 */
268typedef struct mbedtls_test_message_queue
269{
270 size_t *messages;
271 int pos;
272 int num;
273 int capacity;
274} mbedtls_test_message_queue;
275
276/*
277 * Setup and free functions for the message metadata queue.
278 *
279 * \p capacity describes the number of message metadata chunks that can be held
280 * within the queue.
281 *
282 * \retval 0, if a metadata queue of a given length can be allocated.
283 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
284 */
285int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
286 size_t capacity )
287{
288 queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
289 if( NULL == queue->messages )
290 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
291
292 queue->capacity = capacity;
293 queue->pos = 0;
294 queue->num = 0;
295
296 return 0;
297}
298
299void mbedtls_test_message_queue_free( mbedtls_test_message_queue *queue )
300{
301 if( queue == NULL )
302 return;
303
304 if( queue->messages != NULL )
305 mbedtls_free( queue->messages );
306
307 memset( queue, 0, sizeof( *queue ) );
308}
309
310/*
311 * Push message length information onto the message metadata queue.
312 * This will become the last element to leave it (fifo).
313 *
314 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500315 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500316 * \retval \p len, if the push was successful.
317 */
318int mbedtls_test_message_queue_push_info( mbedtls_test_message_queue *queue,
319 size_t len )
320{
321 int place;
322 if( queue == NULL )
323 return MBEDTLS_TEST_ERROR_ARG_NULL;
324
325 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500326 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500327
328 place = ( queue->pos + queue->num ) % queue->capacity;
329 queue->messages[place] = len;
330 queue->num++;
331 return len;
332}
333
334/*
335 * Pop information about the next message length from the queue. This will be
336 * the oldest inserted message length(fifo). \p msg_len can be null, in which
337 * case the data will be popped from the queue but not copied anywhere.
338 *
339 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500340 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500341 * \retval message length, if the pop was successful, up to the given
342 \p buf_len.
343 */
344int mbedtls_test_message_queue_pop_info( mbedtls_test_message_queue *queue,
345 size_t buf_len )
346{
347 size_t message_length;
348 if( queue == NULL )
349 return MBEDTLS_TEST_ERROR_ARG_NULL;
350 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500351 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500352
353 message_length = queue->messages[queue->pos];
354 queue->messages[queue->pos] = 0;
355 queue->num--;
356 queue->pos++;
357 queue->pos %= queue->capacity;
358 if( queue->pos < 0 )
359 queue->pos += queue->capacity;
360
361 return ( message_length > buf_len ) ? buf_len : message_length;
362}
363
364/*
365 * Take a peek on the info about the next message length from the queue.
366 * This will be the oldest inserted message length(fifo).
367 *
368 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500369 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500370 * \retval 0, if the peek was successful.
371 * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
372 * too small to fit the message. In this case the \p msg_len will be
373 * set to the full message length so that the
374 * caller knows what portion of the message can be dropped.
375 */
376int mbedtls_test_message_queue_peek_info( mbedtls_test_message_queue *queue,
377 size_t buf_len, size_t* msg_len )
378{
379 if( queue == NULL || msg_len == NULL )
380 return MBEDTLS_TEST_ERROR_ARG_NULL;
381 if( queue->num == 0 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500382 return MBEDTLS_ERR_SSL_WANT_READ;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500383
384 *msg_len = queue->messages[queue->pos];
385 return ( *msg_len > buf_len ) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
386}
387/*
Janos Follath031827f2019-11-27 11:12:14 +0000388 * Context for the I/O callbacks simulating network connection.
389 */
390
391#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
392
393typedef struct mbedtls_mock_socket
394{
395 int status;
396 mbedtls_test_buffer *input;
397 mbedtls_test_buffer *output;
398 struct mbedtls_mock_socket *peer;
399} mbedtls_mock_socket;
400
401/*
402 * Setup and teardown functions for mock sockets.
403 */
404void mbedtls_mock_socket_init( mbedtls_mock_socket *socket )
405{
406 memset( socket, 0, sizeof( *socket ) );
407}
408
409/*
410 * Closes the socket \p socket.
411 *
412 * \p socket must have been previously initialized by calling
413 * mbedtls_mock_socket_init().
414 *
415 * This function frees all allocated resources and both sockets are aware of the
416 * new connection state.
417 *
418 * That is, this function does not simulate half-open TCP connections and the
419 * phenomenon that when closing a UDP connection the peer is not aware of the
420 * connection having been closed.
421 */
422void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
423{
424 if( socket == NULL )
425 return;
426
427 if( socket->input != NULL )
428 {
429 mbedtls_test_buffer_free( socket->input );
430 mbedtls_free( socket->input );
431 }
432
433 if( socket->output != NULL )
434 {
435 mbedtls_test_buffer_free( socket->output );
436 mbedtls_free( socket->output );
437 }
438
439 if( socket->peer != NULL )
440 memset( socket->peer, 0, sizeof( *socket->peer ) );
441
442 memset( socket, 0, sizeof( *socket ) );
443}
444
445/*
446 * Establishes a connection between \p peer1 and \p peer2.
447 *
448 * \p peer1 and \p peer2 must have been previously initialized by calling
449 * mbedtls_mock_socket_init().
450 *
451 * The capacites of the internal buffers are set to \p bufsize. Setting this to
452 * the correct value allows for simulation of MTU, sanity testing the mock
453 * implementation and mocking TCP connections with lower memory cost.
454 */
455int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
456 mbedtls_mock_socket* peer2,
457 size_t bufsize )
458{
459 int ret = -1;
460
Piotr Nowickid796e192020-01-28 12:09:47 +0100461 peer1->output =
Janos Follath031827f2019-11-27 11:12:14 +0000462 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
463 if( peer1->output == NULL )
464 {
465 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
466 goto exit;
467 }
468 mbedtls_test_buffer_init( peer1->output );
469 if( 0 != ( ret = mbedtls_test_buffer_setup( peer1->output, bufsize ) ) )
470 {
471 goto exit;
472 }
473
Piotr Nowickid796e192020-01-28 12:09:47 +0100474 peer2->output =
475 (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
476 if( peer2->output == NULL )
477 {
478 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
479 goto exit;
480 }
481 mbedtls_test_buffer_init( peer2->output );
482 if( 0 != ( ret = mbedtls_test_buffer_setup( peer2->output, bufsize ) ) )
483 {
484 goto exit;
485 }
486
Janos Follath031827f2019-11-27 11:12:14 +0000487 peer1->peer = peer2;
488 peer2->peer = peer1;
Piotr Nowickid796e192020-01-28 12:09:47 +0100489 peer1->input = peer2->output;
490 peer2->input = peer1->output;
Janos Follath031827f2019-11-27 11:12:14 +0000491
492 peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
493 ret = 0;
494
495exit:
496
497 if( ret != 0 )
498 {
499 mbedtls_mock_socket_close( peer1 );
500 mbedtls_mock_socket_close( peer2 );
501 }
502
503 return ret;
504}
505
506/*
507 * Callbacks for simulating blocking I/O over connection-oriented transport.
508 */
509
510int mbedtls_mock_tcp_send_b( void *ctx, const unsigned char *buf, size_t len )
511{
512 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
513
514 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
515 return -1;
516
517 return mbedtls_test_buffer_put( socket->output, buf, len );
518}
519
520int mbedtls_mock_tcp_recv_b( void *ctx, unsigned char *buf, size_t len )
521{
522 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
523
524 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
525 return -1;
526
527 return mbedtls_test_buffer_get( socket->input, buf, len );
528}
529
530/*
Janos Follath3766ba52019-11-27 13:31:42 +0000531 * Callbacks for simulating non-blocking I/O over connection-oriented transport.
532 */
533
534int mbedtls_mock_tcp_send_nb( void *ctx, const unsigned char *buf, size_t len )
535{
536 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
537
538 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
539 return -1;
540
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100541 if( socket->output->capacity == socket->output->content_length )
Janos Follath3766ba52019-11-27 13:31:42 +0000542 {
Janos Follath3766ba52019-11-27 13:31:42 +0000543 return MBEDTLS_ERR_SSL_WANT_WRITE;
544 }
545
Janos Follath3766ba52019-11-27 13:31:42 +0000546 return mbedtls_test_buffer_put( socket->output, buf, len );
547}
548
549int mbedtls_mock_tcp_recv_nb( void *ctx, unsigned char *buf, size_t len )
550{
551 mbedtls_mock_socket *socket = (mbedtls_mock_socket*) ctx;
552
553 if( socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED )
554 return -1;
555
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500556 if( socket->input->content_length == 0 )
Janos Follath3766ba52019-11-27 13:31:42 +0000557 {
Janos Follath3766ba52019-11-27 13:31:42 +0000558 return MBEDTLS_ERR_SSL_WANT_READ;
559 }
560
Janos Follath3766ba52019-11-27 13:31:42 +0000561 return mbedtls_test_buffer_get( socket->input, buf, len );
562}
563
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500564/* Errors used in the message socket mocks */
565
566#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
567#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
568#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
569
570/*
571 * Structure used as an addon, or a wrapper, around the mocked sockets.
572 * Contains an input queue, to which the other socket pushes metadata,
573 * and an output queue, to which this one pushes metadata. This context is
574 * considered as an owner of the input queue only, which is initialized and
575 * freed in the respective setup and free calls.
576 */
577typedef struct mbedtls_test_message_socket_context
578{
579 mbedtls_test_message_queue* queue_input;
580 mbedtls_test_message_queue* queue_output;
581 mbedtls_mock_socket* socket;
582} mbedtls_test_message_socket_context;
583
Andrzej Kurek45916ba2020-03-05 14:46:22 -0500584void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
585{
586 ctx->queue_input = NULL;
587 ctx->queue_output = NULL;
588 ctx->socket = NULL;
589}
590
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500591/*
592 * Setup a given mesasge socket context including initialization of
593 * input/output queues to a chosen capacity of messages. Also set the
594 * corresponding mock socket.
595 *
596 * \retval 0, if everything succeeds.
597 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
598 * queue failed.
599 */
600int mbedtls_message_socket_setup( mbedtls_test_message_queue* queue_input,
601 mbedtls_test_message_queue* queue_output,
602 size_t queue_capacity,
603 mbedtls_mock_socket* socket,
604 mbedtls_test_message_socket_context* ctx )
605{
606 int ret = mbedtls_test_message_queue_setup( queue_input, queue_capacity );
607 if( ret != 0 )
608 return ret;
609 ctx->queue_input = queue_input;
610 ctx->queue_output = queue_output;
611 ctx->socket = socket;
612 mbedtls_mock_socket_init( socket );
613
614 return 0;
615}
616
617/*
618 * Close a given message socket context, along with the socket itself. Free the
619 * memory allocated by the input queue.
620 */
621void mbedtls_message_socket_close( mbedtls_test_message_socket_context* ctx )
622{
623 if( ctx == NULL )
624 return;
625
626 mbedtls_test_message_queue_free( ctx->queue_input );
627 mbedtls_mock_socket_close( ctx->socket );
628 memset( ctx, 0, sizeof( *ctx ) );
629}
630
631/*
632 * Send one message through a given message socket context.
633 *
634 * \retval \p len, if everything succeeds.
635 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
636 * elements or the context itself is null.
637 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500638 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500639 *
640 * This function will also return any error from
641 * mbedtls_test_message_queue_push_info.
642 */
643int mbedtls_mock_tcp_send_msg( void *ctx, const unsigned char *buf, size_t len )
644{
645 mbedtls_test_message_queue* queue;
646 mbedtls_mock_socket* socket;
647 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
648
649 if( context == NULL || context->socket == NULL
650 || context->queue_output == NULL )
651 {
652 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
653 }
654
655 queue = context->queue_output;
656 socket = context->socket;
657
658 if( queue->num >= queue->capacity )
Andrzej Kurekf46b9122020-02-07 08:19:00 -0500659 return MBEDTLS_ERR_SSL_WANT_WRITE;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500660
661 if( mbedtls_mock_tcp_send_b( socket, buf, len ) != (int) len )
662 return MBEDTLS_TEST_ERROR_SEND_FAILED;
663
664 return mbedtls_test_message_queue_push_info( queue, len );
665}
666
667/*
668 * Receive one message from a given message socket context and return message
669 * length or an error.
670 *
671 * \retval message length, if everything succeeds.
672 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
673 * elements or the context itself is null.
674 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
675 *
676 * This function will also return any error other than
677 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
678 */
679int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
680{
681 mbedtls_test_message_queue* queue;
682 mbedtls_mock_socket* socket;
683 mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context*) ctx;
Gilles Peskine19e841e2020-03-09 20:43:51 +0100684 size_t drop_len = 0;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500685 size_t msg_len;
686 int ret;
687
688 if( context == NULL || context->socket == NULL
689 || context->queue_input == NULL )
690 {
691 return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
692 }
693
694 queue = context->queue_input;
695 socket = context->socket;
696
697 /* Peek first, so that in case of a socket error the data remains in
698 * the queue. */
699 ret = mbedtls_test_message_queue_peek_info( queue, buf_len, &msg_len );
700 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
701 {
702 /* Calculate how much to drop */
703 drop_len = msg_len - buf_len;
704
705 /* Set the requested message len to be buffer length */
706 msg_len = buf_len;
707 } else if( ret != 0 )
708 {
709 return ret;
710 }
711
712 if( mbedtls_mock_tcp_recv_b( socket, buf, msg_len ) != (int) msg_len )
713 return MBEDTLS_TEST_ERROR_RECV_FAILED;
714
715 if( ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED )
716 {
717 /* Drop the remaining part of the message */
718 if( mbedtls_mock_tcp_recv_b( socket, NULL, drop_len ) != (int) drop_len )
719 {
720 /* Inconsistent state - part of the message was read,
721 * and a part couldn't. Not much we can do here, but it should not
722 * happen in test environment, unless forced manually. */
723 }
724 }
725 mbedtls_test_message_queue_pop_info( queue, buf_len );
726
727 return msg_len;
728}
729
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +0200730#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
731 defined(MBEDTLS_ENTROPY_C) && \
732 defined(MBEDTLS_CTR_DRBG_C)
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100733
734/*
735 * Structure with endpoint's certificates for SSL communication tests.
736 */
737typedef struct mbedtls_endpoint_certificate
738{
739 mbedtls_x509_crt ca_cert;
740 mbedtls_x509_crt cert;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100741 mbedtls_pk_context pkey;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100742} mbedtls_endpoint_certificate;
743
744/*
745 * Endpoint structure for SSL communication tests.
746 */
747typedef struct mbedtls_endpoint
748{
749 const char *name;
750 mbedtls_ssl_context ssl;
751 mbedtls_ssl_config conf;
752 mbedtls_ctr_drbg_context ctr_drbg;
753 mbedtls_entropy_context entropy;
754 mbedtls_mock_socket socket;
755 mbedtls_endpoint_certificate cert;
756} mbedtls_endpoint;
757
758/*
759 * Initializes \p ep_cert structure and assigns it to endpoint
760 * represented by \p ep.
761 *
762 * \retval 0 on success, otherwise error code.
763 */
Andrzej Kurekb2980742020-02-02 19:25:26 -0500764int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100765{
766 int i = 0;
767 int ret = -1;
768 mbedtls_endpoint_certificate *cert;
769
770 if( ep == NULL )
771 {
772 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
773 }
774
775 cert = &( ep->cert );
776 mbedtls_x509_crt_init( &( cert->ca_cert ) );
777 mbedtls_x509_crt_init( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100778 mbedtls_pk_init( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100779
780 /* Load the trusted CA */
781
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100782 for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
783 {
784 ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
785 (const unsigned char *) mbedtls_test_cas_der[i],
786 mbedtls_test_cas_der_len[i] );
787 TEST_ASSERT( ret == 0 );
788 }
789
790 /* Load own certificate and private key */
791
792 if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
793 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500794 if( pk_alg == MBEDTLS_PK_RSA )
795 {
796 ret = mbedtls_x509_crt_parse( &( cert->cert ),
797 (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
798 mbedtls_test_srv_crt_rsa_sha256_der_len );
799 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100800
Andrzej Kurekb2980742020-02-02 19:25:26 -0500801 ret = mbedtls_pk_parse_key( &( cert->pkey ),
802 (const unsigned char*) mbedtls_test_srv_key_rsa_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200803 mbedtls_test_srv_key_rsa_der_len, NULL, 0,
804 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500805 TEST_ASSERT( ret == 0 );
806 }
807 else
808 {
809 ret = mbedtls_x509_crt_parse( &( cert->cert ),
810 (const unsigned char*) mbedtls_test_srv_crt_ec_der,
811 mbedtls_test_srv_crt_ec_der_len );
812 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100813
Andrzej Kurekb2980742020-02-02 19:25:26 -0500814 ret = mbedtls_pk_parse_key( &( cert->pkey ),
815 (const unsigned char*) mbedtls_test_srv_key_ec_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200816 mbedtls_test_srv_key_ec_der_len, NULL, 0,
817 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500818 TEST_ASSERT( ret == 0 );
819 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100820 }
821 else
822 {
Andrzej Kurekb2980742020-02-02 19:25:26 -0500823 if( pk_alg == MBEDTLS_PK_RSA )
824 {
825 ret = mbedtls_x509_crt_parse( &( cert->cert ),
826 (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
827 mbedtls_test_cli_crt_rsa_der_len );
828 TEST_ASSERT( ret == 0 );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100829
Andrzej Kurekb2980742020-02-02 19:25:26 -0500830 ret = mbedtls_pk_parse_key( &( cert->pkey ),
831 (const unsigned char *) mbedtls_test_cli_key_rsa_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200832 mbedtls_test_cli_key_rsa_der_len, NULL, 0,
833 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500834 TEST_ASSERT( ret == 0 );
835 }
836 else
837 {
838 ret = mbedtls_x509_crt_parse( &( cert->cert ),
839 (const unsigned char *) mbedtls_test_cli_crt_ec_der,
840 mbedtls_test_cli_crt_ec_len );
841 TEST_ASSERT( ret == 0 );
842
843 ret = mbedtls_pk_parse_key( &( cert->pkey ),
844 (const unsigned char *) mbedtls_test_cli_key_ec_der,
Manuel Pégourié-Gonnard84dea012021-06-15 11:29:26 +0200845 mbedtls_test_cli_key_ec_der_len, NULL, 0,
846 mbedtls_test_rnd_std_rand, NULL );
Andrzej Kurekb2980742020-02-02 19:25:26 -0500847 TEST_ASSERT( ret == 0 );
848 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100849 }
850
851 mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
852
Andrzej Kurekb2980742020-02-02 19:25:26 -0500853 ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
854 &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100855 TEST_ASSERT( ret == 0 );
856
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100857exit:
858 if( ret != 0 )
859 {
860 mbedtls_x509_crt_free( &( cert->ca_cert ) );
861 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100862 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100863 }
864
865 return ret;
866}
867
868/*
869 * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
870 * after calling this function even if it fails.
871 *
872 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
873 * MBEDTLS_SSL_IS_CLIENT.
Andrzej Kurek15daf502020-02-12 09:17:52 -0500874 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
875 * MBEDTLS_PK_ECDSA are supported.
876 * \p dtls_context - in case of DTLS - this is the context handling metadata.
877 * \p input_queue - used only in case of DTLS.
878 * \p output_queue - used only in case of DTLS.
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100879 *
880 * \retval 0 on success, otherwise error code.
881 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500882int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
883 mbedtls_test_message_socket_context *dtls_context,
884 mbedtls_test_message_queue *input_queue,
885 mbedtls_test_message_queue *output_queue )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100886{
887 int ret = -1;
888
Andrzej Kurek15daf502020-02-12 09:17:52 -0500889 if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100890 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Andrzej Kurek15daf502020-02-12 09:17:52 -0500891
892 if( ep == NULL )
893 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100894
895 memset( ep, 0, sizeof( *ep ) );
896
897 ep->name = ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? "Server" : "Client";
898
899 mbedtls_ssl_init( &( ep->ssl ) );
900 mbedtls_ssl_config_init( &( ep->conf ) );
901 mbedtls_ctr_drbg_init( &( ep->ctr_drbg ) );
902 mbedtls_ssl_conf_rng( &( ep->conf ),
903 mbedtls_ctr_drbg_random,
904 &( ep->ctr_drbg ) );
905 mbedtls_entropy_init( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500906 if( dtls_context != NULL )
907 {
908 TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
909 100, &( ep->socket ),
910 dtls_context ) == 0 );
911 }
912 else
913 {
914 mbedtls_mock_socket_init( &( ep->socket ) );
915 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100916
917 ret = mbedtls_ctr_drbg_seed( &( ep->ctr_drbg ), mbedtls_entropy_func,
918 &( ep->entropy ), (const unsigned char *) ( ep->name ),
919 strlen( ep->name ) );
920 TEST_ASSERT( ret == 0 );
921
922 /* Non-blocking callbacks without timeout */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500923 if( dtls_context != NULL )
924 {
925 mbedtls_ssl_set_bio( &( ep->ssl ), dtls_context,
926 mbedtls_mock_tcp_send_msg,
927 mbedtls_mock_tcp_recv_msg,
928 NULL );
929 }
930 else
931 {
932 mbedtls_ssl_set_bio( &( ep->ssl ), &( ep->socket ),
933 mbedtls_mock_tcp_send_nb,
934 mbedtls_mock_tcp_recv_nb,
935 NULL );
936 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100937
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100938 ret = mbedtls_ssl_config_defaults( &( ep->conf ), endpoint_type,
Andrzej Kurek15daf502020-02-12 09:17:52 -0500939 ( dtls_context != NULL ) ?
940 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
941 MBEDTLS_SSL_TRANSPORT_STREAM,
942 MBEDTLS_SSL_PRESET_DEFAULT );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100943 TEST_ASSERT( ret == 0 );
944
Andrzej Kurek1a44a152020-02-07 08:21:32 -0500945 ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
946 TEST_ASSERT( ret == 0 );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500947
948#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
949 if( endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL )
950 mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
951#endif
952
Andrzej Kurekb2980742020-02-02 19:25:26 -0500953 ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100954 TEST_ASSERT( ret == 0 );
955
956exit:
957 return ret;
958}
959
960/*
961 * Deinitializes certificates from endpoint represented by \p ep.
962 */
963void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
964{
965 mbedtls_endpoint_certificate *cert = &( ep->cert );
966 mbedtls_x509_crt_free( &( cert->ca_cert ) );
967 mbedtls_x509_crt_free( &( cert->cert ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100968 mbedtls_pk_free( &( cert->pkey ) );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100969}
970
971/*
972 * Deinitializes endpoint represented by \p ep.
973 */
Andrzej Kurek15daf502020-02-12 09:17:52 -0500974void mbedtls_endpoint_free( mbedtls_endpoint *ep,
975 mbedtls_test_message_socket_context *context )
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100976{
977 mbedtls_endpoint_certificate_free( ep );
978
979 mbedtls_ssl_free( &( ep->ssl ) );
980 mbedtls_ssl_config_free( &( ep->conf ) );
981 mbedtls_ctr_drbg_free( &( ep->ctr_drbg ) );
982 mbedtls_entropy_free( &( ep->entropy ) );
Andrzej Kurek15daf502020-02-12 09:17:52 -0500983
984 if( context != NULL )
985 {
986 mbedtls_message_socket_close( context );
987 }
988 else
989 {
990 mbedtls_mock_socket_close( &( ep->socket ) );
991 }
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100992}
993
994/*
995 * This function moves ssl handshake from \p ssl to prescribed \p state.
996 * /p second_ssl is used as second endpoint and their sockets have to be
997 * connected before calling this function.
998 *
999 * \retval 0 on success, otherwise error code.
1000 */
1001int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
1002 mbedtls_ssl_context *second_ssl,
1003 int state )
1004{
1005 enum { BUFFSIZE = 1024 };
1006 int max_steps = 1000;
1007 int ret = 0;
1008
1009 if( ssl == NULL || second_ssl == NULL )
1010 {
1011 return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
1012 }
1013
1014 /* Perform communication via connected sockets */
1015 while( ( ssl->state != state ) && ( --max_steps >= 0 ) )
1016 {
1017 /* If /p second_ssl ends the handshake procedure before /p ssl then
1018 * there is no need to call the next step */
1019 if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
1020 {
1021 ret = mbedtls_ssl_handshake_step( second_ssl );
1022 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1023 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1024 {
1025 return ret;
1026 }
1027 }
1028
1029 /* We only care about the \p ssl state and returns, so we call it last,
1030 * to leave the iteration as soon as the state is as expected. */
1031 ret = mbedtls_ssl_handshake_step( ssl );
1032 if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
1033 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1034 {
1035 return ret;
1036 }
1037 }
1038
1039 return ( max_steps >= 0 ) ? ret : -1;
1040}
1041
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02001042#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01001043
Janos Follath3766ba52019-11-27 13:31:42 +00001044/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001045 * Write application data. Increase write counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001046 */
1047int mbedtls_ssl_write_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001048 int buf_len, int *written,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001049 const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001050{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001051 int ret = mbedtls_ssl_write( ssl, buf + *written, buf_len - *written );
1052 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001053 {
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001054 *written += ret;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001055 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001056
1057 if( expected_fragments == 0 )
1058 {
1059 /* Used for DTLS and the message size larger than MFL. In that case
1060 * the message can not be fragmented and the library should return
1061 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
1062 * to prevent a dead loop inside mbedtls_exchange_data(). */
1063 return ret;
1064 }
1065 else if( expected_fragments == 1 )
1066 {
1067 /* Used for TLS/DTLS and the message size lower than MFL */
1068 TEST_ASSERT( ret == buf_len ||
1069 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1070 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1071 }
1072 else
1073 {
1074 /* Used for TLS and the message size larger than MFL */
1075 TEST_ASSERT( expected_fragments > 1 );
1076 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1077 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1078 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1079 }
1080
1081 return 0;
1082
1083exit:
1084 /* Some of the tests failed */
1085 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001086}
1087
1088/*
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001089 * Read application data and increase read counter and fragments counter if necessary.
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001090 */
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001091int mbedtls_ssl_read_fragment( mbedtls_ssl_context *ssl, unsigned char *buf,
1092 int buf_len, int *read,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001093 int *fragments, const int expected_fragments )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001094{
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001095 int ret = mbedtls_ssl_read( ssl, buf + *read, buf_len - *read );
1096 if( ret > 0 )
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001097 {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001098 ( *fragments )++;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001099 *read += ret;
1100 }
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001101
1102 if( expected_fragments == 0 )
1103 {
1104 TEST_ASSERT( ret == 0 );
1105 }
1106 else if( expected_fragments == 1 )
1107 {
1108 TEST_ASSERT( ret == buf_len ||
1109 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1110 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1111 }
1112 else
1113 {
1114 TEST_ASSERT( expected_fragments > 1 );
1115 TEST_ASSERT( ( ret >= 0 && ret <= buf_len ) ||
1116 ret == MBEDTLS_ERR_SSL_WANT_READ ||
1117 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
1118 }
1119
1120 return 0;
1121
1122exit:
1123 /* Some of the tests failed */
1124 return -1;
Piotr Nowickic3fca5e2020-01-30 15:33:42 +01001125}
1126
1127/*
Hanno Beckera18d1322018-01-03 14:27:32 +00001128 * Helper function setting up inverse record transformations
1129 * using given cipher, hash, EtM mode, authentication tag length,
1130 * and version.
1131 */
1132
1133#define CHK( x ) \
1134 do \
1135 { \
1136 if( !( x ) ) \
Hanno Becker81e16a32019-03-01 11:21:44 +00001137 { \
Hanno Beckera5780f12019-04-05 09:55:37 +01001138 ret = -1; \
Hanno Becker81e16a32019-03-01 11:21:44 +00001139 goto cleanup; \
1140 } \
Hanno Beckera18d1322018-01-03 14:27:32 +00001141 } while( 0 )
1142
Andrzej Kurekf40daa32020-02-04 09:00:01 -05001143void set_ciphersuite( mbedtls_ssl_config *conf, const char *cipher,
1144 int* forced_ciphersuite )
1145{
1146 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1147 forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( cipher );
1148 forced_ciphersuite[1] = 0;
1149
1150 ciphersuite_info =
1151 mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
1152
1153 TEST_ASSERT( ciphersuite_info != NULL );
1154 TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
1155 TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
1156
1157 if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
1158 {
1159 conf->max_minor_ver = ciphersuite_info->max_minor_ver;
1160 }
1161 if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
1162 {
1163 conf->min_minor_ver = ciphersuite_info->min_minor_ver;
1164 }
1165
1166 mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
1167
1168exit:
1169 return;
1170}
1171
Andrzej Kurekcc5169c2020-02-04 09:04:56 -05001172int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
1173 const unsigned char *name, size_t name_len )
1174{
1175 (void) p_info;
1176 (void) ssl;
1177 (void) name;
1178 (void) name_len;
1179
1180 return ( 0 );
1181}
1182
Hanno Beckerd856c822019-04-29 17:30:59 +01001183#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
1184#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
1185#else
1186#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
1187#endif
Hanno Beckera18d1322018-01-03 14:27:32 +00001188
1189static int build_transforms( mbedtls_ssl_transform *t_in,
1190 mbedtls_ssl_transform *t_out,
1191 int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01001192 int etm, int tag_mode, int ver,
1193 size_t cid0_len,
1194 size_t cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +00001195{
1196 mbedtls_cipher_info_t const *cipher_info;
Hanno Beckera5780f12019-04-05 09:55:37 +01001197 int ret = 0;
Hanno Beckera18d1322018-01-03 14:27:32 +00001198
1199 size_t keylen, maclen, ivlen;
Hanno Becker81e16a32019-03-01 11:21:44 +00001200 unsigned char *key0 = NULL, *key1 = NULL;
Paul Elliott6f1eda72020-06-11 20:22:00 +01001201 unsigned char *md0 = NULL, *md1 = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +00001202 unsigned char iv_enc[16], iv_dec[16];
1203
Hanno Beckera0e20d02019-05-15 14:03:01 +01001204#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +01001205 unsigned char cid0[ SSL_CID_LEN_MIN ];
1206 unsigned char cid1[ SSL_CID_LEN_MIN ];
1207
Ronald Cron351f0ee2020-06-10 12:12:18 +02001208 mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
1209 mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
Hanno Becker43c24b82019-05-01 09:45:57 +01001210#else
1211 ((void) cid0_len);
1212 ((void) cid1_len);
Hanno Beckera0e20d02019-05-15 14:03:01 +01001213#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +01001214
Hanno Beckera18d1322018-01-03 14:27:32 +00001215 maclen = 0;
1216
1217 /* Pick cipher */
1218 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
1219 CHK( cipher_info != NULL );
1220 CHK( cipher_info->iv_size <= 16 );
1221 CHK( cipher_info->key_bitlen % 8 == 0 );
1222
1223 /* Pick keys */
1224 keylen = cipher_info->key_bitlen / 8;
Hanno Becker78d1f702019-04-05 09:56:10 +01001225 /* Allocate `keylen + 1` bytes to ensure that we get
1226 * a non-NULL pointers from `mbedtls_calloc` even if
1227 * `keylen == 0` in the case of the NULL cipher. */
1228 CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
1229 CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +00001230 memset( key0, 0x1, keylen );
1231 memset( key1, 0x2, keylen );
1232
1233 /* Setup cipher contexts */
1234 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
1235 CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
1236 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
1237 CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
1238
1239#if defined(MBEDTLS_CIPHER_MODE_CBC)
1240 if( cipher_info->mode == MBEDTLS_MODE_CBC )
1241 {
1242 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
1243 MBEDTLS_PADDING_NONE ) == 0 );
1244 CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
1245 MBEDTLS_PADDING_NONE ) == 0 );
1246 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
1247 MBEDTLS_PADDING_NONE ) == 0 );
1248 CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
1249 MBEDTLS_PADDING_NONE ) == 0 );
1250 }
1251#endif /* MBEDTLS_CIPHER_MODE_CBC */
1252
1253 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
1254 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1255 CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
1256 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
1257 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
1258 keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
1259 CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
1260 keylen << 3, MBEDTLS_DECRYPT ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +00001261
1262 /* Setup MAC contexts */
Hanno Beckerfd86ca82020-11-30 08:54:23 +00001263#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +00001264 if( cipher_info->mode == MBEDTLS_MODE_CBC ||
1265 cipher_info->mode == MBEDTLS_MODE_STREAM )
1266 {
1267 mbedtls_md_info_t const *md_info;
Hanno Beckera18d1322018-01-03 14:27:32 +00001268
1269 /* Pick hash */
1270 md_info = mbedtls_md_info_from_type( hash_id );
1271 CHK( md_info != NULL );
1272
1273 /* Pick hash keys */
1274 maclen = mbedtls_md_get_size( md_info );
Hanno Becker3ee54212019-04-04 16:31:26 +01001275 CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
1276 CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +00001277 memset( md0, 0x5, maclen );
1278 memset( md1, 0x6, maclen );
1279
1280 CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
1281 CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
1282 CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
1283 CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
1284
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +01001285 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
1286 md0, maclen ) == 0 );
1287 CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
1288 md1, maclen ) == 0 );
1289 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
1290 md1, maclen ) == 0 );
1291 CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
1292 md0, maclen ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +00001293 }
1294#else
1295 ((void) hash_id);
Hanno Beckerfd86ca82020-11-30 08:54:23 +00001296#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
Hanno Beckera18d1322018-01-03 14:27:32 +00001297
1298
1299 /* Pick IV's (regardless of whether they
1300 * are being used by the transform). */
1301 ivlen = cipher_info->iv_size;
1302 memset( iv_enc, 0x3, sizeof( iv_enc ) );
1303 memset( iv_dec, 0x4, sizeof( iv_dec ) );
1304
1305 /*
1306 * Setup transforms
1307 */
1308
Jaeden Amero2de07f12019-06-05 13:32:08 +01001309#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
Hanno Beckerfd86ca82020-11-30 08:54:23 +00001310 defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
Hanno Beckera18d1322018-01-03 14:27:32 +00001311 t_out->encrypt_then_mac = etm;
1312 t_in->encrypt_then_mac = etm;
1313#else
1314 ((void) etm);
1315#endif
1316
1317 t_out->minor_ver = ver;
1318 t_in->minor_ver = ver;
1319 t_out->ivlen = ivlen;
1320 t_in->ivlen = ivlen;
1321
1322 switch( cipher_info->mode )
1323 {
1324 case MBEDTLS_MODE_GCM:
1325 case MBEDTLS_MODE_CCM:
Hanno Beckere6832872020-05-28 08:29:58 +01001326#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
1327 if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
1328 {
1329 t_out->fixed_ivlen = 12;
1330 t_in->fixed_ivlen = 12;
1331 }
1332 else
1333#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1334 {
1335 t_out->fixed_ivlen = 4;
1336 t_in->fixed_ivlen = 4;
1337 }
Hanno Beckera18d1322018-01-03 14:27:32 +00001338 t_out->maclen = 0;
1339 t_in->maclen = 0;
1340 switch( tag_mode )
1341 {
1342 case 0: /* Full tag */
1343 t_out->taglen = 16;
1344 t_in->taglen = 16;
1345 break;
1346 case 1: /* Partial tag */
1347 t_out->taglen = 8;
1348 t_in->taglen = 8;
1349 break;
1350 default:
Paul Elliottc7b53742021-02-03 13:18:33 +00001351 ret = 1;
1352 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +00001353 }
1354 break;
1355
1356 case MBEDTLS_MODE_CHACHAPOLY:
1357 t_out->fixed_ivlen = 12;
1358 t_in->fixed_ivlen = 12;
1359 t_out->maclen = 0;
1360 t_in->maclen = 0;
1361 switch( tag_mode )
1362 {
1363 case 0: /* Full tag */
1364 t_out->taglen = 16;
1365 t_in->taglen = 16;
1366 break;
1367 case 1: /* Partial tag */
1368 t_out->taglen = 8;
1369 t_in->taglen = 8;
1370 break;
1371 default:
Paul Elliottc7b53742021-02-03 13:18:33 +00001372 ret = 1;
1373 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +00001374 }
1375 break;
1376
1377 case MBEDTLS_MODE_STREAM:
1378 case MBEDTLS_MODE_CBC:
1379 t_out->fixed_ivlen = 0; /* redundant, must be 0 */
1380 t_in->fixed_ivlen = 0; /* redundant, must be 0 */
1381 t_out->taglen = 0;
1382 t_in->taglen = 0;
1383 switch( tag_mode )
1384 {
1385 case 0: /* Full tag */
1386 t_out->maclen = maclen;
1387 t_in->maclen = maclen;
1388 break;
1389 case 1: /* Partial tag */
1390 t_out->maclen = 10;
1391 t_in->maclen = 10;
1392 break;
1393 default:
Paul Elliottc7b53742021-02-03 13:18:33 +00001394 ret = 1;
1395 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +00001396 }
1397 break;
1398 default:
Paul Elliottc7b53742021-02-03 13:18:33 +00001399 ret = 1;
1400 goto cleanup;
Hanno Beckera18d1322018-01-03 14:27:32 +00001401 break;
1402 }
1403
1404 /* Setup IV's */
1405
1406 memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
1407 memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
1408 memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
1409 memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
1410
Hanno Beckera0e20d02019-05-15 14:03:01 +01001411#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +01001412 /* Add CID */
1413 memcpy( &t_in->in_cid, cid0, cid0_len );
1414 memcpy( &t_in->out_cid, cid1, cid1_len );
1415 t_in->in_cid_len = cid0_len;
1416 t_in->out_cid_len = cid1_len;
1417 memcpy( &t_out->in_cid, cid1, cid1_len );
1418 memcpy( &t_out->out_cid, cid0, cid0_len );
1419 t_out->in_cid_len = cid1_len;
1420 t_out->out_cid_len = cid0_len;
Hanno Beckera0e20d02019-05-15 14:03:01 +01001421#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerd856c822019-04-29 17:30:59 +01001422
Hanno Becker81e16a32019-03-01 11:21:44 +00001423cleanup:
1424
Hanno Becker3ee54212019-04-04 16:31:26 +01001425 mbedtls_free( key0 );
1426 mbedtls_free( key1 );
Hanno Becker81e16a32019-03-01 11:21:44 +00001427
Paul Elliott6f1eda72020-06-11 20:22:00 +01001428 mbedtls_free( md0 );
1429 mbedtls_free( md1 );
1430
Hanno Beckera5780f12019-04-05 09:55:37 +01001431 return( ret );
Hanno Beckera18d1322018-01-03 14:27:32 +00001432}
1433
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001434/*
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02001435 * Populate a session structure for serialization tests.
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001436 * Choose dummy values, mostly non-0 to distinguish from the init default.
1437 */
1438static int ssl_populate_session( mbedtls_ssl_session *session,
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +02001439 int ticket_len,
1440 const char *crt_file )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001441{
1442#if defined(MBEDTLS_HAVE_TIME)
1443 session->start = mbedtls_time( NULL ) - 42;
1444#endif
1445 session->ciphersuite = 0xabcd;
1446 session->compression = 1;
1447 session->id_len = sizeof( session->id );
1448 memset( session->id, 66, session->id_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +02001449 memset( session->master, 17, sizeof( session->master ) );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001450
Manuel Pégourié-Gonnard1f6033a2019-05-24 10:17:52 +02001451#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001452 if( strlen( crt_file ) != 0 )
1453 {
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001454 mbedtls_x509_crt tmp_crt;
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001455 int ret;
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02001456
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001457 mbedtls_x509_crt_init( &tmp_crt );
1458 ret = mbedtls_x509_crt_parse_file( &tmp_crt, crt_file );
1459 if( ret != 0 )
1460 return( ret );
1461
1462#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1463 /* Move temporary CRT. */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02001464 session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
1465 if( session->peer_cert == NULL )
1466 return( -1 );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001467 *session->peer_cert = tmp_crt;
1468 memset( &tmp_crt, 0, sizeof( tmp_crt ) );
1469#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1470 /* Calculate digest of temporary CRT. */
1471 session->peer_cert_digest =
1472 mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
1473 if( session->peer_cert_digest == NULL )
1474 return( -1 );
1475 ret = mbedtls_md( mbedtls_md_info_from_type(
1476 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
1477 tmp_crt.raw.p, tmp_crt.raw.len,
1478 session->peer_cert_digest );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001479 if( ret != 0 )
1480 return( ret );
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001481 session->peer_cert_digest_type =
1482 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
1483 session->peer_cert_digest_len =
1484 MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
1485#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1486
1487 mbedtls_x509_crt_free( &tmp_crt );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001488 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001489#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001490 (void) crt_file;
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02001491#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001492 session->verify_result = 0xdeadbeef;
1493
1494#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1495 if( ticket_len != 0 )
1496 {
1497 session->ticket = mbedtls_calloc( 1, ticket_len );
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +02001498 if( session->ticket == NULL )
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001499 return( -1 );
1500 memset( session->ticket, 33, ticket_len );
1501 }
1502 session->ticket_len = ticket_len;
1503 session->ticket_lifetime = 86401;
1504#else
1505 (void) ticket_len;
1506#endif
1507
1508#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1509 session->mfl_code = 1;
1510#endif
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02001511#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1512 session->encrypt_then_mac = 1;
1513#endif
1514
1515 return( 0 );
1516}
1517
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001518/*
1519 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
1520 * message was sent in the correct number of fragments.
1521 *
1522 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
1523 * of them must be initialized and connected beforehand.
1524 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
1525 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
1526 * fragments the message should be sent.
1527 * expected_fragments is 0: can be used for DTLS testing while the message
1528 * size is larger than MFL. In that case the message
1529 * cannot be fragmented and sent to the second endpoint.
1530 * This value can be used for negative tests.
1531 * expected_fragments is 1: can be used for TLS/DTLS testing while the
1532 * message size is below MFL
1533 * expected_fragments > 1: can be used for TLS testing while the message
1534 * size is larger than MFL
1535 *
1536 * \retval 0 on success, otherwise error code.
1537 */
1538int mbedtls_exchange_data( mbedtls_ssl_context *ssl_1,
1539 int msg_len_1, const int expected_fragments_1,
1540 mbedtls_ssl_context *ssl_2,
1541 int msg_len_2, const int expected_fragments_2 )
1542{
1543 unsigned char *msg_buf_1 = malloc( msg_len_1 );
1544 unsigned char *msg_buf_2 = malloc( msg_len_2 );
1545 unsigned char *in_buf_1 = malloc( msg_len_2 );
1546 unsigned char *in_buf_2 = malloc( msg_len_1 );
1547 int msg_type, ret = -1;
1548
1549 /* Perform this test with two message types. At first use a message
1550 * consisting of only 0x00 for the client and only 0xFF for the server.
1551 * At the second time use message with generated data */
1552 for( msg_type = 0; msg_type < 2; msg_type++ )
1553 {
1554 int written_1 = 0;
1555 int written_2 = 0;
1556 int read_1 = 0;
1557 int read_2 = 0;
1558 int fragments_1 = 0;
1559 int fragments_2 = 0;
1560
1561 if( msg_type == 0 )
1562 {
1563 memset( msg_buf_1, 0x00, msg_len_1 );
1564 memset( msg_buf_2, 0xff, msg_len_2 );
1565 }
1566 else
1567 {
1568 int i, j = 0;
1569 for( i = 0; i < msg_len_1; i++ )
1570 {
1571 msg_buf_1[i] = j++ & 0xFF;
1572 }
1573 for( i = 0; i < msg_len_2; i++ )
1574 {
1575 msg_buf_2[i] = ( j -= 5 ) & 0xFF;
1576 }
1577 }
1578
1579 while( read_1 < msg_len_2 || read_2 < msg_len_1 )
1580 {
1581 /* ssl_1 sending */
1582 if( msg_len_1 > written_1 )
1583 {
1584 ret = mbedtls_ssl_write_fragment( ssl_1, msg_buf_1,
1585 msg_len_1, &written_1,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001586 expected_fragments_1 );
1587 if( expected_fragments_1 == 0 )
1588 {
1589 /* This error is expected when the message is too large and
1590 * cannot be fragmented */
1591 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1592 msg_len_1 = 0;
1593 }
1594 else
1595 {
1596 TEST_ASSERT( ret == 0 );
1597 }
1598 }
1599
1600 /* ssl_2 sending */
1601 if( msg_len_2 > written_2 )
1602 {
1603 ret = mbedtls_ssl_write_fragment( ssl_2, msg_buf_2,
1604 msg_len_2, &written_2,
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001605 expected_fragments_2 );
1606 if( expected_fragments_2 == 0 )
1607 {
1608 /* This error is expected when the message is too large and
1609 * cannot be fragmented */
1610 TEST_ASSERT( ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1611 msg_len_2 = 0;
1612 }
1613 else
1614 {
1615 TEST_ASSERT( ret == 0 );
1616 }
1617 }
1618
1619 /* ssl_1 reading */
1620 if( read_1 < msg_len_2 )
1621 {
1622 ret = mbedtls_ssl_read_fragment( ssl_1, in_buf_1,
1623 msg_len_2, &read_1,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001624 &fragments_2,
1625 expected_fragments_2 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001626 TEST_ASSERT( ret == 0 );
1627 }
1628
1629 /* ssl_2 reading */
1630 if( read_2 < msg_len_1 )
1631 {
1632 ret = mbedtls_ssl_read_fragment( ssl_2, in_buf_2,
1633 msg_len_1, &read_2,
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01001634 &fragments_1,
1635 expected_fragments_1 );
Piotr Nowicki6a7f01c2020-02-12 13:53:36 +01001636 TEST_ASSERT( ret == 0 );
1637 }
1638 }
1639
1640 ret = -1;
1641 TEST_ASSERT( 0 == memcmp( msg_buf_1, in_buf_2, msg_len_1 ) );
1642 TEST_ASSERT( 0 == memcmp( msg_buf_2, in_buf_1, msg_len_2 ) );
1643 TEST_ASSERT( fragments_1 == expected_fragments_1 );
1644 TEST_ASSERT( fragments_2 == expected_fragments_2 );
1645 }
1646
1647 ret = 0;
1648
1649exit:
1650 free( msg_buf_1 );
1651 free( in_buf_1 );
1652 free( msg_buf_2 );
1653 free( in_buf_2 );
1654
1655 return ret;
1656}
1657
Piotr Nowicki95e9eb82020-02-14 11:33:34 +01001658/*
1659 * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
1660 * must be initialized and connected beforehand.
1661 *
1662 * \retval 0 on success, otherwise error code.
1663 */
1664int exchange_data( mbedtls_ssl_context *ssl_1,
1665 mbedtls_ssl_context *ssl_2 )
1666{
1667 return mbedtls_exchange_data( ssl_1, 256, 1,
1668 ssl_2, 256, 1 );
1669}
1670
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02001671#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
1672 defined(MBEDTLS_ENTROPY_C) && \
1673 defined(MBEDTLS_CTR_DRBG_C)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001674void perform_handshake( handshake_test_options* options )
1675{
1676 /* forced_ciphersuite needs to last until the end of the handshake */
1677 int forced_ciphersuite[2];
1678 enum { BUFFSIZE = 17000 };
1679 mbedtls_endpoint client, server;
Gilles Peskineeccd8882020-03-10 12:19:08 +01001680#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001681 const char *psk_identity = "foo";
1682#endif
1683#if defined(MBEDTLS_TIMING_C)
1684 mbedtls_timing_delay_context timer_client, timer_server;
1685#endif
1686#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1687 unsigned char *context_buf = NULL;
1688 size_t context_buf_len;
1689#endif
1690#if defined(MBEDTLS_SSL_RENEGOTIATION)
1691 int ret = -1;
1692#endif
Paul Elliottc8570442020-04-15 17:00:50 +01001693 int expected_handshake_result = 0;
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001694
1695 mbedtls_test_message_queue server_queue, client_queue;
1696 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05001697 mbedtls_message_socket_init( &server_context );
1698 mbedtls_message_socket_init( &client_context );
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001699
1700 /* Client side */
1701 if( options->dtls != 0 )
1702 {
1703 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1704 options->pk_alg, &client_context,
1705 &client_queue,
1706 &server_queue ) == 0 );
1707#if defined(MBEDTLS_TIMING_C)
1708 mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
1709 mbedtls_timing_set_delay,
1710 mbedtls_timing_get_delay );
1711#endif
1712 }
1713 else
1714 {
1715 TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
1716 options->pk_alg, NULL, NULL,
1717 NULL ) == 0 );
1718 }
Paul Elliottc8570442020-04-15 17:00:50 +01001719
1720 if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
1721 {
1722 mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1723 options->client_min_version );
1724 }
1725
1726 if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
1727 {
1728 mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1729 options->client_max_version );
1730 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001731
1732 if( strlen( options->cipher ) > 0 )
1733 {
1734 set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
1735 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +01001736
1737#if defined (MBEDTLS_DEBUG_C)
1738 if( options->cli_log_fun )
1739 {
1740 mbedtls_debug_set_threshold( 4 );
1741 mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
1742 options->cli_log_obj );
1743 }
1744#endif
1745
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001746 /* Server side */
1747 if( options->dtls != 0 )
1748 {
1749 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1750 options->pk_alg, &server_context,
1751 &server_queue,
1752 &client_queue) == 0 );
1753#if defined(MBEDTLS_TIMING_C)
1754 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1755 mbedtls_timing_set_delay,
1756 mbedtls_timing_get_delay );
1757#endif
1758 }
1759 else
1760 {
1761 TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
1762 options->pk_alg, NULL, NULL, NULL ) == 0 );
1763 }
Piotr Nowickibde7ee82020-02-21 10:59:50 +01001764
1765 mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
1766
Paul Elliottc8570442020-04-15 17:00:50 +01001767 if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
1768 {
1769 mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1770 options->server_min_version );
1771 }
1772
1773 if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
1774 {
1775 mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1776 options->server_max_version );
1777 }
1778
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001779#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1780 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
1781 (unsigned char) options->mfl ) == 0 );
1782 TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
1783 (unsigned char) options->mfl ) == 0 );
1784#else
1785 TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
1786#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1787
Gilles Peskineeccd8882020-03-10 12:19:08 +01001788#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001789 if( options->psk_str != NULL && options->psk_str->len > 0 )
1790 {
1791 TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
1792 options->psk_str->len,
1793 (const unsigned char *) psk_identity,
1794 strlen( psk_identity ) ) == 0 );
1795
1796 TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
1797 options->psk_str->len,
1798 (const unsigned char *) psk_identity,
1799 strlen( psk_identity ) ) == 0 );
1800
1801 mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
1802 }
1803#endif
1804#if defined(MBEDTLS_SSL_RENEGOTIATION)
1805 if( options->renegotiate )
1806 {
1807 mbedtls_ssl_conf_renegotiation( &(server.conf),
1808 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1809 mbedtls_ssl_conf_renegotiation( &(client.conf),
1810 MBEDTLS_SSL_RENEGOTIATION_ENABLED );
1811
1812 mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
1813 options->legacy_renegotiation );
1814 mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
1815 options->legacy_renegotiation );
1816 }
1817#endif /* MBEDTLS_SSL_RENEGOTIATION */
1818
Piotr Nowickibde7ee82020-02-21 10:59:50 +01001819#if defined (MBEDTLS_DEBUG_C)
1820 if( options->srv_log_fun )
1821 {
1822 mbedtls_debug_set_threshold( 4 );
1823 mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
1824 options->srv_log_obj );
1825 }
1826#endif
1827
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001828 TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
1829 &(server.socket),
1830 BUFFSIZE ) == 0 );
1831
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001832#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1833 if( options->resize_buffers != 0 )
1834 {
1835 /* Ensure that the buffer sizes are appropriate before resizes */
1836 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1837 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1838 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1839 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1840 }
1841#endif
1842
Paul Elliottc8570442020-04-15 17:00:50 +01001843 if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
1844 {
Hanno Beckerbc000442021-06-24 09:18:19 +01001845 expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
Paul Elliottc8570442020-04-15 17:00:50 +01001846 }
1847
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001848 TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
1849 &(server.ssl),
1850 MBEDTLS_SSL_HANDSHAKE_OVER )
Paul Elliottc8570442020-04-15 17:00:50 +01001851 == expected_handshake_result );
1852
1853 if( expected_handshake_result != 0 )
1854 {
1855 /* Connection will have failed by this point, skip to cleanup */
1856 goto exit;
1857 }
1858
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001859 TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1860 TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
1861
Paul Elliottc8570442020-04-15 17:00:50 +01001862 /* Check that we agree on the version... */
1863 TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
1864
1865 /* And check that the version negotiated is the expected one. */
1866 TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
1867
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001868#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1869 if( options->resize_buffers != 0 )
1870 {
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +01001871 if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001872 {
1873 /* A server, when using DTLS, might delay a buffer resize to happen
1874 * after it receives a message, so we force it. */
1875 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
1876
1877 TEST_ASSERT( client.ssl.out_buf_len ==
1878 mbedtls_ssl_get_output_buflen( &client.ssl ) );
1879 TEST_ASSERT( client.ssl.in_buf_len ==
1880 mbedtls_ssl_get_input_buflen( &client.ssl ) );
1881 TEST_ASSERT( server.ssl.out_buf_len ==
1882 mbedtls_ssl_get_output_buflen( &server.ssl ) );
1883 TEST_ASSERT( server.ssl.in_buf_len ==
1884 mbedtls_ssl_get_input_buflen( &server.ssl ) );
1885 }
1886 }
1887#endif
1888
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001889 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
1890 {
1891 /* Start data exchanging test */
1892 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
1893 options->expected_cli_fragments,
1894 &(server.ssl), options->srv_msg_len,
1895 options->expected_srv_fragments )
1896 == 0 );
1897 }
1898#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
1899 if( options->serialize == 1 )
1900 {
1901 TEST_ASSERT( options->dtls == 1 );
1902
1903 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
1904 0, &context_buf_len )
1905 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
1906
1907 context_buf = mbedtls_calloc( 1, context_buf_len );
1908 TEST_ASSERT( context_buf != NULL );
1909
1910 TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
1911 context_buf_len,
1912 &context_buf_len ) == 0 );
1913
1914 mbedtls_ssl_free( &(server.ssl) );
1915 mbedtls_ssl_init( &(server.ssl) );
1916
1917 TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
1918
1919 mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
1920 mbedtls_mock_tcp_send_msg,
1921 mbedtls_mock_tcp_recv_msg,
1922 NULL );
1923
1924#if defined(MBEDTLS_TIMING_C)
1925 mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
1926 mbedtls_timing_set_delay,
1927 mbedtls_timing_get_delay );
1928#endif
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001929#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1930 if( options->resize_buffers != 0 )
1931 {
1932 /* Ensure that the buffer sizes are appropriate before resizes */
1933 TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1934 TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1935 }
1936#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001937 TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
1938 context_buf_len ) == 0 );
1939
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001940#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1941 /* Validate buffer sizes after context deserialization */
1942 if( options->resize_buffers != 0 )
1943 {
1944 TEST_ASSERT( server.ssl.out_buf_len ==
1945 mbedtls_ssl_get_output_buflen( &server.ssl ) );
1946 TEST_ASSERT( server.ssl.in_buf_len ==
1947 mbedtls_ssl_get_input_buflen( &server.ssl ) );
1948 }
1949#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001950 /* Retest writing/reading */
1951 if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
1952 {
1953 TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
1954 options->cli_msg_len,
1955 options->expected_cli_fragments,
1956 &(server.ssl),
1957 options->srv_msg_len,
1958 options->expected_srv_fragments )
1959 == 0 );
1960 }
1961 }
1962#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001963
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05001964#if defined(MBEDTLS_SSL_RENEGOTIATION)
1965 if( options->renegotiate )
1966 {
1967 /* Start test with renegotiation */
1968 TEST_ASSERT( server.ssl.renego_status ==
1969 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1970 TEST_ASSERT( client.ssl.renego_status ==
1971 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1972
1973 /* After calling this function for the server, it only sends a handshake
1974 * request. All renegotiation should happen during data exchanging */
1975 TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
1976 TEST_ASSERT( server.ssl.renego_status ==
1977 MBEDTLS_SSL_RENEGOTIATION_PENDING );
1978 TEST_ASSERT( client.ssl.renego_status ==
1979 MBEDTLS_SSL_INITIAL_HANDSHAKE );
1980
1981 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
1982 TEST_ASSERT( server.ssl.renego_status ==
1983 MBEDTLS_SSL_RENEGOTIATION_DONE );
1984 TEST_ASSERT( client.ssl.renego_status ==
1985 MBEDTLS_SSL_RENEGOTIATION_DONE );
1986
1987 /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
1988 * should happen inside this function. However in this test, we cannot
1989 * perform simultaneous communication betwen client and server so this
1990 * function will return waiting error on the socket. All rest of
1991 * renegotiation should happen during data exchanging */
1992 ret = mbedtls_ssl_renegotiate( &(client.ssl) );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05001993#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
1994 if( options->resize_buffers != 0 )
1995 {
1996 /* Ensure that the buffer sizes are appropriate before resizes */
1997 TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
1998 TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
1999 }
2000#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05002001 TEST_ASSERT( ret == 0 ||
2002 ret == MBEDTLS_ERR_SSL_WANT_READ ||
2003 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2004 TEST_ASSERT( server.ssl.renego_status ==
2005 MBEDTLS_SSL_RENEGOTIATION_DONE );
2006 TEST_ASSERT( client.ssl.renego_status ==
2007 MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
2008
2009 TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
2010 TEST_ASSERT( server.ssl.renego_status ==
2011 MBEDTLS_SSL_RENEGOTIATION_DONE );
2012 TEST_ASSERT( client.ssl.renego_status ==
2013 MBEDTLS_SSL_RENEGOTIATION_DONE );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05002014#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
2015 /* Validate buffer sizes after renegotiation */
2016 if( options->resize_buffers != 0 )
2017 {
2018 TEST_ASSERT( client.ssl.out_buf_len ==
2019 mbedtls_ssl_get_output_buflen( &client.ssl ) );
2020 TEST_ASSERT( client.ssl.in_buf_len ==
2021 mbedtls_ssl_get_input_buflen( &client.ssl ) );
2022 TEST_ASSERT( server.ssl.out_buf_len ==
2023 mbedtls_ssl_get_output_buflen( &server.ssl ) );
2024 TEST_ASSERT( server.ssl.in_buf_len ==
2025 mbedtls_ssl_get_input_buflen( &server.ssl ) );
2026 }
2027#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05002028 }
2029#endif /* MBEDTLS_SSL_RENEGOTIATION */
2030
2031exit:
2032 mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
2033 mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
Piotr Nowickibde7ee82020-02-21 10:59:50 +01002034#if defined (MBEDTLS_DEBUG_C)
2035 if( options->cli_log_fun || options->srv_log_fun )
2036 {
2037 mbedtls_debug_set_threshold( 0 );
2038 }
2039#endif
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05002040#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2041 if( context_buf != NULL )
2042 mbedtls_free( context_buf );
2043#endif
2044}
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02002045#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05002046
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02002047/* END_HEADER */
2048
2049/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002050 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02002051 * END_DEPENDENCIES
2052 */
2053
Janos Follath6264e662019-11-26 11:11:15 +00002054/* BEGIN_CASE */
2055void test_callback_buffer_sanity()
2056{
2057 enum { MSGLEN = 10 };
2058 mbedtls_test_buffer buf;
2059 unsigned char input[MSGLEN];
2060 unsigned char output[MSGLEN];
2061
2062 memset( input, 0, sizeof(input) );
2063
2064 /* Make sure calling put and get on NULL buffer results in error. */
2065 TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
2066 == -1 );
2067 TEST_ASSERT( mbedtls_test_buffer_get( NULL, output, sizeof( output ) )
2068 == -1 );
2069 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -05002070
Janos Follath6264e662019-11-26 11:11:15 +00002071 TEST_ASSERT( mbedtls_test_buffer_put( NULL, NULL, 0 ) == -1 );
2072 TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
2073
2074 /* Make sure calling put and get on a buffer that hasn't been set up results
2075 * in eror. */
2076 mbedtls_test_buffer_init( &buf );
2077
2078 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
2079 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, sizeof( output ) )
2080 == -1 );
2081 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
Andrzej Kurekf7774142020-01-22 06:34:59 -05002082
Janos Follath6264e662019-11-26 11:11:15 +00002083 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == -1 );
2084 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == -1 );
2085
Andrzej Kurekf7774142020-01-22 06:34:59 -05002086 /* Make sure calling put and get on NULL input only results in
2087 * error if the length is not zero, and that a NULL output is valid for data
2088 * dropping.
2089 */
Janos Follath6264e662019-11-26 11:11:15 +00002090
2091 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, sizeof( input ) ) == 0 );
2092
2093 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, sizeof( input ) ) == -1 );
2094 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, sizeof( output ) )
Andrzej Kurekf7774142020-01-22 06:34:59 -05002095 == 0 );
Janos Follath6264e662019-11-26 11:11:15 +00002096 TEST_ASSERT( mbedtls_test_buffer_put( &buf, NULL, 0 ) == 0 );
2097 TEST_ASSERT( mbedtls_test_buffer_get( &buf, NULL, 0 ) == 0 );
2098
Piotr Nowickifb437d72020-01-13 16:59:12 +01002099 /* Make sure calling put several times in the row is safe */
2100
2101 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) )
2102 == sizeof( input ) );
2103 TEST_ASSERT( mbedtls_test_buffer_get( &buf, output, 2 ) == 2 );
2104 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 1 ) == 1 );
2105 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 1 );
2106 TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, 2 ) == 0 );
2107
2108
Janos Follath6264e662019-11-26 11:11:15 +00002109exit:
2110
2111 mbedtls_test_buffer_free( &buf );
2112}
2113/* END_CASE */
2114
2115/*
2116 * Test if the implementation of `mbedtls_test_buffer` related functions is
2117 * correct and works as expected.
2118 *
2119 * That is
2120 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
2121 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2122 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
2123 * bytes.
2124 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
2125 * - All of the bytes we got match the bytes we put in in a FIFO manner.
2126 */
2127
2128/* BEGIN_CASE */
2129void test_callback_buffer( int size, int put1, int put1_ret,
2130 int get1, int get1_ret, int put2, int put2_ret,
2131 int get2, int get2_ret )
2132{
2133 enum { ROUNDS = 2 };
2134 size_t put[ROUNDS];
2135 int put_ret[ROUNDS];
2136 size_t get[ROUNDS];
2137 int get_ret[ROUNDS];
2138 mbedtls_test_buffer buf;
2139 unsigned char* input = NULL;
2140 size_t input_len;
2141 unsigned char* output = NULL;
2142 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +00002143 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +00002144
2145 mbedtls_test_buffer_init( &buf );
2146 TEST_ASSERT( mbedtls_test_buffer_setup( &buf, size ) == 0 );
2147
2148 /* Check the sanity of input parameters and initialise local variables. That
2149 * is, ensure that the amount of data is not negative and that we are not
2150 * expecting more to put or get than we actually asked for. */
2151 TEST_ASSERT( put1 >= 0 );
2152 put[0] = put1;
2153 put_ret[0] = put1_ret;
2154 TEST_ASSERT( put1_ret <= put1 );
2155 TEST_ASSERT( put2 >= 0 );
2156 put[1] = put2;
2157 put_ret[1] = put2_ret;
2158 TEST_ASSERT( put2_ret <= put2 );
2159
2160 TEST_ASSERT( get1 >= 0 );
2161 get[0] = get1;
2162 get_ret[0] = get1_ret;
2163 TEST_ASSERT( get1_ret <= get1 );
2164 TEST_ASSERT( get2 >= 0 );
2165 get[1] = get2;
2166 get_ret[1] = get2_ret;
2167 TEST_ASSERT( get2_ret <= get2 );
2168
2169 input_len = 0;
2170 /* Calculate actual input and output lengths */
2171 for( j = 0; j < ROUNDS; j++ )
2172 {
2173 if( put_ret[j] > 0 )
2174 {
2175 input_len += put_ret[j];
2176 }
2177 }
2178 /* In order to always have a valid pointer we always allocate at least 1
2179 * byte. */
2180 if( input_len == 0 )
2181 input_len = 1;
2182 ASSERT_ALLOC( input, input_len );
2183
2184 output_len = 0;
2185 for( j = 0; j < ROUNDS; j++ )
2186 {
2187 if( get_ret[j] > 0 )
2188 {
2189 output_len += get_ret[j];
2190 }
2191 }
2192 TEST_ASSERT( output_len <= input_len );
2193 /* In order to always have a valid pointer we always allocate at least 1
2194 * byte. */
2195 if( output_len == 0 )
2196 output_len = 1;
2197 ASSERT_ALLOC( output, output_len );
2198
2199 /* Fill up the buffer with structured data so that unwanted changes
2200 * can be detected */
2201 for( i = 0; i < input_len; i++ )
2202 {
2203 input[i] = i & 0xFF;
2204 }
2205
2206 written = read = 0;
2207 for( j = 0; j < ROUNDS; j++ )
2208 {
2209 TEST_ASSERT( put_ret[j] == mbedtls_test_buffer_put( &buf,
2210 input + written, put[j] ) );
2211 written += put_ret[j];
2212 TEST_ASSERT( get_ret[j] == mbedtls_test_buffer_get( &buf,
2213 output + read, get[j] ) );
2214 read += get_ret[j];
2215 TEST_ASSERT( read <= written );
2216 if( get_ret[j] > 0 )
2217 {
2218 TEST_ASSERT( memcmp( output + read - get_ret[j],
2219 input + read - get_ret[j], get_ret[j] )
2220 == 0 );
2221 }
2222 }
2223
2224exit:
2225
2226 mbedtls_free( input );
2227 mbedtls_free( output );
2228 mbedtls_test_buffer_free( &buf );
2229}
2230/* END_CASE */
2231
Janos Follath031827f2019-11-27 11:12:14 +00002232/*
Janos Follathc673c2c2019-12-02 15:47:26 +00002233 * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
2234 * correct and works as expected on unconnected sockets.
2235 */
2236
2237/* BEGIN_CASE */
2238void ssl_mock_sanity( )
2239{
2240 enum { MSGLEN = 105 };
2241 unsigned char message[MSGLEN];
2242 unsigned char received[MSGLEN];
2243 mbedtls_mock_socket socket;
2244
2245 mbedtls_mock_socket_init( &socket );
2246 TEST_ASSERT( mbedtls_mock_tcp_send_b( &socket, message, MSGLEN ) < 0 );
2247 mbedtls_mock_socket_close( &socket );
2248 mbedtls_mock_socket_init( &socket );
2249 TEST_ASSERT( mbedtls_mock_tcp_recv_b( &socket, received, MSGLEN ) < 0 );
2250 mbedtls_mock_socket_close( &socket );
2251
2252 mbedtls_mock_socket_init( &socket );
2253 TEST_ASSERT( mbedtls_mock_tcp_send_nb( &socket, message, MSGLEN ) < 0 );
2254 mbedtls_mock_socket_close( &socket );
2255 mbedtls_mock_socket_init( &socket );
2256 TEST_ASSERT( mbedtls_mock_tcp_recv_nb( &socket, received, MSGLEN ) < 0 );
2257 mbedtls_mock_socket_close( &socket );
2258
2259exit:
2260
2261 mbedtls_mock_socket_close( &socket );
2262}
2263/* END_CASE */
2264
2265/*
2266 * Test if the implementation of `mbedtls_mock_socket` related functions can
2267 * send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +00002268 */
2269
2270/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002271void ssl_mock_tcp( int blocking )
Janos Follath031827f2019-11-27 11:12:14 +00002272{
Janos Follathc673c2c2019-12-02 15:47:26 +00002273 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002274 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +00002275 unsigned char message[MSGLEN];
2276 unsigned char received[MSGLEN];
2277 mbedtls_mock_socket client;
2278 mbedtls_mock_socket server;
2279 size_t written, read;
2280 int send_ret, recv_ret;
2281 mbedtls_ssl_send_t *send;
2282 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +00002283 unsigned i;
2284
2285 if( blocking == 0 )
2286 {
2287 send = mbedtls_mock_tcp_send_nb;
2288 recv = mbedtls_mock_tcp_recv_nb;
2289 }
2290 else
2291 {
2292 send = mbedtls_mock_tcp_send_b;
2293 recv = mbedtls_mock_tcp_recv_b;
2294 }
2295
2296 mbedtls_mock_socket_init( &client );
2297 mbedtls_mock_socket_init( &server );
2298
2299 /* Fill up the buffer with structured data so that unwanted changes
2300 * can be detected */
2301 for( i = 0; i < MSGLEN; i++ )
2302 {
2303 message[i] = i & 0xFF;
2304 }
2305
2306 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002307 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follathc673c2c2019-12-02 15:47:26 +00002308
2309 /* Send the message to the server */
2310 send_ret = recv_ret = 1;
2311 written = read = 0;
2312 while( send_ret != 0 || recv_ret != 0 )
2313 {
2314 send_ret = send( &client, message + written, MSGLEN - written );
2315
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002316 TEST_ASSERT( send_ret >= 0 );
2317 TEST_ASSERT( send_ret <= BUFLEN );
2318 written += send_ret;
2319
2320 /* If the buffer is full we can test blocking and non-blocking send */
2321 if ( send_ret == BUFLEN )
Janos Follathc673c2c2019-12-02 15:47:26 +00002322 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002323 int blocking_ret = send( &client, message , 1 );
2324 if ( blocking )
2325 {
2326 TEST_ASSERT( blocking_ret == 0 );
2327 }
2328 else
2329 {
2330 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2331 }
Janos Follathc673c2c2019-12-02 15:47:26 +00002332 }
Janos Follathc673c2c2019-12-02 15:47:26 +00002333
2334 recv_ret = recv( &server, received + read, MSGLEN - read );
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002335
2336 /* The result depends on whether any data was sent */
2337 if ( send_ret > 0 )
Janos Follathc673c2c2019-12-02 15:47:26 +00002338 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002339 TEST_ASSERT( recv_ret > 0 );
2340 TEST_ASSERT( recv_ret <= BUFLEN );
2341 read += recv_ret;
2342 }
2343 else if( blocking )
2344 {
2345 TEST_ASSERT( recv_ret == 0 );
Janos Follathc673c2c2019-12-02 15:47:26 +00002346 }
2347 else
2348 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002349 TEST_ASSERT( recv_ret == MBEDTLS_ERR_SSL_WANT_READ );
2350 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +00002351 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002352
2353 /* If the buffer is empty we can test blocking and non-blocking read */
2354 if ( recv_ret == BUFLEN )
2355 {
2356 int blocking_ret = recv( &server, received, 1 );
2357 if ( blocking )
2358 {
2359 TEST_ASSERT( blocking_ret == 0 );
2360 }
2361 else
2362 {
2363 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2364 }
2365 }
Janos Follathc673c2c2019-12-02 15:47:26 +00002366 }
2367 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2368
2369exit:
2370
2371 mbedtls_mock_socket_close( &client );
2372 mbedtls_mock_socket_close( &server );
2373}
2374/* END_CASE */
2375
2376/*
2377 * Test if the implementation of `mbedtls_mock_socket` related functions can
2378 * send messages in both direction at the same time (with the I/O calls
2379 * interleaving).
2380 */
2381
2382/* BEGIN_CASE */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002383void ssl_mock_tcp_interleaving( int blocking )
Janos Follathc673c2c2019-12-02 15:47:26 +00002384{
Janos Follath031827f2019-11-27 11:12:14 +00002385 enum { ROUNDS = 2 };
2386 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002387 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +00002388 unsigned char message[ROUNDS][MSGLEN];
2389 unsigned char received[ROUNDS][MSGLEN];
2390 mbedtls_mock_socket client;
2391 mbedtls_mock_socket server;
2392 size_t written[ROUNDS];
2393 size_t read[ROUNDS];
2394 int send_ret[ROUNDS];
2395 int recv_ret[ROUNDS];
2396 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +00002397 mbedtls_ssl_send_t *send;
2398 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +00002399
2400 if( blocking == 0 )
2401 {
2402 send = mbedtls_mock_tcp_send_nb;
2403 recv = mbedtls_mock_tcp_recv_nb;
2404 }
2405 else
2406 {
2407 send = mbedtls_mock_tcp_send_b;
2408 recv = mbedtls_mock_tcp_recv_b;
2409 }
Janos Follath031827f2019-11-27 11:12:14 +00002410
2411 mbedtls_mock_socket_init( &client );
2412 mbedtls_mock_socket_init( &server );
2413
2414 /* Fill up the buffers with structured data so that unwanted changes
2415 * can be detected */
2416 for( i = 0; i < ROUNDS; i++ )
2417 {
2418 for( j = 0; j < MSGLEN; j++ )
2419 {
2420 message[i][j] = ( i * MSGLEN + j ) & 0xFF;
2421 }
2422 }
2423
Janos Follath031827f2019-11-27 11:12:14 +00002424 /* Make sure that sending a message takes a few iterations. */
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002425 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server, BUFLEN ) );
Janos Follath031827f2019-11-27 11:12:14 +00002426
Janos Follath031827f2019-11-27 11:12:14 +00002427 /* Send the message from both sides, interleaving. */
2428 progress = 1;
2429 for( i = 0; i < ROUNDS; i++ )
2430 {
2431 written[i] = 0;
2432 read[i] = 0;
2433 }
2434 /* This loop does not stop as long as there was a successful write or read
2435 * of at least one byte on either side. */
2436 while( progress != 0 )
2437 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002438 mbedtls_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +00002439
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002440 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +00002441 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002442 /* First sending is from the client */
2443 socket = ( i % 2 == 0 ) ? ( &client ) : ( &server );
Janos Follath031827f2019-11-27 11:12:14 +00002444
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002445 send_ret[i] = send( socket, message[i] + written[i],
2446 MSGLEN - written[i] );
2447 TEST_ASSERT( send_ret[i] >= 0 );
2448 TEST_ASSERT( send_ret[i] <= BUFLEN );
2449 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +00002450
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002451 /* If the buffer is full we can test blocking and non-blocking
2452 * send */
2453 if ( send_ret[i] == BUFLEN )
2454 {
2455 int blocking_ret = send( socket, message[i] , 1 );
2456 if ( blocking )
2457 {
2458 TEST_ASSERT( blocking_ret == 0 );
2459 }
2460 else
2461 {
2462 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE );
2463 }
2464 }
Janos Follath3766ba52019-11-27 13:31:42 +00002465 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002466
2467 for( i = 0; i < ROUNDS; i++ )
Janos Follath3766ba52019-11-27 13:31:42 +00002468 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002469 /* First receiving is from the server */
2470 socket = ( i % 2 == 0 ) ? ( &server ) : ( &client );
2471
2472 recv_ret[i] = recv( socket, received[i] + read[i],
2473 MSGLEN - read[i] );
2474
2475 /* The result depends on whether any data was sent */
2476 if ( send_ret[i] > 0 )
2477 {
2478 TEST_ASSERT( recv_ret[i] > 0 );
2479 TEST_ASSERT( recv_ret[i] <= BUFLEN );
2480 read[i] += recv_ret[i];
2481 }
2482 else if( blocking )
2483 {
2484 TEST_ASSERT( recv_ret[i] == 0 );
2485 }
2486 else
2487 {
2488 TEST_ASSERT( recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ );
2489 recv_ret[i] = 0;
2490 }
2491
2492 /* If the buffer is empty we can test blocking and non-blocking
2493 * read */
2494 if ( recv_ret[i] == BUFLEN )
2495 {
2496 int blocking_ret = recv( socket, received[i], 1 );
2497 if ( blocking )
2498 {
2499 TEST_ASSERT( blocking_ret == 0 );
2500 }
2501 else
2502 {
2503 TEST_ASSERT( blocking_ret == MBEDTLS_ERR_SSL_WANT_READ );
2504 }
2505 }
Janos Follath3766ba52019-11-27 13:31:42 +00002506 }
Janos Follath031827f2019-11-27 11:12:14 +00002507
2508 progress = 0;
2509 for( i = 0; i < ROUNDS; i++ )
2510 {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +01002511 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +00002512 }
2513 }
2514
2515 for( i = 0; i < ROUNDS; i++ )
2516 TEST_ASSERT( memcmp( message[i], received[i], MSGLEN ) == 0 );
2517
2518exit:
2519
2520 mbedtls_mock_socket_close( &client );
2521 mbedtls_mock_socket_close( &server );
2522}
2523/* END_CASE */
2524
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002525/* BEGIN_CASE */
2526void ssl_message_queue_sanity( )
2527{
2528 mbedtls_test_message_queue queue;
2529
2530 /* Trying to push/pull to an empty queue */
2531 TEST_ASSERT( mbedtls_test_message_queue_push_info( NULL, 1 )
2532 == MBEDTLS_TEST_ERROR_ARG_NULL );
2533 TEST_ASSERT( mbedtls_test_message_queue_pop_info( NULL, 1 )
2534 == MBEDTLS_TEST_ERROR_ARG_NULL );
2535
Andrzej Kurek89bdc582020-03-09 06:29:43 -04002536 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002537 TEST_ASSERT( queue.capacity == 3 );
2538 TEST_ASSERT( queue.num == 0 );
2539
2540exit:
2541 mbedtls_test_message_queue_free( &queue );
2542}
2543/* END_CASE */
2544
2545/* BEGIN_CASE */
2546void ssl_message_queue_basic( )
2547{
2548 mbedtls_test_message_queue queue;
2549
Andrzej Kurek89bdc582020-03-09 06:29:43 -04002550 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002551
2552 /* Sanity test - 3 pushes and 3 pops with sufficient space */
2553 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2554 TEST_ASSERT( queue.capacity == 3 );
2555 TEST_ASSERT( queue.num == 1 );
2556 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2557 TEST_ASSERT( queue.capacity == 3 );
2558 TEST_ASSERT( queue.num == 2 );
2559 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2560 TEST_ASSERT( queue.capacity == 3 );
2561 TEST_ASSERT( queue.num == 3 );
2562
2563 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2564 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2565 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2566
2567exit:
2568 mbedtls_test_message_queue_free( &queue );
2569}
2570/* END_CASE */
2571
2572/* BEGIN_CASE */
2573void ssl_message_queue_overflow_underflow( )
2574{
2575 mbedtls_test_message_queue queue;
2576
Andrzej Kurek89bdc582020-03-09 06:29:43 -04002577 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002578
2579 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
2580 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2581 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2582 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2583 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05002584 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002585
2586 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2587 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2588 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2589
2590 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05002591 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002592
2593exit:
2594 mbedtls_test_message_queue_free( &queue );
2595}
2596/* END_CASE */
2597
2598/* BEGIN_CASE */
2599void ssl_message_queue_interleaved( )
2600{
2601 mbedtls_test_message_queue queue;
2602
Andrzej Kurek89bdc582020-03-09 06:29:43 -04002603 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 3 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002604
2605 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
2606 * (to wrap around the buffer) */
2607 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2608 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 1 ) == 1 );
2609
2610 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2611
2612 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 2 ) == 2 );
2613 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 3 ) == 3 );
2614
2615 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 1 ) == 1 );
2616 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 2 ) == 2 );
2617
2618 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 5 ) == 5 );
2619 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, 8 ) == 8 );
2620
2621 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 3 ) == 3 );
2622
2623 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 5 ) == 5 );
2624
2625 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, 8 ) == 8 );
2626
2627exit:
2628 mbedtls_test_message_queue_free( &queue );
2629}
2630/* END_CASE */
2631
2632/* BEGIN_CASE */
2633void ssl_message_queue_insufficient_buffer( )
2634{
2635 mbedtls_test_message_queue queue;
2636 size_t message_len = 10;
2637 size_t buffer_len = 5;
2638
Andrzej Kurek89bdc582020-03-09 06:29:43 -04002639 TEST_ASSERT( mbedtls_test_message_queue_setup( &queue, 1 ) == 0 );
Andrzej Kurek13719cd2020-01-22 06:36:39 -05002640
2641 /* Popping without a sufficient buffer */
2642 TEST_ASSERT( mbedtls_test_message_queue_push_info( &queue, message_len )
2643 == (int) message_len );
2644 TEST_ASSERT( mbedtls_test_message_queue_pop_info( &queue, buffer_len )
2645 == (int) buffer_len );
2646exit:
2647 mbedtls_test_message_queue_free( &queue );
2648}
2649/* END_CASE */
2650
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002651/* BEGIN_CASE */
2652void ssl_message_mock_uninitialized( )
2653{
2654 enum { MSGLEN = 10 };
Shawn Carey03092f52021-05-13 10:38:32 -04002655 unsigned char message[MSGLEN] = {0}, received[MSGLEN];
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002656 mbedtls_mock_socket client, server;
2657 mbedtls_test_message_queue server_queue, client_queue;
2658 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002659 mbedtls_message_socket_init( &server_context );
2660 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002661
2662 /* Send with a NULL context */
2663 TEST_ASSERT( mbedtls_mock_tcp_send_msg( NULL, message, MSGLEN )
2664 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2665
2666 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( NULL, message, MSGLEN )
2667 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR );
2668
2669 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2670 &server,
2671 &server_context ) == 0 );
2672
2673 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2674 &client,
2675 &client_context ) == 0 );
2676
2677 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message, MSGLEN )
2678 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2679
2680 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05002681 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002682
2683 /* Push directly to a queue to later simulate a disconnected behavior */
2684 TEST_ASSERT( mbedtls_test_message_queue_push_info( &server_queue, MSGLEN )
2685 == MSGLEN );
2686
2687 /* Test if there's an error when trying to read from a disconnected
2688 * socket */
2689 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2690 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2691 exit:
2692 mbedtls_message_socket_close( &server_context );
2693 mbedtls_message_socket_close( &client_context );
2694}
2695/* END_CASE */
2696
2697/* BEGIN_CASE */
2698void ssl_message_mock_basic( )
2699{
2700 enum { MSGLEN = 10 };
2701 unsigned char message[MSGLEN], received[MSGLEN];
2702 mbedtls_mock_socket client, server;
2703 unsigned i;
2704 mbedtls_test_message_queue server_queue, client_queue;
2705 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002706 mbedtls_message_socket_init( &server_context );
2707 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002708
2709 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2710 &server,
2711 &server_context ) == 0 );
2712
2713 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2714 &client,
2715 &client_context ) == 0 );
2716
2717 /* Fill up the buffer with structured data so that unwanted changes
2718 * can be detected */
2719 for( i = 0; i < MSGLEN; i++ )
2720 {
2721 message[i] = i & 0xFF;
2722 }
2723 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2724 MSGLEN ) );
2725
2726 /* Send the message to the server */
2727 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2728 MSGLEN ) == MSGLEN );
2729
2730 /* Read from the server */
2731 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2732 == MSGLEN );
2733
2734 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2735 memset( received, 0, MSGLEN );
2736
2737 /* Send the message to the client */
2738 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
2739 MSGLEN ) == MSGLEN );
2740
2741 /* Read from the client */
2742 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
2743 == MSGLEN );
2744 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2745
2746 exit:
2747 mbedtls_message_socket_close( &server_context );
2748 mbedtls_message_socket_close( &client_context );
2749}
2750/* END_CASE */
2751
2752/* BEGIN_CASE */
2753void ssl_message_mock_queue_overflow_underflow( )
2754{
2755 enum { MSGLEN = 10 };
2756 unsigned char message[MSGLEN], received[MSGLEN];
2757 mbedtls_mock_socket client, server;
2758 unsigned i;
2759 mbedtls_test_message_queue server_queue, client_queue;
2760 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002761 mbedtls_message_socket_init( &server_context );
2762 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002763
2764 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2765 &server,
2766 &server_context ) == 0 );
2767
2768 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2769 &client,
2770 &client_context ) == 0 );
2771
2772 /* Fill up the buffer with structured data so that unwanted changes
2773 * can be detected */
2774 for( i = 0; i < MSGLEN; i++ )
2775 {
2776 message[i] = i & 0xFF;
2777 }
2778 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2779 MSGLEN*2 ) );
2780
2781 /* Send three message to the server, last one with an error */
2782 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2783 MSGLEN - 1 ) == MSGLEN - 1 );
2784
2785 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2786 MSGLEN ) == MSGLEN );
2787
2788 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2789 MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05002790 == MBEDTLS_ERR_SSL_WANT_WRITE );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002791
2792 /* Read three messages from the server, last one with an error */
2793 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
2794 MSGLEN - 1 ) == MSGLEN - 1 );
2795
2796 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2797 == MSGLEN );
2798
2799 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2800
2801 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05002802 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002803
2804 exit:
2805 mbedtls_message_socket_close( &server_context );
2806 mbedtls_message_socket_close( &client_context );
2807}
2808/* END_CASE */
2809
2810/* BEGIN_CASE */
2811void ssl_message_mock_socket_overflow( )
2812{
2813 enum { MSGLEN = 10 };
2814 unsigned char message[MSGLEN], received[MSGLEN];
2815 mbedtls_mock_socket client, server;
2816 unsigned i;
2817 mbedtls_test_message_queue server_queue, client_queue;
2818 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002819 mbedtls_message_socket_init( &server_context );
2820 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002821
2822 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2823 &server,
2824 &server_context ) == 0 );
2825
2826 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2827 &client,
2828 &client_context ) == 0 );
2829
2830 /* Fill up the buffer with structured data so that unwanted changes
2831 * can be detected */
2832 for( i = 0; i < MSGLEN; i++ )
2833 {
2834 message[i] = i & 0xFF;
2835 }
2836 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2837 MSGLEN ) );
2838
2839 /* Send two message to the server, second one with an error */
2840 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2841 MSGLEN ) == MSGLEN );
2842
2843 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2844 MSGLEN )
2845 == MBEDTLS_TEST_ERROR_SEND_FAILED );
2846
2847 /* Read the only message from the server */
2848 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2849 == MSGLEN );
2850
2851 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2852
2853 exit:
2854 mbedtls_message_socket_close( &server_context );
2855 mbedtls_message_socket_close( &client_context );
2856}
2857/* END_CASE */
2858
2859/* BEGIN_CASE */
2860void ssl_message_mock_truncated( )
2861{
2862 enum { MSGLEN = 10 };
2863 unsigned char message[MSGLEN], received[MSGLEN];
2864 mbedtls_mock_socket client, server;
2865 unsigned i;
2866 mbedtls_test_message_queue server_queue, client_queue;
2867 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002868 mbedtls_message_socket_init( &server_context );
2869 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002870
2871 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 2,
2872 &server,
2873 &server_context ) == 0 );
2874
2875 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 2,
2876 &client,
2877 &client_context ) == 0 );
2878
2879 memset( received, 0, MSGLEN );
2880 /* Fill up the buffer with structured data so that unwanted changes
2881 * can be detected */
2882 for( i = 0; i < MSGLEN; i++ )
2883 {
2884 message[i] = i & 0xFF;
2885 }
2886 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2887 2 * MSGLEN ) );
2888
2889 /* Send two messages to the server, the second one small enough to fit in the
2890 * receiver's buffer. */
2891 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2892 MSGLEN ) == MSGLEN );
2893 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2894 MSGLEN / 2 ) == MSGLEN / 2 );
2895 /* Read a truncated message from the server */
2896 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2897 == MSGLEN/2 );
2898
2899 /* Test that the first half of the message is valid, and second one isn't */
2900 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2901 TEST_ASSERT( memcmp( message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2 )
2902 != 0 );
2903 memset( received, 0, MSGLEN );
2904
2905 /* Read a full message from the server */
2906 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN/2 )
2907 == MSGLEN / 2 );
2908
2909 /* Test that the first half of the message is valid */
2910 TEST_ASSERT( memcmp( message, received, MSGLEN/2 ) == 0 );
2911
2912 exit:
2913 mbedtls_message_socket_close( &server_context );
2914 mbedtls_message_socket_close( &client_context );
2915}
2916/* END_CASE */
2917
2918/* BEGIN_CASE */
2919void ssl_message_mock_socket_read_error( )
2920{
2921 enum { MSGLEN = 10 };
2922 unsigned char message[MSGLEN], received[MSGLEN];
2923 mbedtls_mock_socket client, server;
2924 unsigned i;
2925 mbedtls_test_message_queue server_queue, client_queue;
2926 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002927 mbedtls_message_socket_init( &server_context );
2928 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002929
2930 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 1,
2931 &server,
2932 &server_context ) == 0 );
2933
2934 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 1,
2935 &client,
2936 &client_context ) == 0 );
2937
2938 /* Fill up the buffer with structured data so that unwanted changes
2939 * can be detected */
2940 for( i = 0; i < MSGLEN; i++ )
2941 {
2942 message[i] = i & 0xFF;
2943 }
2944 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2945 MSGLEN ) );
2946
2947 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
2948 MSGLEN ) == MSGLEN );
2949
2950 /* Force a read error by disconnecting the socket by hand */
2951 server.status = 0;
2952 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2953 == MBEDTLS_TEST_ERROR_RECV_FAILED );
2954 /* Return to a valid state */
2955 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
2956
2957 memset( received, 0, sizeof( received ) );
2958
2959 /* Test that even though the server tried to read once disconnected, the
2960 * continuity is preserved */
2961 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
2962 == MSGLEN );
2963
2964 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
2965
2966 exit:
2967 mbedtls_message_socket_close( &server_context );
2968 mbedtls_message_socket_close( &client_context );
2969}
2970/* END_CASE */
2971
2972/* BEGIN_CASE */
2973void ssl_message_mock_interleaved_one_way( )
2974{
2975 enum { MSGLEN = 10 };
2976 unsigned char message[MSGLEN], received[MSGLEN];
2977 mbedtls_mock_socket client, server;
2978 unsigned i;
2979 mbedtls_test_message_queue server_queue, client_queue;
2980 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05002981 mbedtls_message_socket_init( &server_context );
2982 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05002983
2984 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
2985 &server,
2986 &server_context ) == 0 );
2987
2988 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
2989 &client,
2990 &client_context ) == 0 );
2991
2992 /* Fill up the buffer with structured data so that unwanted changes
2993 * can be detected */
2994 for( i = 0; i < MSGLEN; i++ )
2995 {
2996 message[i] = i & 0xFF;
2997 }
2998 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
2999 MSGLEN*3 ) );
3000
3001 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
3002 * (to wrap around the buffer) */
3003 for( i = 0; i < 2; i++ )
3004 {
3005 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3006 MSGLEN ) == MSGLEN );
3007
3008 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3009 MSGLEN ) == MSGLEN );
3010
3011 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3012 MSGLEN ) == MSGLEN );
3013 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3014 memset( received, 0, sizeof( received ) );
3015 }
3016
3017 for( i = 0; i < 2; i++ )
3018 {
3019 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3020 MSGLEN ) == MSGLEN );
3021
3022 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3023 }
3024 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05003025 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05003026 exit:
3027 mbedtls_message_socket_close( &server_context );
3028 mbedtls_message_socket_close( &client_context );
3029}
3030/* END_CASE */
3031
3032/* BEGIN_CASE */
3033void ssl_message_mock_interleaved_two_ways( )
3034{
3035 enum { MSGLEN = 10 };
3036 unsigned char message[MSGLEN], received[MSGLEN];
3037 mbedtls_mock_socket client, server;
3038 unsigned i;
3039 mbedtls_test_message_queue server_queue, client_queue;
3040 mbedtls_test_message_socket_context server_context, client_context;
Andrzej Kurek45916ba2020-03-05 14:46:22 -05003041 mbedtls_message_socket_init( &server_context );
3042 mbedtls_message_socket_init( &client_context );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05003043
3044 TEST_ASSERT( mbedtls_message_socket_setup( &server_queue, &client_queue, 3,
3045 &server,
3046 &server_context ) == 0 );
3047
3048 TEST_ASSERT( mbedtls_message_socket_setup( &client_queue, &server_queue, 3,
3049 &client,
3050 &client_context ) == 0 );
3051
3052 /* Fill up the buffer with structured data so that unwanted changes
3053 * can be detected */
3054 for( i = 0; i < MSGLEN; i++ )
3055 {
3056 message[i] = i & 0xFF;
3057 }
3058 TEST_ASSERT( 0 == mbedtls_mock_socket_connect( &client, &server,
3059 MSGLEN*3 ) );
3060
3061 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
3062 * (to wrap around the buffer) both ways. */
3063 for( i = 0; i < 2; i++ )
3064 {
3065 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3066 MSGLEN ) == MSGLEN );
3067
3068 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &client_context, message,
3069 MSGLEN ) == MSGLEN );
3070
3071 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3072 MSGLEN ) == MSGLEN );
3073
3074 TEST_ASSERT( mbedtls_mock_tcp_send_msg( &server_context, message,
3075 MSGLEN ) == MSGLEN );
3076
3077 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3078 MSGLEN ) == MSGLEN );
3079
3080 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3081
3082 memset( received, 0, sizeof( received ) );
3083
3084 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3085 MSGLEN ) == MSGLEN );
3086
3087 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3088
3089 memset( received, 0, sizeof( received ) );
3090 }
3091
3092 for( i = 0; i < 2; i++ )
3093 {
3094 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received,
3095 MSGLEN ) == MSGLEN );
3096
3097 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3098 memset( received, 0, sizeof( received ) );
3099
3100 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received,
3101 MSGLEN ) == MSGLEN );
3102
3103 TEST_ASSERT( memcmp( message, received, MSGLEN ) == 0 );
3104 memset( received, 0, sizeof( received ) );
3105 }
3106
3107 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &server_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05003108 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05003109
3110 TEST_ASSERT( mbedtls_mock_tcp_recv_msg( &client_context, received, MSGLEN )
Andrzej Kurekf46b9122020-02-07 08:19:00 -05003111 == MBEDTLS_ERR_SSL_WANT_READ );
Andrzej Kurekbc483de2020-01-22 03:40:00 -05003112 exit:
3113 mbedtls_message_socket_close( &server_context );
3114 mbedtls_message_socket_close( &client_context );
3115}
3116/* END_CASE */
3117
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003118/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Azim Khan5fcca462018-06-29 11:05:32 +01003119void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003120{
Azim Khand30ca132017-06-09 04:32:58 +01003121 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003122 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02003123 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003124
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +02003125 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02003126 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +02003127
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +02003128 TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
3129 MBEDTLS_SSL_IS_CLIENT,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +02003130 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
3131 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02003132 TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003133
3134 /* Read previous record numbers */
Azim Khand30ca132017-06-09 04:32:58 +01003135 for( len = 0; len < prevs->len; len += 6 )
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003136 {
Azim Khand30ca132017-06-09 04:32:58 +01003137 memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003138 mbedtls_ssl_dtls_replay_update( &ssl );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003139 }
3140
3141 /* Check new number */
Azim Khand30ca132017-06-09 04:32:58 +01003142 memcpy( ssl.in_ctr + 2, new->x, 6 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003143 TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003144
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003145 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +02003146 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +02003147}
3148/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +01003149
3150/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
3151void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
3152{
3153 mbedtls_ssl_context ssl;
3154 mbedtls_ssl_init( &ssl );
3155
3156 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
3157 TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
3158
3159 mbedtls_ssl_free( &ssl );
3160}
Darryl Green11999bb2018-03-13 15:22:58 +00003161/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +00003162
3163/* BEGIN_CASE */
3164void ssl_crypt_record( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01003165 int etm, int tag_mode, int ver,
3166 int cid0_len, int cid1_len )
Hanno Beckera18d1322018-01-03 14:27:32 +00003167{
3168 /*
3169 * Test several record encryptions and decryptions
3170 * with plenty of space before and after the data
3171 * within the record buffer.
3172 */
3173
3174 int ret;
3175 int num_records = 16;
3176 mbedtls_ssl_context ssl; /* ONLY for debugging */
3177
3178 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +00003179 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +00003180 size_t const buflen = 512;
3181 mbedtls_record rec, rec_backup;
3182
3183 mbedtls_ssl_init( &ssl );
3184 mbedtls_ssl_transform_init( &t0 );
3185 mbedtls_ssl_transform_init( &t1 );
3186 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01003187 etm, tag_mode, ver,
3188 (size_t) cid0_len,
3189 (size_t) cid1_len ) == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +00003190
Hanno Becker3ee54212019-04-04 16:31:26 +01003191 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +00003192
3193 while( num_records-- > 0 )
3194 {
3195 mbedtls_ssl_transform *t_dec, *t_enc;
3196 /* Take turns in who's sending and who's receiving. */
3197 if( num_records % 3 == 0 )
3198 {
3199 t_dec = &t0;
3200 t_enc = &t1;
3201 }
3202 else
3203 {
3204 t_dec = &t1;
3205 t_enc = &t0;
3206 }
3207
3208 /*
3209 * The record header affects the transformation in two ways:
3210 * 1) It determines the AEAD additional data
3211 * 2) The record counter sometimes determines the IV.
3212 *
3213 * Apart from that, the fields don't have influence.
3214 * In particular, it is currently not the responsibility
3215 * of ssl_encrypt/decrypt_buf to check if the transform
3216 * version matches the record version, or that the
3217 * type is sensible.
3218 */
3219
3220 memset( rec.ctr, num_records, sizeof( rec.ctr ) );
3221 rec.type = 42;
3222 rec.ver[0] = num_records;
3223 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +01003224#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +01003225 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +01003226#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +00003227
3228 rec.buf = buf;
3229 rec.buf_len = buflen;
3230 rec.data_offset = 16;
3231 /* Make sure to vary the length to exercise different
3232 * paddings. */
3233 rec.data_len = 1 + num_records;
3234
3235 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3236
3237 /* Make a copy for later comparison */
3238 rec_backup = rec;
3239
3240 /* Encrypt record */
3241 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
Ronald Cron351f0ee2020-06-10 12:12:18 +02003242 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckera18d1322018-01-03 14:27:32 +00003243 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3244 if( ret != 0 )
3245 {
3246 continue;
3247 }
3248
Hanno Beckerb2713ab2020-05-07 14:54:22 +01003249#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3250 if( rec.cid_len != 0 )
3251 {
3252 /* DTLS 1.2 + CID hides the real content type and
3253 * uses a special CID content type in the protected
3254 * record. Double-check this. */
3255 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3256 }
3257#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3258
3259#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
3260 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3261 {
3262 /* TLS 1.3 hides the real content type and
3263 * always uses Application Data as the content type
3264 * for protected records. Double-check this. */
3265 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3266 }
3267#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3268
Hanno Beckera18d1322018-01-03 14:27:32 +00003269 /* Decrypt record with t_dec */
Hanno Beckerd856c822019-04-29 17:30:59 +01003270 ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
3271 TEST_ASSERT( ret == 0 );
Hanno Beckera18d1322018-01-03 14:27:32 +00003272
3273 /* Compare results */
3274 TEST_ASSERT( rec.type == rec_backup.type );
3275 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3276 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3277 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3278 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3279 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3280 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3281 rec_backup.buf + rec_backup.data_offset,
3282 rec.data_len ) == 0 );
3283 }
3284
Hanno Becker81e16a32019-03-01 11:21:44 +00003285exit:
3286
Hanno Beckera18d1322018-01-03 14:27:32 +00003287 /* Cleanup */
3288 mbedtls_ssl_free( &ssl );
3289 mbedtls_ssl_transform_free( &t0 );
3290 mbedtls_ssl_transform_free( &t1 );
3291
Hanno Becker3ee54212019-04-04 16:31:26 +01003292 mbedtls_free( buf );
Hanno Beckera18d1322018-01-03 14:27:32 +00003293}
3294/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +00003295
3296/* BEGIN_CASE */
3297void ssl_crypt_record_small( int cipher_type, int hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01003298 int etm, int tag_mode, int ver,
3299 int cid0_len, int cid1_len )
Hanno Beckerb3268da2018-01-05 15:20:24 +00003300{
3301 /*
3302 * Test pairs of encryption and decryption with an increasing
3303 * amount of space in the record buffer - in more detail:
3304 * 1) Try to encrypt with 0, 1, 2, ... bytes available
3305 * in front of the plaintext, and expect the encryption
3306 * to succeed starting from some offset. Always keep
3307 * enough space in the end of the buffer.
3308 * 2) Try to encrypt with 0, 1, 2, ... bytes available
3309 * at the end of the plaintext, and expect the encryption
3310 * to succeed starting from some offset. Always keep
3311 * enough space at the beginning of the buffer.
3312 * 3) Try to encrypt with 0, 1, 2, ... bytes available
3313 * both at the front and end of the plaintext,
3314 * and expect the encryption to succeed starting from
3315 * some offset.
3316 *
3317 * If encryption succeeds, check that decryption succeeds
3318 * and yields the original record.
3319 */
3320
3321 mbedtls_ssl_context ssl; /* ONLY for debugging */
3322
3323 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +00003324 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +01003325 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +00003326 mbedtls_record rec, rec_backup;
3327
3328 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +01003329 int mode; /* Mode 1, 2 or 3 as explained above */
3330 size_t offset; /* Available space at beginning/end/both */
3331 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +00003332
Hanno Beckerd856c822019-04-29 17:30:59 +01003333 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
3334 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +00003335
3336 int seen_success; /* Indicates if in the current mode we've
3337 * already seen a successful test. */
3338
3339 mbedtls_ssl_init( &ssl );
3340 mbedtls_ssl_transform_init( &t0 );
3341 mbedtls_ssl_transform_init( &t1 );
3342 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
Hanno Beckerd856c822019-04-29 17:30:59 +01003343 etm, tag_mode, ver,
3344 (size_t) cid0_len,
3345 (size_t) cid1_len ) == 0 );
Hanno Beckerb3268da2018-01-05 15:20:24 +00003346
Hanno Becker3ee54212019-04-04 16:31:26 +01003347 TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +00003348
3349 for( mode=1; mode <= 3; mode++ )
3350 {
3351 seen_success = 0;
3352 for( offset=0; offset <= threshold; offset++ )
3353 {
3354 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +01003355 t_dec = &t0;
3356 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +00003357
3358 memset( rec.ctr, offset, sizeof( rec.ctr ) );
3359 rec.type = 42;
3360 rec.ver[0] = offset;
3361 rec.ver[1] = offset;
3362 rec.buf = buf;
3363 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +01003364#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +01003365 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +01003366#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +00003367
3368 switch( mode )
3369 {
3370 case 1: /* Space in the beginning */
3371 rec.data_offset = offset;
3372 rec.data_len = buflen - offset - default_post_padding;
3373 break;
3374
3375 case 2: /* Space in the end */
3376 rec.data_offset = default_pre_padding;
3377 rec.data_len = buflen - default_pre_padding - offset;
3378 break;
3379
3380 case 3: /* Space in the beginning and end */
3381 rec.data_offset = offset;
3382 rec.data_len = buflen - 2 * offset;
3383 break;
3384
3385 default:
3386 TEST_ASSERT( 0 );
3387 break;
3388 }
3389
3390 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3391
3392 /* Make a copy for later comparison */
3393 rec_backup = rec;
3394
3395 /* Encrypt record */
Ronald Cron6c5bd7f2020-06-10 14:08:26 +02003396 ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
3397 mbedtls_test_rnd_std_rand, NULL );
Hanno Beckerb3268da2018-01-05 15:20:24 +00003398
3399 if( ( mode == 1 || mode == 2 ) && seen_success )
3400 {
3401 TEST_ASSERT( ret == 0 );
3402 }
3403 else
3404 {
3405 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
3406 if( ret == 0 )
3407 seen_success = 1;
3408 }
3409
3410 if( ret != 0 )
3411 continue;
3412
Hanno Beckerb2713ab2020-05-07 14:54:22 +01003413#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3414 if( rec.cid_len != 0 )
3415 {
3416 /* DTLS 1.2 + CID hides the real content type and
3417 * uses a special CID content type in the protected
3418 * record. Double-check this. */
3419 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
3420 }
3421#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3422
3423#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
3424 if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
3425 {
3426 /* TLS 1.3 hides the real content type and
3427 * always uses Application Data as the content type
3428 * for protected records. Double-check this. */
3429 TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
3430 }
3431#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3432
Hanno Beckerb3268da2018-01-05 15:20:24 +00003433 /* Decrypt record with t_dec */
3434 TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
3435
3436 /* Compare results */
3437 TEST_ASSERT( rec.type == rec_backup.type );
3438 TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
3439 TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
3440 TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
3441 TEST_ASSERT( rec.data_len == rec_backup.data_len );
3442 TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
3443 TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
3444 rec_backup.buf + rec_backup.data_offset,
3445 rec.data_len ) == 0 );
3446 }
3447
3448 TEST_ASSERT( seen_success == 1 );
3449 }
3450
Hanno Becker81e16a32019-03-01 11:21:44 +00003451exit:
3452
Hanno Beckerb3268da2018-01-05 15:20:24 +00003453 /* Cleanup */
3454 mbedtls_ssl_free( &ssl );
3455 mbedtls_ssl_transform_free( &t0 );
3456 mbedtls_ssl_transform_free( &t1 );
3457
Hanno Becker3ee54212019-04-04 16:31:26 +01003458 mbedtls_free( buf );
Hanno Beckerb3268da2018-01-05 15:20:24 +00003459}
3460/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +03003461
Manuel Pégourié-Gonnard913a2042020-07-09 10:02:41 +02003462/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003463void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003464 int length_selector )
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003465{
3466 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003467 * Test record decryption for CBC without EtM, focused on the verification
3468 * of padding and MAC.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003469 *
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +01003470 * Actually depends on TLS >= 1.0 and either AES, ARIA, Camellia or DES,
3471 * but since the test framework doesn't support alternation in
3472 * dependency statements, just depend on TLS 1.2 and AES.
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003473 *
3474 * The length_selector argument is interpreted as follows:
3475 * - if it's -1, the plaintext length is 0 and minimal padding is applied
3476 * - if it's -2, the plaintext length is 0 and maximal padding is applied
3477 * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
3478 * it's the length of the rest of the padding, that is, excluding the
3479 * byte that encodes the length. The minimal non-zero plaintext length
3480 * that gives this padding_length is automatically selected.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003481 */
3482 mbedtls_ssl_context ssl; /* ONLY for debugging */
3483 mbedtls_ssl_transform t0, t1;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003484 mbedtls_record rec, rec_save;
3485 unsigned char *buf = NULL, *buf_save = NULL;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003486 size_t buflen, olen = 0;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003487 size_t plaintext_len, block_size, i;
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +02003488 unsigned char padlen; /* excluding the padding_length byte */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003489 unsigned char add_data[13];
3490 unsigned char mac[MBEDTLS_MD_MAX_SIZE];
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003491 int exp_ret;
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +02003492 const unsigned char pad_max_len = 255; /* Per the standard */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003493
3494 mbedtls_ssl_init( &ssl );
3495 mbedtls_ssl_transform_init( &t0 );
3496 mbedtls_ssl_transform_init( &t1 );
3497
3498 /* Set up transforms with dummy keys */
3499 TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
3500 0, trunc_hmac,
3501 MBEDTLS_SSL_MINOR_VERSION_3,
3502 0 , 0 ) == 0 );
3503
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003504 /* Determine padding/plaintext length */
3505 TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003506 block_size = t0.ivlen;
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003507 if( length_selector < 0 )
3508 {
3509 plaintext_len = 0;
3510
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +02003511 /* Minimal padding
3512 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003513 padlen = block_size - ( t0.maclen + 1 ) % block_size;
3514
3515 /* Maximal padding? */
3516 if( length_selector == -2 )
3517 padlen += block_size * ( ( pad_max_len - padlen ) / block_size );
3518 }
3519 else
3520 {
3521 padlen = length_selector;
3522
Manuel Pégourié-Gonnarde55653f2020-07-22 11:42:57 +02003523 /* Minimal non-zero plaintext_length giving desired padding.
3524 * The +1 is for the padding_length byte, not counted in padlen. */
Manuel Pégourié-Gonnard864abbf2020-07-21 10:37:14 +02003525 plaintext_len = block_size - ( padlen + t0.maclen + 1 ) % block_size;
3526 }
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003527
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003528 /* Prepare a buffer for record data */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003529 buflen = block_size
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003530 + plaintext_len
3531 + t0.maclen
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003532 + padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003533 ASSERT_ALLOC( buf, buflen );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003534 ASSERT_ALLOC( buf_save, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003535
3536 /* Prepare a dummy record header */
3537 memset( rec.ctr, 0, sizeof( rec.ctr ) );
3538 rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
3539 rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
3540 rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
3541#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3542 rec.cid_len = 0;
3543#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3544
3545 /* Prepare dummy record content */
3546 rec.buf = buf;
3547 rec.buf_len = buflen;
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003548 rec.data_offset = block_size;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003549 rec.data_len = plaintext_len;
3550 memset( rec.buf + rec.data_offset, 42, rec.data_len );
3551
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003552 /* Serialized version of record header for MAC purposes */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003553 memcpy( add_data, rec.ctr, 8 );
3554 add_data[8] = rec.type;
3555 add_data[9] = rec.ver[0];
3556 add_data[10] = rec.ver[1];
3557 add_data[11] = ( rec.data_len >> 8 ) & 0xff;
3558 add_data[12] = ( rec.data_len >> 0 ) & 0xff;
3559
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003560 /* Set dummy IV */
3561 memset( t0.iv_enc, 0x55, t0.ivlen );
3562 memcpy( rec.buf, t0.iv_enc, t0.ivlen );
3563
3564 /*
3565 * Prepare a pre-encryption record (with MAC and padding), and save it.
3566 */
3567
3568 /* MAC with additional data */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003569 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
3570 TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
3571 rec.buf + rec.data_offset,
3572 rec.data_len ) );
3573 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
3574
3575 memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
3576 rec.data_len += t0.maclen;
3577
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003578 /* Pad */
3579 memset( rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1 );
3580 rec.data_len += padlen + 1;
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003581
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003582 /* Save correct pre-encryption record */
3583 rec_save = rec;
3584 rec_save.buf = buf_save;
3585 memcpy( buf_save, buf, buflen );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003586
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003587 /*
3588 * Encrypt and decrypt the correct record, expecting success
3589 */
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003590 TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
3591 t0.iv_enc, t0.ivlen,
3592 rec.buf + rec.data_offset, rec.data_len,
3593 rec.buf + rec.data_offset, &olen ) );
3594 rec.data_offset -= t0.ivlen;
3595 rec.data_len += t0.ivlen;
3596
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003597 TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3598
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003599 /*
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003600 * Modify each byte of the pre-encryption record before encrypting and
3601 * decrypting it, expecting failure every time.
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003602 */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003603 for( i = block_size; i < buflen; i++ )
3604 {
Chris Jones9634bb12021-01-20 15:56:42 +00003605 mbedtls_test_set_step( i );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003606
3607 /* Restore correct pre-encryption record */
3608 rec = rec_save;
3609 rec.buf = buf;
3610 memcpy( buf, buf_save, buflen );
3611
Manuel Pégourié-Gonnardb51f0442020-07-21 10:40:25 +02003612 /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003613 rec.buf[i] ^= 0x01;
3614
3615 /* Encrypt */
3616 TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
3617 t0.iv_enc, t0.ivlen,
3618 rec.buf + rec.data_offset, rec.data_len,
3619 rec.buf + rec.data_offset, &olen ) );
3620 rec.data_offset -= t0.ivlen;
3621 rec.data_len += t0.ivlen;
3622
3623 /* Decrypt and expect failure */
3624 TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
3625 mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3626 }
3627
3628 /*
3629 * Use larger values of the padding bytes - with small buffers, this tests
3630 * the case where the announced padlen would be larger than the buffer
3631 * (and before that, than the buffer minus the size of the MAC), to make
3632 * sure our padding checking code does not perform any out-of-bounds reads
3633 * in this case. (With larger buffers, ie when the plaintext is long or
3634 * maximal length padding is used, this is less relevant but still doesn't
3635 * hurt to test.)
3636 *
3637 * (Start the loop with correct padding, just to double-check that record
3638 * saving did work, and that we're overwriting the correct bytes.)
3639 */
Manuel Pégourié-Gonnard4adc04a2020-07-16 10:00:48 +02003640 for( i = padlen; i <= pad_max_len; i++ )
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003641 {
Chris Jones9634bb12021-01-20 15:56:42 +00003642 mbedtls_test_set_step( i );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003643
3644 /* Restore correct pre-encryption record */
3645 rec = rec_save;
3646 rec.buf = buf;
3647 memcpy( buf, buf_save, buflen );
3648
3649 /* Set padding bytes to new value */
3650 memset( buf + buflen - padlen - 1, i, padlen + 1 );
3651
3652 /* Encrypt */
3653 TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
3654 t0.iv_enc, t0.ivlen,
3655 rec.buf + rec.data_offset, rec.data_len,
3656 rec.buf + rec.data_offset, &olen ) );
3657 rec.data_offset -= t0.ivlen;
3658 rec.data_len += t0.ivlen;
3659
3660 /* Decrypt and expect failure except the first time */
3661 exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
3662 TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
3663 }
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003664
3665exit:
3666 mbedtls_ssl_free( &ssl );
3667 mbedtls_ssl_transform_free( &t0 );
3668 mbedtls_ssl_transform_free( &t1 );
3669 mbedtls_free( buf );
Manuel Pégourié-Gonnard527c1ff2020-07-07 10:43:37 +02003670 mbedtls_free( buf_save );
Manuel Pégourié-Gonnard0ac01a12020-07-03 12:49:10 +02003671}
3672/* END_CASE */
3673
Hanno Becker39ff4922020-08-21 13:36:56 +01003674/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3675void ssl_tls1_3_hkdf_expand_label( int hash_alg,
3676 data_t *secret,
Hanno Becker70d7fb02020-09-09 10:11:21 +01003677 int label_idx,
Hanno Becker39ff4922020-08-21 13:36:56 +01003678 data_t *ctx,
3679 int desired_length,
3680 data_t *expected )
3681{
3682 unsigned char dst[ 100 ];
3683
Hanno Becker70d7fb02020-09-09 10:11:21 +01003684 unsigned char const *lbl = NULL;
3685 size_t lbl_len;
Hanno Becker1413bd82020-09-09 12:46:09 +01003686#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
3687 if( label_idx == (int) tls1_3_label_ ## name ) \
Hanno Becker70d7fb02020-09-09 10:11:21 +01003688 { \
3689 lbl = mbedtls_ssl_tls1_3_labels.name; \
3690 lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
3691 }
3692MBEDTLS_SSL_TLS1_3_LABEL_LIST
3693#undef MBEDTLS_SSL_TLS1_3_LABEL
3694 TEST_ASSERT( lbl != NULL );
Hanno Becker39ff4922020-08-21 13:36:56 +01003695
3696 /* Check sanity of test parameters. */
3697 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3698 TEST_ASSERT( (size_t) desired_length == expected->len );
3699
3700 TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
3701 (mbedtls_md_type_t) hash_alg,
3702 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +01003703 lbl, lbl_len,
Hanno Becker39ff4922020-08-21 13:36:56 +01003704 ctx->x, ctx->len,
3705 dst, desired_length ) == 0 );
3706
Hanno Beckerfb080962020-09-08 10:58:42 +01003707 ASSERT_COMPARE( dst, (size_t) desired_length,
3708 expected->x, (size_t) expected->len );
Hanno Becker39ff4922020-08-21 13:36:56 +01003709}
3710/* END_CASE */
3711
Hanno Becker19498f82020-08-21 13:37:08 +01003712/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3713void ssl_tls1_3_traffic_key_generation( int hash_alg,
3714 data_t *server_secret,
3715 data_t *client_secret,
3716 int desired_iv_len,
3717 int desired_key_len,
3718 data_t *expected_server_write_key,
3719 data_t *expected_server_write_iv,
3720 data_t *expected_client_write_key,
3721 data_t *expected_client_write_iv )
3722{
3723 mbedtls_ssl_key_set keys;
3724
3725 /* Check sanity of test parameters. */
3726 TEST_ASSERT( client_secret->len == server_secret->len );
3727 TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len &&
3728 expected_client_write_iv->len == (size_t) desired_iv_len );
3729 TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
3730 expected_client_write_key->len == (size_t) desired_key_len );
3731
3732 TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys(
3733 (mbedtls_md_type_t) hash_alg,
3734 client_secret->x,
3735 server_secret->x,
3736 client_secret->len /* == server_secret->len */,
3737 desired_key_len, desired_iv_len,
3738 &keys ) == 0 );
3739
Hanno Beckerfb080962020-09-08 10:58:42 +01003740 ASSERT_COMPARE( keys.client_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +01003741 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +01003742 expected_client_write_key->x,
3743 (size_t) desired_key_len );
3744 ASSERT_COMPARE( keys.server_write_key,
Hanno Becker493ea7f2020-09-08 11:01:00 +01003745 keys.key_len,
Hanno Beckerfb080962020-09-08 10:58:42 +01003746 expected_server_write_key->x,
3747 (size_t) desired_key_len );
3748 ASSERT_COMPARE( keys.client_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +01003749 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +01003750 expected_client_write_iv->x,
3751 (size_t) desired_iv_len );
3752 ASSERT_COMPARE( keys.server_write_iv,
Hanno Becker493ea7f2020-09-08 11:01:00 +01003753 keys.iv_len,
Hanno Beckerfb080962020-09-08 10:58:42 +01003754 expected_server_write_iv->x,
3755 (size_t) desired_iv_len );
Hanno Becker19498f82020-08-21 13:37:08 +01003756}
3757/* END_CASE */
3758
Hanno Beckere4849d12020-08-21 14:14:14 +01003759/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3760void ssl_tls1_3_derive_secret( int hash_alg,
3761 data_t *secret,
Hanno Becker70d7fb02020-09-09 10:11:21 +01003762 int label_idx,
Hanno Beckere4849d12020-08-21 14:14:14 +01003763 data_t *ctx,
3764 int desired_length,
3765 int already_hashed,
3766 data_t *expected )
3767{
3768 unsigned char dst[ 100 ];
3769
Hanno Becker70d7fb02020-09-09 10:11:21 +01003770 unsigned char const *lbl = NULL;
3771 size_t lbl_len;
Hanno Becker1413bd82020-09-09 12:46:09 +01003772#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
3773 if( label_idx == (int) tls1_3_label_ ## name ) \
Hanno Becker70d7fb02020-09-09 10:11:21 +01003774 { \
3775 lbl = mbedtls_ssl_tls1_3_labels.name; \
3776 lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
3777 }
3778MBEDTLS_SSL_TLS1_3_LABEL_LIST
3779#undef MBEDTLS_SSL_TLS1_3_LABEL
3780 TEST_ASSERT( lbl != NULL );
3781
Hanno Beckere4849d12020-08-21 14:14:14 +01003782 /* Check sanity of test parameters. */
3783 TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
3784 TEST_ASSERT( (size_t) desired_length == expected->len );
3785
3786 TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
3787 (mbedtls_md_type_t) hash_alg,
3788 secret->x, secret->len,
Hanno Becker70d7fb02020-09-09 10:11:21 +01003789 lbl, lbl_len,
Hanno Beckere4849d12020-08-21 14:14:14 +01003790 ctx->x, ctx->len,
3791 already_hashed,
3792 dst, desired_length ) == 0 );
3793
Hanno Beckerfb080962020-09-08 10:58:42 +01003794 ASSERT_COMPARE( dst, desired_length,
3795 expected->x, desired_length );
Hanno Beckere4849d12020-08-21 14:14:14 +01003796}
3797/* END_CASE */
3798
Hanno Becker2d2c3eb2020-08-20 14:54:24 +01003799/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Hanno Beckera4f40a02021-05-24 06:42:11 +01003800void ssl_tls1_3_derive_early_secrets( int hash_alg,
3801 data_t *secret,
3802 data_t *transcript,
3803 data_t *traffic_expected,
3804 data_t *exporter_expected )
3805{
3806 mbedtls_ssl_tls1_3_early_secrets secrets;
3807
3808 /* Double-check that we've passed sane parameters. */
3809 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
3810 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
3811 size_t const md_size = mbedtls_md_get_size( md_info );
3812 TEST_ASSERT( md_info != 0 &&
3813 secret->len == md_size &&
3814 transcript->len == md_size &&
3815 traffic_expected->len == md_size &&
3816 exporter_expected->len == md_size );
3817
3818 TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets(
3819 md_type, secret->x, transcript->x, transcript->len,
3820 &secrets ) == 0 );
3821
3822 ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
3823 traffic_expected->x, traffic_expected->len );
3824 ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
3825 exporter_expected->x, exporter_expected->len );
3826}
3827/* END_CASE */
3828
3829/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3830void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
3831 data_t *secret,
3832 data_t *transcript,
3833 data_t *client_expected,
3834 data_t *server_expected )
3835{
3836 mbedtls_ssl_tls1_3_handshake_secrets secrets;
3837
3838 /* Double-check that we've passed sane parameters. */
3839 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
3840 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
3841 size_t const md_size = mbedtls_md_get_size( md_info );
3842 TEST_ASSERT( md_info != 0 &&
3843 secret->len == md_size &&
3844 transcript->len == md_size &&
3845 client_expected->len == md_size &&
3846 server_expected->len == md_size );
3847
3848 TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets(
3849 md_type, secret->x, transcript->x, transcript->len,
3850 &secrets ) == 0 );
3851
3852 ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
3853 client_expected->x, client_expected->len );
3854 ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
3855 server_expected->x, server_expected->len );
3856}
3857/* END_CASE */
3858
3859/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3860void ssl_tls1_3_derive_application_secrets( int hash_alg,
3861 data_t *secret,
3862 data_t *transcript,
3863 data_t *client_expected,
3864 data_t *server_expected,
3865 data_t *exporter_expected )
3866{
3867 mbedtls_ssl_tls1_3_application_secrets secrets;
3868
3869 /* Double-check that we've passed sane parameters. */
3870 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
3871 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
3872 size_t const md_size = mbedtls_md_get_size( md_info );
3873 TEST_ASSERT( md_info != 0 &&
3874 secret->len == md_size &&
3875 transcript->len == md_size &&
3876 client_expected->len == md_size &&
3877 server_expected->len == md_size &&
3878 exporter_expected->len == md_size );
3879
3880 TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets(
3881 md_type, secret->x, transcript->x, transcript->len,
3882 &secrets ) == 0 );
3883
3884 ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
3885 client_expected->x, client_expected->len );
3886 ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
3887 server_expected->x, server_expected->len );
3888 ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
3889 exporter_expected->x, exporter_expected->len );
3890}
3891/* END_CASE */
3892
3893/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
3894void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
3895 data_t *secret,
3896 data_t *transcript,
3897 data_t *resumption_expected )
3898{
3899 mbedtls_ssl_tls1_3_application_secrets secrets;
3900
3901 /* Double-check that we've passed sane parameters. */
3902 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
3903 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
3904 size_t const md_size = mbedtls_md_get_size( md_info );
3905 TEST_ASSERT( md_info != 0 &&
3906 secret->len == md_size &&
3907 transcript->len == md_size &&
3908 resumption_expected->len == md_size );
3909
3910 TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret(
3911 md_type, secret->x, transcript->x, transcript->len,
3912 &secrets ) == 0 );
3913
3914 ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
3915 resumption_expected->x, resumption_expected->len );
3916}
3917/* END_CASE */
3918
3919/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Hanno Becker55bc2c52021-05-24 06:53:52 +01003920void ssl_tls1_3_create_psk_binder( int hash_alg,
3921 data_t *psk,
3922 int psk_type,
3923 data_t *transcript,
3924 data_t *binder_expected )
3925{
3926 unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
3927
3928 /* Double-check that we've passed sane parameters. */
3929 mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
3930 mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
3931 size_t const md_size = mbedtls_md_get_size( md_info );
3932 TEST_ASSERT( md_info != 0 &&
3933 transcript->len == md_size &&
3934 binder_expected->len == md_size );
3935
3936 TEST_ASSERT( mbedtls_ssl_tls1_3_create_psk_binder(
3937 NULL, /* SSL context for debugging only */
3938 md_type,
3939 psk->x, psk->len,
3940 psk_type,
3941 transcript->x,
3942 binder ) == 0 );
3943
3944 ASSERT_COMPARE( binder, md_size,
3945 binder_expected->x, binder_expected->len );
3946}
3947/* END_CASE */
3948
3949/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Hanno Becker2d2c3eb2020-08-20 14:54:24 +01003950void ssl_tls1_3_key_evolution( int hash_alg,
3951 data_t *secret,
3952 data_t *input,
3953 data_t *expected )
3954{
3955 unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
3956
3957 TEST_ASSERT( mbedtls_ssl_tls1_3_evolve_secret(
3958 (mbedtls_md_type_t) hash_alg,
3959 secret->len ? secret->x : NULL,
3960 input->len ? input->x : NULL, input->len,
3961 secret_new ) == 0 );
3962
Hanno Beckerfb080962020-09-08 10:58:42 +01003963 ASSERT_COMPARE( secret_new, (size_t) expected->len,
3964 expected->x, (size_t) expected->len );
Hanno Becker2d2c3eb2020-08-20 14:54:24 +01003965}
3966/* END_CASE */
3967
Ron Eldor824ad7b2019-05-13 14:09:00 +03003968/* BEGIN_CASE */
3969void ssl_tls_prf( int type, data_t * secret, data_t * random,
Ronald Cronac6ae352020-06-26 14:33:03 +02003970 char *label, data_t *result_str, int exp_ret )
Ron Eldor824ad7b2019-05-13 14:09:00 +03003971{
3972 unsigned char *output;
3973
Ronald Cronac6ae352020-06-26 14:33:03 +02003974 output = mbedtls_calloc( 1, result_str->len );
Ron Eldor824ad7b2019-05-13 14:09:00 +03003975 if( output == NULL )
3976 goto exit;
3977
Gilles Peskine9de97e22021-02-02 21:00:11 +01003978 USE_PSA_INIT( );
Ron Eldor6b9b1b82019-05-15 17:04:33 +03003979
Ron Eldor824ad7b2019-05-13 14:09:00 +03003980 TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
3981 label, random->x, random->len,
Ronald Cronac6ae352020-06-26 14:33:03 +02003982 output, result_str->len ) == exp_ret );
Ron Eldor824ad7b2019-05-13 14:09:00 +03003983
3984 if( exp_ret == 0 )
3985 {
Ronald Cronac6ae352020-06-26 14:33:03 +02003986 TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
3987 result_str->len, result_str->len ) == 0 );
Ron Eldor824ad7b2019-05-13 14:09:00 +03003988 }
3989exit:
3990
3991 mbedtls_free( output );
Gilles Peskine1f186ff2021-02-02 21:04:06 +01003992 USE_PSA_DONE( );
Ron Eldor824ad7b2019-05-13 14:09:00 +03003993}
3994/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02003995
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02003996/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02003997void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02003998{
3999 mbedtls_ssl_session original, restored;
4000 unsigned char *buf = NULL;
4001 size_t len;
4002
4003 /*
4004 * Test that a save-load pair is the identity
4005 */
4006
4007 mbedtls_ssl_session_init( &original );
4008 mbedtls_ssl_session_init( &restored );
4009
4010 /* Prepare a dummy session to work on */
4011 TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
4012
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004013 /* Serialize it */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02004014 TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
4015 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4016 TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
4017 TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
4018 == 0 );
4019
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004020 /* Restore session from serialized data */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02004021 TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
4022
4023 /*
4024 * Make sure both session structures are identical
4025 */
4026#if defined(MBEDTLS_HAVE_TIME)
4027 TEST_ASSERT( original.start == restored.start );
4028#endif
4029 TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
4030 TEST_ASSERT( original.compression == restored.compression );
4031 TEST_ASSERT( original.id_len == restored.id_len );
4032 TEST_ASSERT( memcmp( original.id,
4033 restored.id, sizeof( original.id ) ) == 0 );
4034 TEST_ASSERT( memcmp( original.master,
4035 restored.master, sizeof( original.master ) ) == 0 );
4036
4037#if defined(MBEDTLS_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02004038#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02004039 TEST_ASSERT( ( original.peer_cert == NULL ) ==
4040 ( restored.peer_cert == NULL ) );
4041 if( original.peer_cert != NULL )
4042 {
4043 TEST_ASSERT( original.peer_cert->raw.len ==
4044 restored.peer_cert->raw.len );
4045 TEST_ASSERT( memcmp( original.peer_cert->raw.p,
4046 restored.peer_cert->raw.p,
4047 original.peer_cert->raw.len ) == 0 );
4048 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +02004049#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
4050 TEST_ASSERT( original.peer_cert_digest_type ==
4051 restored.peer_cert_digest_type );
4052 TEST_ASSERT( original.peer_cert_digest_len ==
4053 restored.peer_cert_digest_len );
4054 TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
4055 ( restored.peer_cert_digest == NULL ) );
4056 if( original.peer_cert_digest != NULL )
4057 {
4058 TEST_ASSERT( memcmp( original.peer_cert_digest,
4059 restored.peer_cert_digest,
4060 original.peer_cert_digest_len ) == 0 );
4061 }
4062#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
4063#endif /* MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02004064 TEST_ASSERT( original.verify_result == restored.verify_result );
4065
4066#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
4067 TEST_ASSERT( original.ticket_len == restored.ticket_len );
4068 if( original.ticket_len != 0 )
4069 {
4070 TEST_ASSERT( original.ticket != NULL );
4071 TEST_ASSERT( restored.ticket != NULL );
4072 TEST_ASSERT( memcmp( original.ticket,
4073 restored.ticket, original.ticket_len ) == 0 );
4074 }
4075 TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
4076#endif
4077
4078#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
4079 TEST_ASSERT( original.mfl_code == restored.mfl_code );
4080#endif
4081
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +02004082#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
4083 TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
4084#endif
4085
4086exit:
4087 mbedtls_ssl_session_free( &original );
4088 mbedtls_ssl_session_free( &restored );
4089 mbedtls_free( buf );
4090}
4091/* END_CASE */
4092
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +02004093/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004094void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004095{
4096 mbedtls_ssl_session session;
4097 unsigned char *buf1 = NULL, *buf2 = NULL;
4098 size_t len0, len1, len2;
4099
4100 /*
4101 * Test that a load-save pair is the identity
4102 */
4103
4104 mbedtls_ssl_session_init( &session );
4105
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02004106 /* Prepare a dummy session to work on */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02004107 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +02004108
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004109 /* Get desired buffer size for serializing */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004110 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
4111 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4112
4113 /* Allocate first buffer */
4114 buf1 = mbedtls_calloc( 1, len0 );
4115 TEST_ASSERT( buf1 != NULL );
4116
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004117 /* Serialize to buffer and free live session */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004118 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
4119 == 0 );
4120 TEST_ASSERT( len0 == len1 );
4121 mbedtls_ssl_session_free( &session );
4122
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004123 /* Restore session from serialized data */
Manuel Pégourié-Gonnard220403b2019-05-24 09:54:21 +02004124 TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004125
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004126 /* Allocate second buffer and serialize to it */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004127 buf2 = mbedtls_calloc( 1, len0 );
Manuel Pégourié-Gonnardb4079902019-05-24 09:52:10 +02004128 TEST_ASSERT( buf2 != NULL );
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004129 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
4130 == 0 );
4131
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004132 /* Make sure both serialized versions are identical */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +02004133 TEST_ASSERT( len1 == len2 );
4134 TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
4135
4136exit:
4137 mbedtls_ssl_session_free( &session );
4138 mbedtls_free( buf1 );
4139 mbedtls_free( buf2 );
4140}
4141/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +02004142
4143/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004144void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +02004145{
4146 mbedtls_ssl_session session;
4147 unsigned char *buf = NULL;
4148 size_t good_len, bad_len, test_len;
4149
4150 /*
4151 * Test that session_save() fails cleanly on small buffers
4152 */
4153
4154 mbedtls_ssl_session_init( &session );
4155
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004156 /* Prepare dummy session and get serialized size */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02004157 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +02004158 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4159 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4160
4161 /* Try all possible bad lengths */
4162 for( bad_len = 1; bad_len < good_len; bad_len++ )
4163 {
4164 /* Allocate exact size so that asan/valgrind can detect any overwrite */
4165 mbedtls_free( buf );
4166 TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
4167 TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
4168 &test_len )
4169 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4170 TEST_ASSERT( test_len == good_len );
4171 }
4172
4173exit:
4174 mbedtls_ssl_session_free( &session );
4175 mbedtls_free( buf );
4176}
4177/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +02004178
4179/* BEGIN_CASE */
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004180void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +02004181{
4182 mbedtls_ssl_session session;
4183 unsigned char *good_buf = NULL, *bad_buf = NULL;
4184 size_t good_len, bad_len;
4185
4186 /*
4187 * Test that session_load() fails cleanly on small buffers
4188 */
4189
4190 mbedtls_ssl_session_init( &session );
4191
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +02004192 /* Prepare serialized session data */
Manuel Pégourié-Gonnard6b840702019-05-24 09:40:17 +02004193 TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +02004194 TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
4195 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
4196 TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
4197 TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
4198 &good_len ) == 0 );
4199 mbedtls_ssl_session_free( &session );
4200
4201 /* Try all possible bad lengths */
4202 for( bad_len = 0; bad_len < good_len; bad_len++ )
4203 {
4204 /* Allocate exact size so that asan/valgrind can detect any overread */
4205 mbedtls_free( bad_buf );
4206 bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
4207 TEST_ASSERT( bad_buf != NULL );
4208 memcpy( bad_buf, good_buf, bad_len );
4209
4210 TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
4211 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
4212 }
4213
4214exit:
4215 mbedtls_ssl_session_free( &session );
4216 mbedtls_free( good_buf );
4217 mbedtls_free( bad_buf );
4218}
4219/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +01004220
Hanno Becker363b6462019-05-29 12:44:28 +01004221/* BEGIN_CASE */
4222void ssl_session_serialize_version_check( int corrupt_major,
Hanno Becker861d0bb2019-05-21 16:39:30 +01004223 int corrupt_minor,
4224 int corrupt_patch,
4225 int corrupt_config )
4226{
Hanno Becker363b6462019-05-29 12:44:28 +01004227 unsigned char serialized_session[ 2048 ];
4228 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004229 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +01004230 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004231 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
4232 corrupt_minor == 1,
4233 corrupt_patch == 1,
4234 corrupt_config == 1,
4235 corrupt_config == 1 };
4236
Hanno Becker861d0bb2019-05-21 16:39:30 +01004237 mbedtls_ssl_session_init( &session );
4238
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004239 /* Infer length of serialized session. */
Hanno Becker861d0bb2019-05-21 16:39:30 +01004240 TEST_ASSERT( mbedtls_ssl_session_save( &session,
Hanno Becker363b6462019-05-29 12:44:28 +01004241 serialized_session,
4242 sizeof( serialized_session ),
4243 &serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +01004244
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004245 mbedtls_ssl_session_free( &session );
Hanno Becker861d0bb2019-05-21 16:39:30 +01004246
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004247 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +01004248 * de-serialize the session - double-check that. */
Hanno Becker861d0bb2019-05-21 16:39:30 +01004249 TEST_ASSERT( mbedtls_ssl_session_load( &session,
Hanno Becker363b6462019-05-29 12:44:28 +01004250 serialized_session,
4251 serialized_session_len ) == 0 );
Hanno Becker861d0bb2019-05-21 16:39:30 +01004252 mbedtls_ssl_session_free( &session );
4253
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004254 /* Go through the bytes in the serialized session header and
4255 * corrupt them bit-by-bit. */
4256 for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
Hanno Becker861d0bb2019-05-21 16:39:30 +01004257 {
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004258 int cur_bit;
4259 unsigned char * const byte = &serialized_session[ cur_byte ];
4260
4261 if( should_corrupt_byte[ cur_byte ] == 0 )
4262 continue;
4263
4264 for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
4265 {
4266 unsigned char const corrupted_bit = 0x1u << cur_bit;
4267 /* Modify a single bit in the serialized session. */
4268 *byte ^= corrupted_bit;
4269
4270 /* Attempt to deserialize */
4271 TEST_ASSERT( mbedtls_ssl_session_load( &session,
4272 serialized_session,
4273 serialized_session_len ) ==
Hanno Beckerf9b33032019-06-03 12:58:39 +01004274 MBEDTLS_ERR_SSL_VERSION_MISMATCH );
Hanno Beckerfe1275e2019-05-29 12:45:21 +01004275
4276 /* Undo the change */
4277 *byte ^= corrupted_bit;
4278 }
Hanno Becker861d0bb2019-05-21 16:39:30 +01004279 }
4280
Hanno Becker861d0bb2019-05-21 16:39:30 +01004281}
4282/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004283
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004284/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004285void mbedtls_endpoint_sanity( int endpoint_type )
4286{
4287 enum { BUFFSIZE = 1024 };
4288 mbedtls_endpoint ep;
4289 int ret = -1;
4290
Andrzej Kurek15daf502020-02-12 09:17:52 -05004291 ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
4292 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004293 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4294
Andrzej Kurekb2980742020-02-02 19:25:26 -05004295 ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004296 TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
4297
Andrzej Kurek15daf502020-02-12 09:17:52 -05004298 ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
4299 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004300 TEST_ASSERT( ret == 0 );
4301
4302exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -05004303 mbedtls_endpoint_free( &ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004304}
4305/* END_CASE */
4306
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004307/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004308void move_handshake_to_state(int endpoint_type, int state, int need_pass)
4309{
4310 enum { BUFFSIZE = 1024 };
4311 mbedtls_endpoint base_ep, second_ep;
4312 int ret = -1;
4313
Andrzej Kurek15daf502020-02-12 09:17:52 -05004314 ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
4315 NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004316 TEST_ASSERT( ret == 0 );
4317
4318 ret = mbedtls_endpoint_init( &second_ep,
4319 ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
Andrzej Kurekb2980742020-02-02 19:25:26 -05004320 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
Andrzej Kurek15daf502020-02-12 09:17:52 -05004321 MBEDTLS_PK_RSA, NULL, NULL, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004322 TEST_ASSERT( ret == 0 );
4323
4324 ret = mbedtls_mock_socket_connect( &(base_ep.socket),
4325 &(second_ep.socket),
4326 BUFFSIZE );
4327 TEST_ASSERT( ret == 0 );
4328
4329 ret = mbedtls_move_handshake_to_state( &(base_ep.ssl),
4330 &(second_ep.ssl),
4331 state );
4332 if( need_pass )
4333 {
4334 TEST_ASSERT( ret == 0 );
4335 TEST_ASSERT( base_ep.ssl.state == state );
4336 }
4337 else
4338 {
4339 TEST_ASSERT( ret != 0 );
4340 TEST_ASSERT( base_ep.ssl.state != state );
4341 }
4342
4343exit:
Andrzej Kurek15daf502020-02-12 09:17:52 -05004344 mbedtls_endpoint_free( &base_ep, NULL );
4345 mbedtls_endpoint_free( &second_ep, NULL );
Piotr Nowicki2a1f1782020-01-13 09:42:10 +01004346}
4347/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004348
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004349/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Paul Elliottc8570442020-04-15 17:00:50 +01004350void handshake_version( int dtls, int client_min_version, int client_max_version,
4351 int server_min_version, int server_max_version,
4352 int expected_negotiated_version )
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004353{
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004354 handshake_test_options options;
4355 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004356
Paul Elliottc8570442020-04-15 17:00:50 +01004357 options.client_min_version = client_min_version;
4358 options.client_max_version = client_max_version;
4359 options.server_min_version = server_min_version;
4360 options.server_max_version = server_max_version;
4361
4362 options.expected_negotiated_version = expected_negotiated_version;
4363
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004364 options.dtls = dtls;
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +01004365 /* By default, TLSv1.0 use 1/n-1 splitting when sending data, so
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01004366 * the number of fragments will be twice as big. */
Mateusz Starzyk06b07fb2021-02-18 13:55:21 +01004367 if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
Andrzej Kurek941962e2020-02-07 09:20:32 -05004368 {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +01004369 options.expected_cli_fragments = 2;
4370 options.expected_srv_fragments = 2;
Andrzej Kurek941962e2020-02-07 09:20:32 -05004371 }
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004372 perform_handshake( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004373
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004374 /* The goto below is used to avoid an "unused label" warning.*/
4375 goto exit;
4376}
4377/* END_CASE */
Andrzej Kurek9e9efdc2020-02-26 05:25:23 -05004378
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004379/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004380void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
4381{
4382 handshake_test_options options;
4383 init_handshake_options( &options );
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004384
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004385 options.cipher = cipher;
4386 options.dtls = dtls;
4387 options.psk_str = psk_str;
4388 options.pk_alg = pk_alg;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -05004389
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004390 perform_handshake( &options );
Andrzej Kurek316da1f2020-02-26 09:03:47 -05004391
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004392 /* The goto below is used to avoid an "unused label" warning.*/
4393 goto exit;
4394}
4395/* END_CASE */
Andrzej Kurek316da1f2020-02-26 09:03:47 -05004396
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004397/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004398void handshake_cipher( char* cipher, int pk_alg, int dtls )
4399{
4400 test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004401
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004402 /* The goto below is used to avoid an "unused label" warning.*/
4403 goto exit;
4404}
4405/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004406
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004407/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004408void app_data( int mfl, int cli_msg_len, int srv_msg_len,
4409 int expected_cli_fragments,
4410 int expected_srv_fragments, int dtls )
4411{
4412 handshake_test_options options;
4413 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004414
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004415 options.mfl = mfl;
4416 options.cli_msg_len = cli_msg_len;
4417 options.srv_msg_len = srv_msg_len;
4418 options.expected_cli_fragments = expected_cli_fragments;
4419 options.expected_srv_fragments = expected_srv_fragments;
4420 options.dtls = dtls;
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004421
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004422 perform_handshake( &options );
4423 /* The goto below is used to avoid an "unused label" warning.*/
4424 goto exit;
4425}
4426/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004427
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004428/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004429void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
4430 int expected_cli_fragments,
4431 int expected_srv_fragments )
4432{
4433 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4434 expected_srv_fragments, 0 );
4435 /* The goto below is used to avoid an "unused label" warning.*/
4436 goto exit;
4437}
4438/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004439
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004440/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004441void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
4442 int expected_cli_fragments,
4443 int expected_srv_fragments )
4444{
4445 test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
4446 expected_srv_fragments, 1 );
4447 /* The goto below is used to avoid an "unused label" warning.*/
4448 goto exit;
4449}
4450/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004451
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004452/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004453void handshake_serialization( )
4454{
4455 handshake_test_options options;
4456 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004457
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004458 options.serialize = 1;
4459 options.dtls = 1;
4460 perform_handshake( &options );
4461 /* The goto below is used to avoid an "unused label" warning.*/
4462 goto exit;
4463}
4464/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004465
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004466/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Piotr Nowickibde7ee82020-02-21 10:59:50 +01004467void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
4468{
4469 handshake_test_options options;
4470 log_pattern srv_pattern, cli_pattern;
4471
4472 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
4473 srv_pattern.counter = 0;
4474 cli_pattern.counter = 0;
4475
4476 init_handshake_options( &options );
4477 options.dtls = 1;
4478 options.mfl = mfl;
Darryl Greenaad82f92019-12-02 10:53:11 +00004479 /* Set cipher to one using CBC so that record splitting can be tested */
4480 options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
Piotr Nowickibde7ee82020-02-21 10:59:50 +01004481 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
4482 options.srv_log_obj = &srv_pattern;
4483 options.cli_log_obj = &cli_pattern;
4484 options.srv_log_fun = log_analyzer;
4485 options.cli_log_fun = log_analyzer;
4486
4487 perform_handshake( &options );
4488
4489 /* Test if the server received a fragmented handshake */
4490 if( expected_srv_hs_fragmentation )
4491 {
4492 TEST_ASSERT( srv_pattern.counter >= 1 );
4493 }
4494 /* Test if the client received a fragmented handshake */
4495 if( expected_cli_hs_fragmentation )
4496 {
4497 TEST_ASSERT( cli_pattern.counter >= 1 );
4498 }
4499}
4500/* END_CASE */
4501
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004502/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004503void renegotiation( int legacy_renegotiation )
4504{
4505 handshake_test_options options;
4506 init_handshake_options( &options );
Andrzej Kurekda2b6782020-02-12 07:56:36 -05004507
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004508 options.renegotiate = 1;
4509 options.legacy_renegotiation = legacy_renegotiation;
4510 options.dtls = 1;
Andrzej Kurek316da1f2020-02-26 09:03:47 -05004511
Andrzej Kurek8a6ff152020-02-26 09:10:14 -05004512 perform_handshake( &options );
4513 /* The goto below is used to avoid an "unused label" warning.*/
4514 goto exit;
Andrzej Kurekf40daa32020-02-04 09:00:01 -05004515}
4516/* END_CASE */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004517
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004518/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004519void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
Andrzej Kurek8ea68722020-04-03 06:40:47 -04004520 int serialize, int dtls, char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004521{
4522 handshake_test_options options;
4523 init_handshake_options( &options );
4524
4525 options.mfl = mfl;
Andrzej Kurek8ea68722020-04-03 06:40:47 -04004526 options.cipher = cipher;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004527 options.renegotiate = renegotiation;
4528 options.legacy_renegotiation = legacy_renegotiation;
4529 options.serialize = serialize;
4530 options.dtls = dtls;
4531 options.resize_buffers = 1;
4532
4533 perform_handshake( &options );
4534 /* The goto below is used to avoid an "unused label" warning.*/
4535 goto exit;
4536}
4537/* END_CASE */
4538
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004539/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004540void resize_buffers_serialize_mfl( int mfl )
4541{
Andrzej Kurek8ea68722020-04-03 06:40:47 -04004542 test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
4543 (char *) "" );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004544
4545 /* The goto below is used to avoid an "unused label" warning.*/
4546 goto exit;
4547}
4548/* END_CASE */
4549
Manuel Pégourié-Gonnardd12402f2020-05-20 10:34:25 +02004550/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
Andrzej Kurek8ea68722020-04-03 06:40:47 -04004551void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
4552 char *cipher )
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004553{
Andrzej Kurek8ea68722020-04-03 06:40:47 -04004554 test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
Andrzej Kurek0afa2a12020-03-03 10:39:58 -05004555
4556 /* The goto below is used to avoid an "unused label" warning.*/
4557 goto exit;
4558}
4559/* END_CASE */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004560
Manuel Pégourié-Gonnarded0e8642020-07-21 11:20:30 +02004561/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004562void ssl_cf_hmac( int hash )
4563{
4564 /*
4565 * Test the function mbedtls_ssl_cf_hmac() against a reference
4566 * implementation.
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004567 */
4568 mbedtls_md_context_t ctx, ref_ctx;
4569 const mbedtls_md_info_t *md_info;
4570 size_t out_len, block_size;
4571 size_t min_in_len, in_len, max_in_len, i;
4572 /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
4573 unsigned char add_data[13];
4574 unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
4575 unsigned char *data = NULL;
4576 unsigned char *out = NULL;
4577 unsigned char rec_num = 0;
4578
4579 mbedtls_md_init( &ctx );
4580 mbedtls_md_init( &ref_ctx );
4581
4582 md_info = mbedtls_md_info_from_type( hash );
4583 TEST_ASSERT( md_info != NULL );
4584 out_len = mbedtls_md_get_size( md_info );
4585 TEST_ASSERT( out_len != 0 );
4586 block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
4587
4588 /* Use allocated out buffer to catch overwrites */
4589 ASSERT_ALLOC( out, out_len );
4590
4591 /* Set up contexts with the given hash and a dummy key */
4592 TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
4593 TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
4594 memset( ref_out, 42, sizeof( ref_out ) );
4595 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
4596 TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
4597 memset( ref_out, 0, sizeof( ref_out ) );
4598
4599 /*
4600 * Test all possible lengths up to a point. The difference between
4601 * max_in_len and min_in_len is at most 255, and make sure they both vary
4602 * by at least one block size.
4603 */
4604 for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
4605 {
Chris Jones9634bb12021-01-20 15:56:42 +00004606 mbedtls_test_set_step( max_in_len * 10000 );
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +02004607
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004608 /* Use allocated in buffer to catch overreads */
Manuel Pégourié-Gonnardc3219002020-07-22 10:32:52 +02004609 ASSERT_ALLOC( data, max_in_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004610
4611 min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
4612 for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
4613 {
Chris Jones9634bb12021-01-20 15:56:42 +00004614 mbedtls_test_set_step( max_in_len * 10000 + in_len );
Manuel Pégourié-Gonnardca8287c2020-07-22 10:29:39 +02004615
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004616 /* Set up dummy data and add_data */
4617 rec_num++;
4618 memset( add_data, rec_num, sizeof( add_data ) );
4619 for( i = 0; i < in_len; i++ )
4620 data[i] = ( i & 0xff ) ^ rec_num;
4621
4622 /* Get the function's result */
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +02004623 TEST_CF_SECRET( &in_len, sizeof( in_len ) );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004624 TEST_EQUAL( 0, mbedtls_ssl_cf_hmac( &ctx, add_data, sizeof( add_data ),
4625 data, in_len,
4626 min_in_len, max_in_len,
4627 out ) );
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +02004628 TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
4629 TEST_CF_PUBLIC( out, out_len );
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +02004630
4631 /* Compute the reference result */
4632 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
4633 sizeof( add_data ) ) );
4634 TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
4635 TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
4636 TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
4637
4638 /* Compare */
4639 ASSERT_COMPARE( out, out_len, ref_out, out_len );
4640 }
4641
4642 mbedtls_free( data );
4643 data = NULL;
4644 }
4645
4646exit:
4647 mbedtls_md_free( &ref_ctx );
4648 mbedtls_md_free( &ctx );
4649
4650 mbedtls_free( data );
4651 mbedtls_free( out );
4652}
4653/* END_CASE */
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +02004654
4655/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
4656void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
4657{
4658 unsigned char *dst = NULL;
4659 unsigned char *src = NULL;
4660 size_t src_len = offset_max + len;
4661 size_t secret;
4662
4663 ASSERT_ALLOC( dst, len );
4664 ASSERT_ALLOC( src, src_len );
4665
4666 /* Fill src in a way that we can detect if we copied the right bytes */
4667 mbedtls_test_rnd_std_rand( NULL, src, src_len );
4668
4669 for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
4670 {
Chris Jones9634bb12021-01-20 15:56:42 +00004671 mbedtls_test_set_step( (int) secret );
Manuel Pégourié-Gonnard7fe2c5f2020-08-18 12:02:54 +02004672
4673 TEST_CF_SECRET( &secret, sizeof( secret ) );
4674 mbedtls_ssl_cf_memcpy_offset( dst, src, secret,
4675 offset_min, offset_max, len );
4676 TEST_CF_PUBLIC( &secret, sizeof( secret ) );
4677 TEST_CF_PUBLIC( dst, len );
4678
4679 ASSERT_COMPARE( dst, len, src + secret, len );
4680 }
4681
4682exit:
4683 mbedtls_free( dst );
4684 mbedtls_free( src );
4685}
4686/* END_CASE */
Hanno Becker6667ffd2021-04-19 21:59:22 +01004687
4688/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
4689void test_multiple_psks()
4690{
4691 unsigned char psk0[10] = { 0 };
4692 unsigned char psk0_identity[] = { 'f', 'o', 'o' };
4693
4694 unsigned char psk1[10] = { 0 };
4695 unsigned char psk1_identity[] = { 'b', 'a', 'r' };
4696
4697 mbedtls_ssl_config conf;
4698
4699 mbedtls_ssl_config_init( &conf );
4700
4701 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
4702 psk0, sizeof( psk0 ),
4703 psk0_identity, sizeof( psk0_identity ) ) == 0 );
4704 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
4705 psk1, sizeof( psk1 ),
4706 psk1_identity, sizeof( psk1_identity ) ) ==
4707 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
4708
4709exit:
4710
4711 mbedtls_ssl_config_free( &conf );
4712}
4713/* END_CASE */
4714
4715/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
4716void test_multiple_psks_opaque( int mode )
4717{
4718 /*
4719 * Mode 0: Raw PSK, then opaque PSK
4720 * Mode 1: Opaque PSK, then raw PSK
4721 * Mode 2: 2x opaque PSK
4722 */
4723
4724 unsigned char psk0_raw[10] = { 0 };
4725 unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' };
4726
4727 psa_key_id_t psk0_opaque = (psa_key_id_t) 1;
4728 unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' };
4729
4730 unsigned char psk1_raw[10] = { 0 };
4731 unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' };
4732
4733 psa_key_id_t psk1_opaque = (psa_key_id_t) 2;
4734 unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' };
4735
4736 mbedtls_ssl_config conf;
4737
4738 USE_PSA_INIT( );
4739 mbedtls_ssl_config_init( &conf );
4740
4741 switch( mode )
4742 {
4743 case 0:
4744
4745 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
4746 psk0_raw, sizeof( psk0_raw ),
4747 psk0_raw_identity, sizeof( psk0_raw_identity ) )
4748 == 0 );
4749 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
4750 psk1_opaque,
4751 psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
4752 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
4753 break;
4754
4755 case 1:
4756
4757 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
4758 psk0_opaque,
4759 psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
4760 == 0 );
4761 TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
4762 psk1_raw, sizeof( psk1_raw ),
4763 psk1_raw_identity, sizeof( psk1_raw_identity ) )
4764 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
4765
4766 break;
4767
4768 case 2:
4769
4770 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
4771 psk0_opaque,
4772 psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
4773 == 0 );
4774 TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
4775 psk1_opaque,
4776 psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
4777 == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
4778
4779 break;
4780
4781 default:
4782 TEST_ASSERT( 0 );
4783 break;
4784 }
4785
4786exit:
4787
4788 mbedtls_ssl_config_free( &conf );
4789 USE_PSA_DONE( );
4790
4791}
4792/* END_CASE */