| /* BEGIN_HEADER */ |
| #include <ssl_misc.h> |
| #include <mbedtls/timing.h> |
| #include <mbedtls/debug.h> |
| #include <mbedtls/pk.h> |
| #include <ssl_tls13_keys.h> |
| #include <ssl_tls13_invasive.h> |
| #include <test/ssl_helpers.h> |
| |
| #include <mbedtls/legacy_or_psa.h> |
| #include "hash_info.h" |
| |
| #include <constant_time_internal.h> |
| #include <test/constant_flow.h> |
| |
| /* END_HEADER */ |
| |
| /* BEGIN_DEPENDENCIES |
| * depends_on:MBEDTLS_SSL_TLS_C |
| * END_DEPENDENCIES |
| */ |
| |
| /* BEGIN_CASE */ |
| void test_callback_buffer_sanity() |
| { |
| enum { MSGLEN = 10 }; |
| mbedtls_test_ssl_buffer buf; |
| unsigned char input[MSGLEN]; |
| unsigned char output[MSGLEN]; |
| |
| memset(input, 0, sizeof(input)); |
| |
| /* Make sure calling put and get on NULL buffer results in error. */ |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) |
| == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) |
| == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) |
| == -1); |
| |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); |
| |
| /* Make sure calling put and get on a buffer that hasn't been set up results |
| * in error. */ |
| mbedtls_test_ssl_buffer_init(&buf); |
| |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) |
| == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) |
| == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) |
| == -1); |
| |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); |
| |
| /* Make sure calling put and get on NULL input only results in |
| * error if the length is not zero, and that a NULL output is valid for data |
| * dropping. |
| */ |
| |
| TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); |
| |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) |
| == -1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) |
| == 0); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); |
| |
| /* Make sure calling put several times in the row is safe */ |
| |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) |
| == sizeof(input)); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); |
| |
| |
| exit: |
| |
| mbedtls_test_ssl_buffer_free(&buf); |
| } |
| /* END_CASE */ |
| |
| /* |
| * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is |
| * correct and works as expected. |
| * |
| * That is |
| * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes. |
| * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. |
| * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret |
| * bytes. |
| * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. |
| * - All of the bytes we got match the bytes we put in in a FIFO manner. |
| */ |
| |
| /* BEGIN_CASE */ |
| void test_callback_buffer(int size, int put1, int put1_ret, |
| int get1, int get1_ret, int put2, int put2_ret, |
| int get2, int get2_ret) |
| { |
| enum { ROUNDS = 2 }; |
| size_t put[ROUNDS]; |
| int put_ret[ROUNDS]; |
| size_t get[ROUNDS]; |
| int get_ret[ROUNDS]; |
| mbedtls_test_ssl_buffer buf; |
| unsigned char *input = NULL; |
| size_t input_len; |
| unsigned char *output = NULL; |
| size_t output_len; |
| size_t i, j, written, read; |
| |
| mbedtls_test_ssl_buffer_init(&buf); |
| TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); |
| |
| /* Check the sanity of input parameters and initialise local variables. That |
| * is, ensure that the amount of data is not negative and that we are not |
| * expecting more to put or get than we actually asked for. */ |
| TEST_ASSERT(put1 >= 0); |
| put[0] = put1; |
| put_ret[0] = put1_ret; |
| TEST_ASSERT(put1_ret <= put1); |
| TEST_ASSERT(put2 >= 0); |
| put[1] = put2; |
| put_ret[1] = put2_ret; |
| TEST_ASSERT(put2_ret <= put2); |
| |
| TEST_ASSERT(get1 >= 0); |
| get[0] = get1; |
| get_ret[0] = get1_ret; |
| TEST_ASSERT(get1_ret <= get1); |
| TEST_ASSERT(get2 >= 0); |
| get[1] = get2; |
| get_ret[1] = get2_ret; |
| TEST_ASSERT(get2_ret <= get2); |
| |
| input_len = 0; |
| /* Calculate actual input and output lengths */ |
| for (j = 0; j < ROUNDS; j++) { |
| if (put_ret[j] > 0) { |
| input_len += put_ret[j]; |
| } |
| } |
| /* In order to always have a valid pointer we always allocate at least 1 |
| * byte. */ |
| if (input_len == 0) { |
| input_len = 1; |
| } |
| ASSERT_ALLOC(input, input_len); |
| |
| output_len = 0; |
| for (j = 0; j < ROUNDS; j++) { |
| if (get_ret[j] > 0) { |
| output_len += get_ret[j]; |
| } |
| } |
| TEST_ASSERT(output_len <= input_len); |
| /* In order to always have a valid pointer we always allocate at least 1 |
| * byte. */ |
| if (output_len == 0) { |
| output_len = 1; |
| } |
| ASSERT_ALLOC(output, output_len); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < input_len; i++) { |
| input[i] = i & 0xFF; |
| } |
| |
| written = read = 0; |
| for (j = 0; j < ROUNDS; j++) { |
| TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, |
| input + written, put[j])); |
| written += put_ret[j]; |
| TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, |
| output + read, get[j])); |
| read += get_ret[j]; |
| TEST_ASSERT(read <= written); |
| if (get_ret[j] > 0) { |
| TEST_ASSERT(memcmp(output + read - get_ret[j], |
| input + read - get_ret[j], get_ret[j]) |
| == 0); |
| } |
| } |
| |
| exit: |
| |
| mbedtls_free(input); |
| mbedtls_free(output); |
| mbedtls_test_ssl_buffer_free(&buf); |
| } |
| /* END_CASE */ |
| |
| /* |
| * Test if the implementation of `mbedtls_test_mock_socket` related |
| * I/O functions is correct and works as expected on unconnected sockets. |
| */ |
| |
| /* BEGIN_CASE */ |
| void ssl_mock_sanity() |
| { |
| enum { MSGLEN = 105 }; |
| unsigned char message[MSGLEN] = { 0 }; |
| unsigned char received[MSGLEN] = { 0 }; |
| mbedtls_test_mock_socket socket; |
| |
| mbedtls_mock_socket_init(&socket); |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); |
| mbedtls_test_mock_socket_close(&socket); |
| mbedtls_mock_socket_init(&socket); |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); |
| mbedtls_test_mock_socket_close(&socket); |
| |
| mbedtls_mock_socket_init(&socket); |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); |
| mbedtls_test_mock_socket_close(&socket); |
| mbedtls_mock_socket_init(&socket); |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); |
| mbedtls_test_mock_socket_close(&socket); |
| |
| exit: |
| |
| mbedtls_test_mock_socket_close(&socket); |
| } |
| /* END_CASE */ |
| |
| /* |
| * Test if the implementation of `mbedtls_test_mock_socket` related functions |
| * can send a single message from the client to the server. |
| */ |
| |
| /* BEGIN_CASE */ |
| void ssl_mock_tcp(int blocking) |
| { |
| enum { MSGLEN = 105 }; |
| enum { BUFLEN = MSGLEN / 5 }; |
| unsigned char message[MSGLEN]; |
| unsigned char received[MSGLEN]; |
| mbedtls_test_mock_socket client; |
| mbedtls_test_mock_socket server; |
| size_t written, read; |
| int send_ret, recv_ret; |
| mbedtls_ssl_send_t *send; |
| mbedtls_ssl_recv_t *recv; |
| unsigned i; |
| |
| if (blocking == 0) { |
| send = mbedtls_test_mock_tcp_send_nb; |
| recv = mbedtls_test_mock_tcp_recv_nb; |
| } else { |
| send = mbedtls_test_mock_tcp_send_b; |
| recv = mbedtls_test_mock_tcp_recv_b; |
| } |
| |
| mbedtls_mock_socket_init(&client); |
| mbedtls_mock_socket_init(&server); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| |
| /* Make sure that sending a message takes a few iterations. */ |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| BUFLEN)); |
| |
| /* Send the message to the server */ |
| send_ret = recv_ret = 1; |
| written = read = 0; |
| while (send_ret != 0 || recv_ret != 0) { |
| send_ret = send(&client, message + written, MSGLEN - written); |
| |
| TEST_ASSERT(send_ret >= 0); |
| TEST_ASSERT(send_ret <= BUFLEN); |
| written += send_ret; |
| |
| /* If the buffer is full we can test blocking and non-blocking send */ |
| if (send_ret == BUFLEN) { |
| int blocking_ret = send(&client, message, 1); |
| if (blocking) { |
| TEST_ASSERT(blocking_ret == 0); |
| } else { |
| TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); |
| } |
| } |
| |
| recv_ret = recv(&server, received + read, MSGLEN - read); |
| |
| /* The result depends on whether any data was sent */ |
| if (send_ret > 0) { |
| TEST_ASSERT(recv_ret > 0); |
| TEST_ASSERT(recv_ret <= BUFLEN); |
| read += recv_ret; |
| } else if (blocking) { |
| TEST_ASSERT(recv_ret == 0); |
| } else { |
| TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ); |
| recv_ret = 0; |
| } |
| |
| /* If the buffer is empty we can test blocking and non-blocking read */ |
| if (recv_ret == BUFLEN) { |
| int blocking_ret = recv(&server, received, 1); |
| if (blocking) { |
| TEST_ASSERT(blocking_ret == 0); |
| } else { |
| TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); |
| } |
| } |
| } |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| exit: |
| |
| mbedtls_test_mock_socket_close(&client); |
| mbedtls_test_mock_socket_close(&server); |
| } |
| /* END_CASE */ |
| |
| /* |
| * Test if the implementation of `mbedtls_test_mock_socket` related functions |
| * can send messages in both direction at the same time (with the I/O calls |
| * interleaving). |
| */ |
| |
| /* BEGIN_CASE */ |
| void ssl_mock_tcp_interleaving(int blocking) |
| { |
| enum { ROUNDS = 2 }; |
| enum { MSGLEN = 105 }; |
| enum { BUFLEN = MSGLEN / 5 }; |
| unsigned char message[ROUNDS][MSGLEN]; |
| unsigned char received[ROUNDS][MSGLEN]; |
| mbedtls_test_mock_socket client; |
| mbedtls_test_mock_socket server; |
| size_t written[ROUNDS]; |
| size_t read[ROUNDS]; |
| int send_ret[ROUNDS]; |
| int recv_ret[ROUNDS]; |
| unsigned i, j, progress; |
| mbedtls_ssl_send_t *send; |
| mbedtls_ssl_recv_t *recv; |
| |
| if (blocking == 0) { |
| send = mbedtls_test_mock_tcp_send_nb; |
| recv = mbedtls_test_mock_tcp_recv_nb; |
| } else { |
| send = mbedtls_test_mock_tcp_send_b; |
| recv = mbedtls_test_mock_tcp_recv_b; |
| } |
| |
| mbedtls_mock_socket_init(&client); |
| mbedtls_mock_socket_init(&server); |
| |
| /* Fill up the buffers with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < ROUNDS; i++) { |
| for (j = 0; j < MSGLEN; j++) { |
| message[i][j] = (i * MSGLEN + j) & 0xFF; |
| } |
| } |
| |
| /* Make sure that sending a message takes a few iterations. */ |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| BUFLEN)); |
| |
| /* Send the message from both sides, interleaving. */ |
| progress = 1; |
| for (i = 0; i < ROUNDS; i++) { |
| written[i] = 0; |
| read[i] = 0; |
| } |
| /* This loop does not stop as long as there was a successful write or read |
| * of at least one byte on either side. */ |
| while (progress != 0) { |
| mbedtls_test_mock_socket *socket; |
| |
| for (i = 0; i < ROUNDS; i++) { |
| /* First sending is from the client */ |
| socket = (i % 2 == 0) ? (&client) : (&server); |
| |
| send_ret[i] = send(socket, message[i] + written[i], |
| MSGLEN - written[i]); |
| TEST_ASSERT(send_ret[i] >= 0); |
| TEST_ASSERT(send_ret[i] <= BUFLEN); |
| written[i] += send_ret[i]; |
| |
| /* If the buffer is full we can test blocking and non-blocking |
| * send */ |
| if (send_ret[i] == BUFLEN) { |
| int blocking_ret = send(socket, message[i], 1); |
| if (blocking) { |
| TEST_ASSERT(blocking_ret == 0); |
| } else { |
| TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); |
| } |
| } |
| } |
| |
| for (i = 0; i < ROUNDS; i++) { |
| /* First receiving is from the server */ |
| socket = (i % 2 == 0) ? (&server) : (&client); |
| |
| recv_ret[i] = recv(socket, received[i] + read[i], |
| MSGLEN - read[i]); |
| |
| /* The result depends on whether any data was sent */ |
| if (send_ret[i] > 0) { |
| TEST_ASSERT(recv_ret[i] > 0); |
| TEST_ASSERT(recv_ret[i] <= BUFLEN); |
| read[i] += recv_ret[i]; |
| } else if (blocking) { |
| TEST_ASSERT(recv_ret[i] == 0); |
| } else { |
| TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ); |
| recv_ret[i] = 0; |
| } |
| |
| /* If the buffer is empty we can test blocking and non-blocking |
| * read */ |
| if (recv_ret[i] == BUFLEN) { |
| int blocking_ret = recv(socket, received[i], 1); |
| if (blocking) { |
| TEST_ASSERT(blocking_ret == 0); |
| } else { |
| TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); |
| } |
| } |
| } |
| |
| progress = 0; |
| for (i = 0; i < ROUNDS; i++) { |
| progress += send_ret[i] + recv_ret[i]; |
| } |
| } |
| |
| for (i = 0; i < ROUNDS; i++) { |
| TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0); |
| } |
| |
| exit: |
| |
| mbedtls_test_mock_socket_close(&client); |
| mbedtls_test_mock_socket_close(&server); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_queue_sanity() |
| { |
| mbedtls_test_ssl_message_queue queue; |
| |
| /* Trying to push/pull to an empty queue */ |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) |
| == MBEDTLS_TEST_ERROR_ARG_NULL); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) |
| == MBEDTLS_TEST_ERROR_ARG_NULL); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); |
| TEST_ASSERT(queue.capacity == 3); |
| TEST_ASSERT(queue.num == 0); |
| |
| exit: |
| mbedtls_test_ssl_message_queue_free(&queue); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_queue_basic() |
| { |
| mbedtls_test_ssl_message_queue queue; |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); |
| |
| /* Sanity test - 3 pushes and 3 pops with sufficient space */ |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); |
| TEST_ASSERT(queue.capacity == 3); |
| TEST_ASSERT(queue.num == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); |
| TEST_ASSERT(queue.capacity == 3); |
| TEST_ASSERT(queue.num == 2); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); |
| TEST_ASSERT(queue.capacity == 3); |
| TEST_ASSERT(queue.num == 3); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); |
| |
| exit: |
| mbedtls_test_ssl_message_queue_free(&queue); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_queue_overflow_underflow() |
| { |
| mbedtls_test_ssl_message_queue queue; |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); |
| |
| /* 4 pushes (last one with an error), 4 pops (last one with an error) */ |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) |
| == MBEDTLS_ERR_SSL_WANT_WRITE); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) |
| == MBEDTLS_ERR_SSL_WANT_READ); |
| |
| exit: |
| mbedtls_test_ssl_message_queue_free(&queue); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_queue_interleaved() |
| { |
| mbedtls_test_ssl_message_queue queue; |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); |
| |
| /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops |
| * (to wrap around the buffer) */ |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); |
| |
| exit: |
| mbedtls_test_ssl_message_queue_free(&queue); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_queue_insufficient_buffer() |
| { |
| mbedtls_test_ssl_message_queue queue; |
| size_t message_len = 10; |
| size_t buffer_len = 5; |
| |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); |
| |
| /* Popping without a sufficient buffer */ |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) |
| == (int) message_len); |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) |
| == (int) buffer_len); |
| exit: |
| mbedtls_test_ssl_message_queue_free(&queue); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_uninitialized() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| /* Send with a NULL context */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) |
| == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) |
| == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 1, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 1, |
| &client, |
| &client_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MBEDTLS_TEST_ERROR_SEND_FAILED); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MBEDTLS_ERR_SSL_WANT_READ); |
| |
| /* Push directly to a queue to later simulate a disconnected behavior */ |
| TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, |
| MSGLEN) |
| == MSGLEN); |
| |
| /* Test if there's an error when trying to read from a disconnected |
| * socket */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MBEDTLS_TEST_ERROR_RECV_FAILED); |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_basic() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 1, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 1, |
| &client, |
| &client_context) == 0); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| MSGLEN)); |
| |
| /* Send the message to the server */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) == MSGLEN); |
| |
| /* Read from the server */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| memset(received, 0, MSGLEN); |
| |
| /* Send the message to the client */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, |
| MSGLEN) |
| == MSGLEN); |
| |
| /* Read from the client */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, |
| MSGLEN) |
| == MSGLEN); |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_queue_overflow_underflow() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 2, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 2, |
| &client, |
| &client_context) == 0); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| MSGLEN*2)); |
| |
| /* Send three message to the server, last one with an error */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN - 1) |
| == MSGLEN - 1); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MBEDTLS_ERR_SSL_WANT_WRITE); |
| |
| /* Read three messages from the server, last one with an error */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN - 1) |
| == MSGLEN - 1); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MBEDTLS_ERR_SSL_WANT_READ); |
| |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_socket_overflow() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 2, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 2, |
| &client, |
| &client_context) == 0); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| MSGLEN)); |
| |
| /* Send two message to the server, second one with an error */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MBEDTLS_TEST_ERROR_SEND_FAILED); |
| |
| /* Read the only message from the server */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_truncated() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 2, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 2, |
| &client, |
| &client_context) == 0); |
| |
| memset(received, 0, MSGLEN); |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| 2 * MSGLEN)); |
| |
| /* Send two messages to the server, the second one small enough to fit in the |
| * receiver's buffer. */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MSGLEN); |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN / 2) |
| == MSGLEN / 2); |
| /* Read a truncated message from the server */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN/2) |
| == MSGLEN/2); |
| |
| /* Test that the first half of the message is valid, and second one isn't */ |
| TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); |
| TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) |
| != 0); |
| memset(received, 0, MSGLEN); |
| |
| /* Read a full message from the server */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN/2) |
| == MSGLEN / 2); |
| |
| /* Test that the first half of the message is valid */ |
| TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); |
| |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_socket_read_error() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 1, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 1, |
| &client, |
| &client_context) == 0); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| MSGLEN)); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) |
| == MSGLEN); |
| |
| /* Force a read error by disconnecting the socket by hand */ |
| server.status = 0; |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MBEDTLS_TEST_ERROR_RECV_FAILED); |
| /* Return to a valid state */ |
| server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; |
| |
| memset(received, 0, sizeof(received)); |
| |
| /* Test that even though the server tried to read once disconnected, the |
| * continuity is preserved */ |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_interleaved_one_way() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 3, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 3, |
| &client, |
| &client_context) == 0); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| MSGLEN*3)); |
| |
| /* Interleaved test - [2 sends, 1 read] twice, and then two reads |
| * (to wrap around the buffer) */ |
| for (i = 0; i < 2; i++) { |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) == MSGLEN); |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| memset(received, 0, sizeof(received)); |
| } |
| |
| for (i = 0; i < 2; i++) { |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| } |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MBEDTLS_ERR_SSL_WANT_READ); |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_message_mock_interleaved_two_ways() |
| { |
| enum { MSGLEN = 10 }; |
| unsigned char message[MSGLEN], received[MSGLEN]; |
| mbedtls_test_mock_socket client, server; |
| unsigned i; |
| mbedtls_test_ssl_message_queue server_queue, client_queue; |
| mbedtls_test_message_socket_context server_context, client_context; |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, |
| &client_queue, 3, |
| &server, |
| &server_context) == 0); |
| |
| TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, |
| &server_queue, 3, |
| &client, |
| &client_context) == 0); |
| |
| /* Fill up the buffer with structured data so that unwanted changes |
| * can be detected */ |
| for (i = 0; i < MSGLEN; i++) { |
| message[i] = i & 0xFF; |
| } |
| TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, |
| MSGLEN*3)); |
| |
| /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads |
| * (to wrap around the buffer) both ways. */ |
| for (i = 0; i < 2; i++) { |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| memset(received, 0, sizeof(received)); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| |
| memset(received, 0, sizeof(received)); |
| } |
| |
| for (i = 0; i < 2; i++) { |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| memset(received, 0, sizeof(received)); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, |
| MSGLEN) == MSGLEN); |
| |
| TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); |
| memset(received, 0, sizeof(received)); |
| } |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, |
| MSGLEN) |
| == MBEDTLS_ERR_SSL_WANT_READ); |
| |
| TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, |
| MSGLEN) |
| == MBEDTLS_ERR_SSL_WANT_READ); |
| exit: |
| mbedtls_test_message_socket_close(&server_context); |
| mbedtls_test_message_socket_close(&client_context); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
| void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) |
| { |
| uint32_t len = 0; |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_config conf; |
| |
| mbedtls_ssl_init(&ssl); |
| mbedtls_ssl_config_init(&conf); |
| |
| TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, |
| MBEDTLS_SSL_IS_CLIENT, |
| MBEDTLS_SSL_TRANSPORT_DATAGRAM, |
| MBEDTLS_SSL_PRESET_DEFAULT) == 0); |
| TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); |
| |
| /* Read previous record numbers */ |
| for (len = 0; len < prevs->len; len += 6) { |
| memcpy(ssl.in_ctr + 2, prevs->x + len, 6); |
| mbedtls_ssl_dtls_replay_update(&ssl); |
| } |
| |
| /* Check new number */ |
| memcpy(ssl.in_ctr + 2, new->x, 6); |
| TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret); |
| |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ |
| void ssl_set_hostname_twice(char *hostname0, char *hostname1) |
| { |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_init(&ssl); |
| |
| TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0); |
| TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0); |
| |
| mbedtls_ssl_free(&ssl); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_crypt_record(int cipher_type, int hash_id, |
| int etm, int tag_mode, int ver, |
| int cid0_len, int cid1_len) |
| { |
| /* |
| * Test several record encryptions and decryptions |
| * with plenty of space before and after the data |
| * within the record buffer. |
| */ |
| |
| int ret; |
| int num_records = 16; |
| mbedtls_ssl_context ssl; /* ONLY for debugging */ |
| |
| mbedtls_ssl_transform t0, t1; |
| unsigned char *buf = NULL; |
| size_t const buflen = 512; |
| mbedtls_record rec, rec_backup; |
| |
| USE_PSA_INIT(); |
| |
| mbedtls_ssl_init(&ssl); |
| mbedtls_ssl_transform_init(&t0); |
| mbedtls_ssl_transform_init(&t1); |
| ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, |
| etm, tag_mode, ver, |
| (size_t) cid0_len, |
| (size_t) cid1_len); |
| |
| TEST_ASSERT(ret == 0); |
| |
| TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); |
| |
| while (num_records-- > 0) { |
| mbedtls_ssl_transform *t_dec, *t_enc; |
| /* Take turns in who's sending and who's receiving. */ |
| if (num_records % 3 == 0) { |
| t_dec = &t0; |
| t_enc = &t1; |
| } else { |
| t_dec = &t1; |
| t_enc = &t0; |
| } |
| |
| /* |
| * The record header affects the transformation in two ways: |
| * 1) It determines the AEAD additional data |
| * 2) The record counter sometimes determines the IV. |
| * |
| * Apart from that, the fields don't have influence. |
| * In particular, it is currently not the responsibility |
| * of ssl_encrypt/decrypt_buf to check if the transform |
| * version matches the record version, or that the |
| * type is sensible. |
| */ |
| |
| memset(rec.ctr, num_records, sizeof(rec.ctr)); |
| rec.type = 42; |
| rec.ver[0] = num_records; |
| rec.ver[1] = num_records; |
| #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| rec.cid_len = 0; |
| #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| |
| rec.buf = buf; |
| rec.buf_len = buflen; |
| rec.data_offset = 16; |
| /* Make sure to vary the length to exercise different |
| * paddings. */ |
| rec.data_len = 1 + num_records; |
| |
| memset(rec.buf + rec.data_offset, 42, rec.data_len); |
| |
| /* Make a copy for later comparison */ |
| rec_backup = rec; |
| |
| /* Encrypt record */ |
| ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, |
| mbedtls_test_rnd_std_rand, NULL); |
| TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| if (ret != 0) { |
| continue; |
| } |
| |
| #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| if (rec.cid_len != 0) { |
| /* DTLS 1.2 + CID hides the real content type and |
| * uses a special CID content type in the protected |
| * record. Double-check this. */ |
| TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); |
| } |
| #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| /* TLS 1.3 hides the real content type and |
| * always uses Application Data as the content type |
| * for protected records. Double-check this. */ |
| TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); |
| } |
| #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| |
| /* Decrypt record with t_dec */ |
| ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); |
| TEST_ASSERT(ret == 0); |
| |
| /* Compare results */ |
| TEST_ASSERT(rec.type == rec_backup.type); |
| TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); |
| TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); |
| TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); |
| TEST_ASSERT(rec.data_len == rec_backup.data_len); |
| TEST_ASSERT(rec.data_offset == rec_backup.data_offset); |
| TEST_ASSERT(memcmp(rec.buf + rec.data_offset, |
| rec_backup.buf + rec_backup.data_offset, |
| rec.data_len) == 0); |
| } |
| |
| exit: |
| |
| /* Cleanup */ |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_transform_free(&t0); |
| mbedtls_ssl_transform_free(&t1); |
| |
| mbedtls_free(buf); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_crypt_record_small(int cipher_type, int hash_id, |
| int etm, int tag_mode, int ver, |
| int cid0_len, int cid1_len) |
| { |
| /* |
| * Test pairs of encryption and decryption with an increasing |
| * amount of space in the record buffer - in more detail: |
| * 1) Try to encrypt with 0, 1, 2, ... bytes available |
| * in front of the plaintext, and expect the encryption |
| * to succeed starting from some offset. Always keep |
| * enough space in the end of the buffer. |
| * 2) Try to encrypt with 0, 1, 2, ... bytes available |
| * at the end of the plaintext, and expect the encryption |
| * to succeed starting from some offset. Always keep |
| * enough space at the beginning of the buffer. |
| * 3) Try to encrypt with 0, 1, 2, ... bytes available |
| * both at the front and end of the plaintext, |
| * and expect the encryption to succeed starting from |
| * some offset. |
| * |
| * If encryption succeeds, check that decryption succeeds |
| * and yields the original record. |
| */ |
| |
| mbedtls_ssl_context ssl; /* ONLY for debugging */ |
| |
| mbedtls_ssl_transform t0, t1; |
| unsigned char *buf = NULL; |
| size_t const buflen = 256; |
| mbedtls_record rec, rec_backup; |
| |
| int ret; |
| int mode; /* Mode 1, 2 or 3 as explained above */ |
| size_t offset; /* Available space at beginning/end/both */ |
| size_t threshold = 96; /* Maximum offset to test against */ |
| |
| size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */ |
| size_t default_post_padding = 128; /* Post-padding to use in mode 1 */ |
| |
| int seen_success; /* Indicates if in the current mode we've |
| * already seen a successful test. */ |
| |
| USE_PSA_INIT(); |
| |
| mbedtls_ssl_init(&ssl); |
| mbedtls_ssl_transform_init(&t0); |
| mbedtls_ssl_transform_init(&t1); |
| ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, |
| etm, tag_mode, ver, |
| (size_t) cid0_len, |
| (size_t) cid1_len); |
| |
| TEST_ASSERT(ret == 0); |
| |
| TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); |
| |
| for (mode = 1; mode <= 3; mode++) { |
| seen_success = 0; |
| for (offset = 0; offset <= threshold; offset++) { |
| mbedtls_ssl_transform *t_dec, *t_enc; |
| t_dec = &t0; |
| t_enc = &t1; |
| |
| memset(rec.ctr, offset, sizeof(rec.ctr)); |
| rec.type = 42; |
| rec.ver[0] = offset; |
| rec.ver[1] = offset; |
| rec.buf = buf; |
| rec.buf_len = buflen; |
| #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| rec.cid_len = 0; |
| #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| |
| switch (mode) { |
| case 1: /* Space in the beginning */ |
| rec.data_offset = offset; |
| rec.data_len = buflen - offset - default_post_padding; |
| break; |
| |
| case 2: /* Space in the end */ |
| rec.data_offset = default_pre_padding; |
| rec.data_len = buflen - default_pre_padding - offset; |
| break; |
| |
| case 3: /* Space in the beginning and end */ |
| rec.data_offset = offset; |
| rec.data_len = buflen - 2 * offset; |
| break; |
| |
| default: |
| TEST_ASSERT(0); |
| break; |
| } |
| |
| memset(rec.buf + rec.data_offset, 42, rec.data_len); |
| |
| /* Make a copy for later comparison */ |
| rec_backup = rec; |
| |
| /* Encrypt record */ |
| ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, |
| mbedtls_test_rnd_std_rand, NULL); |
| |
| if ((mode == 1 || mode == 2) && seen_success) { |
| TEST_ASSERT(ret == 0); |
| } else { |
| TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| if (ret == 0) { |
| seen_success = 1; |
| } |
| } |
| |
| if (ret != 0) { |
| continue; |
| } |
| |
| #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| if (rec.cid_len != 0) { |
| /* DTLS 1.2 + CID hides the real content type and |
| * uses a special CID content type in the protected |
| * record. Double-check this. */ |
| TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); |
| } |
| #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| /* TLS 1.3 hides the real content type and |
| * always uses Application Data as the content type |
| * for protected records. Double-check this. */ |
| TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); |
| } |
| #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| |
| /* Decrypt record with t_dec */ |
| TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0); |
| |
| /* Compare results */ |
| TEST_ASSERT(rec.type == rec_backup.type); |
| TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); |
| TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); |
| TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); |
| TEST_ASSERT(rec.data_len == rec_backup.data_len); |
| TEST_ASSERT(rec.data_offset == rec_backup.data_offset); |
| TEST_ASSERT(memcmp(rec.buf + rec.data_offset, |
| rec_backup.buf + rec_backup.data_offset, |
| rec.data_len) == 0); |
| } |
| |
| TEST_ASSERT(seen_success == 1); |
| } |
| |
| exit: |
| |
| /* Cleanup */ |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_transform_free(&t0); |
| mbedtls_ssl_transform_free(&t1); |
| |
| mbedtls_free(buf); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ |
| void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, |
| int length_selector) |
| { |
| /* |
| * Test record decryption for CBC without EtM, focused on the verification |
| * of padding and MAC. |
| * |
| * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since |
| * the test framework doesn't support alternation in dependency statements, |
| * just depend on AES. |
| * |
| * The length_selector argument is interpreted as follows: |
| * - if it's -1, the plaintext length is 0 and minimal padding is applied |
| * - if it's -2, the plaintext length is 0 and maximal padding is applied |
| * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: |
| * it's the length of the rest of the padding, that is, excluding the |
| * byte that encodes the length. The minimal non-zero plaintext length |
| * that gives this padding_length is automatically selected. |
| */ |
| mbedtls_ssl_context ssl; /* ONLY for debugging */ |
| mbedtls_ssl_transform t0, t1; |
| mbedtls_record rec, rec_save; |
| unsigned char *buf = NULL, *buf_save = NULL; |
| size_t buflen, olen = 0; |
| size_t plaintext_len, block_size, i; |
| unsigned char padlen; /* excluding the padding_length byte */ |
| unsigned char add_data[13]; |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; |
| size_t sign_mac_length = 0; |
| unsigned char mac[PSA_HASH_MAX_SIZE]; |
| #else |
| unsigned char mac[MBEDTLS_MD_MAX_SIZE]; |
| #endif |
| int exp_ret; |
| int ret; |
| const unsigned char pad_max_len = 255; /* Per the standard */ |
| |
| USE_PSA_INIT(); |
| |
| mbedtls_ssl_init(&ssl); |
| mbedtls_ssl_transform_init(&t0); |
| mbedtls_ssl_transform_init(&t1); |
| |
| /* Set up transforms with dummy keys */ |
| ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, |
| 0, trunc_hmac, |
| MBEDTLS_SSL_VERSION_TLS1_2, |
| 0, 0); |
| |
| TEST_ASSERT(ret == 0); |
| |
| /* Determine padding/plaintext length */ |
| TEST_ASSERT(length_selector >= -2 && length_selector <= 255); |
| block_size = t0.ivlen; |
| if (length_selector < 0) { |
| plaintext_len = 0; |
| |
| /* Minimal padding |
| * The +1 is for the padding_length byte, not counted in padlen. */ |
| padlen = block_size - (t0.maclen + 1) % block_size; |
| |
| /* Maximal padding? */ |
| if (length_selector == -2) { |
| padlen += block_size * ((pad_max_len - padlen) / block_size); |
| } |
| } else { |
| padlen = length_selector; |
| |
| /* Minimal non-zero plaintext_length giving desired padding. |
| * The +1 is for the padding_length byte, not counted in padlen. */ |
| plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; |
| } |
| |
| /* Prepare a buffer for record data */ |
| buflen = block_size |
| + plaintext_len |
| + t0.maclen |
| + padlen + 1; |
| ASSERT_ALLOC(buf, buflen); |
| ASSERT_ALLOC(buf_save, buflen); |
| |
| /* Prepare a dummy record header */ |
| memset(rec.ctr, 0, sizeof(rec.ctr)); |
| rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
| mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, |
| MBEDTLS_SSL_VERSION_TLS1_2); |
| #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| rec.cid_len = 0; |
| #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| |
| /* Prepare dummy record content */ |
| rec.buf = buf; |
| rec.buf_len = buflen; |
| rec.data_offset = block_size; |
| rec.data_len = plaintext_len; |
| memset(rec.buf + rec.data_offset, 42, rec.data_len); |
| |
| /* Serialized version of record header for MAC purposes */ |
| memcpy(add_data, rec.ctr, 8); |
| add_data[8] = rec.type; |
| add_data[9] = rec.ver[0]; |
| add_data[10] = rec.ver[1]; |
| add_data[11] = (rec.data_len >> 8) & 0xff; |
| add_data[12] = (rec.data_len >> 0) & 0xff; |
| |
| /* Set dummy IV */ |
| memset(t0.iv_enc, 0x55, t0.ivlen); |
| memcpy(rec.buf, t0.iv_enc, t0.ivlen); |
| |
| /* |
| * Prepare a pre-encryption record (with MAC and padding), and save it. |
| */ |
| |
| /* MAC with additional data */ |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, |
| t0.psa_mac_enc, |
| t0.psa_mac_alg)); |
| TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); |
| TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, |
| rec.buf + rec.data_offset, |
| rec.data_len)); |
| TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, |
| mac, sizeof(mac), |
| &sign_mac_length)); |
| #else |
| TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13)); |
| TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, |
| rec.buf + rec.data_offset, |
| rec.data_len)); |
| TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac)); |
| #endif |
| |
| memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen); |
| rec.data_len += t0.maclen; |
| |
| /* Pad */ |
| memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); |
| rec.data_len += padlen + 1; |
| |
| /* Save correct pre-encryption record */ |
| rec_save = rec; |
| rec_save.buf = buf_save; |
| memcpy(buf_save, buf, buflen); |
| |
| /* |
| * Encrypt and decrypt the correct record, expecting success |
| */ |
| TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( |
| &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, |
| rec.data_len, rec.buf + rec.data_offset, &olen)); |
| rec.data_offset -= t0.ivlen; |
| rec.data_len += t0.ivlen; |
| |
| TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); |
| |
| /* |
| * Modify each byte of the pre-encryption record before encrypting and |
| * decrypting it, expecting failure every time. |
| */ |
| for (i = block_size; i < buflen; i++) { |
| mbedtls_test_set_step(i); |
| |
| /* Restore correct pre-encryption record */ |
| rec = rec_save; |
| rec.buf = buf; |
| memcpy(buf, buf_save, buflen); |
| |
| /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ |
| rec.buf[i] ^= 0x01; |
| |
| /* Encrypt */ |
| TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( |
| &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, |
| rec.data_len, rec.buf + rec.data_offset, &olen)); |
| rec.data_offset -= t0.ivlen; |
| rec.data_len += t0.ivlen; |
| |
| /* Decrypt and expect failure */ |
| TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, |
| mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); |
| } |
| |
| /* |
| * Use larger values of the padding bytes - with small buffers, this tests |
| * the case where the announced padlen would be larger than the buffer |
| * (and before that, than the buffer minus the size of the MAC), to make |
| * sure our padding checking code does not perform any out-of-bounds reads |
| * in this case. (With larger buffers, ie when the plaintext is long or |
| * maximal length padding is used, this is less relevant but still doesn't |
| * hurt to test.) |
| * |
| * (Start the loop with correct padding, just to double-check that record |
| * saving did work, and that we're overwriting the correct bytes.) |
| */ |
| for (i = padlen; i <= pad_max_len; i++) { |
| mbedtls_test_set_step(i); |
| |
| /* Restore correct pre-encryption record */ |
| rec = rec_save; |
| rec.buf = buf; |
| memcpy(buf, buf_save, buflen); |
| |
| /* Set padding bytes to new value */ |
| memset(buf + buflen - padlen - 1, i, padlen + 1); |
| |
| /* Encrypt */ |
| TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( |
| &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, |
| rec.data_len, rec.buf + rec.data_offset, &olen)); |
| rec.data_offset -= t0.ivlen; |
| rec.data_len += t0.ivlen; |
| |
| /* Decrypt and expect failure except the first time */ |
| exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; |
| TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); |
| } |
| |
| exit: |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_transform_free(&t0); |
| mbedtls_ssl_transform_free(&t1); |
| mbedtls_free(buf); |
| mbedtls_free(buf_save); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_hkdf_expand_label(int hash_alg, |
| data_t *secret, |
| int label_idx, |
| data_t *ctx, |
| int desired_length, |
| data_t *expected) |
| { |
| unsigned char dst[100]; |
| |
| unsigned char const *lbl = NULL; |
| size_t lbl_len; |
| #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ |
| if (label_idx == (int) tls13_label_ ## name) \ |
| { \ |
| lbl = mbedtls_ssl_tls13_labels.name; \ |
| lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ |
| } |
| MBEDTLS_SSL_TLS1_3_LABEL_LIST |
| #undef MBEDTLS_SSL_TLS1_3_LABEL |
| TEST_ASSERT(lbl != NULL); |
| |
| /* Check sanity of test parameters. */ |
| TEST_ASSERT((size_t) desired_length <= sizeof(dst)); |
| TEST_ASSERT((size_t) desired_length == expected->len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_hkdf_expand_label( |
| (psa_algorithm_t) hash_alg, |
| secret->x, secret->len, |
| lbl, lbl_len, |
| ctx->x, ctx->len, |
| dst, desired_length) == 0); |
| |
| ASSERT_COMPARE(dst, (size_t) desired_length, |
| expected->x, (size_t) expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_traffic_key_generation(int hash_alg, |
| data_t *server_secret, |
| data_t *client_secret, |
| int desired_iv_len, |
| int desired_key_len, |
| data_t *expected_server_write_key, |
| data_t *expected_server_write_iv, |
| data_t *expected_client_write_key, |
| data_t *expected_client_write_iv) |
| { |
| mbedtls_ssl_key_set keys; |
| |
| /* Check sanity of test parameters. */ |
| TEST_ASSERT(client_secret->len == server_secret->len); |
| TEST_ASSERT( |
| expected_client_write_iv->len == expected_server_write_iv->len && |
| expected_client_write_iv->len == (size_t) desired_iv_len); |
| TEST_ASSERT( |
| expected_client_write_key->len == expected_server_write_key->len && |
| expected_client_write_key->len == (size_t) desired_key_len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_make_traffic_keys( |
| (psa_algorithm_t) hash_alg, |
| client_secret->x, |
| server_secret->x, |
| client_secret->len /* == server_secret->len */, |
| desired_key_len, desired_iv_len, |
| &keys) == 0); |
| |
| ASSERT_COMPARE(keys.client_write_key, |
| keys.key_len, |
| expected_client_write_key->x, |
| (size_t) desired_key_len); |
| ASSERT_COMPARE(keys.server_write_key, |
| keys.key_len, |
| expected_server_write_key->x, |
| (size_t) desired_key_len); |
| ASSERT_COMPARE(keys.client_write_iv, |
| keys.iv_len, |
| expected_client_write_iv->x, |
| (size_t) desired_iv_len); |
| ASSERT_COMPARE(keys.server_write_iv, |
| keys.iv_len, |
| expected_server_write_iv->x, |
| (size_t) desired_iv_len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_derive_secret(int hash_alg, |
| data_t *secret, |
| int label_idx, |
| data_t *ctx, |
| int desired_length, |
| int already_hashed, |
| data_t *expected) |
| { |
| unsigned char dst[100]; |
| |
| unsigned char const *lbl = NULL; |
| size_t lbl_len; |
| #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ |
| if (label_idx == (int) tls13_label_ ## name) \ |
| { \ |
| lbl = mbedtls_ssl_tls13_labels.name; \ |
| lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ |
| } |
| MBEDTLS_SSL_TLS1_3_LABEL_LIST |
| #undef MBEDTLS_SSL_TLS1_3_LABEL |
| TEST_ASSERT(lbl != NULL); |
| |
| /* Check sanity of test parameters. */ |
| TEST_ASSERT((size_t) desired_length <= sizeof(dst)); |
| TEST_ASSERT((size_t) desired_length == expected->len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_derive_secret( |
| (psa_algorithm_t) hash_alg, |
| secret->x, secret->len, |
| lbl, lbl_len, |
| ctx->x, ctx->len, |
| already_hashed, |
| dst, desired_length) == 0); |
| |
| ASSERT_COMPARE(dst, desired_length, |
| expected->x, desired_length); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_derive_early_secrets(int hash_alg, |
| data_t *secret, |
| data_t *transcript, |
| data_t *traffic_expected, |
| data_t *exporter_expected) |
| { |
| mbedtls_ssl_tls13_early_secrets secrets; |
| |
| /* Double-check that we've passed sane parameters. */ |
| psa_algorithm_t alg = (psa_algorithm_t) hash_alg; |
| size_t const hash_len = PSA_HASH_LENGTH(alg); |
| TEST_ASSERT(PSA_ALG_IS_HASH(alg) && |
| secret->len == hash_len && |
| transcript->len == hash_len && |
| traffic_expected->len == hash_len && |
| exporter_expected->len == hash_len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_derive_early_secrets( |
| alg, secret->x, transcript->x, transcript->len, |
| &secrets) == 0); |
| |
| ASSERT_COMPARE(secrets.client_early_traffic_secret, hash_len, |
| traffic_expected->x, traffic_expected->len); |
| ASSERT_COMPARE(secrets.early_exporter_master_secret, hash_len, |
| exporter_expected->x, exporter_expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_derive_handshake_secrets(int hash_alg, |
| data_t *secret, |
| data_t *transcript, |
| data_t *client_expected, |
| data_t *server_expected) |
| { |
| mbedtls_ssl_tls13_handshake_secrets secrets; |
| |
| /* Double-check that we've passed sane parameters. */ |
| psa_algorithm_t alg = (psa_algorithm_t) hash_alg; |
| size_t const hash_len = PSA_HASH_LENGTH(alg); |
| TEST_ASSERT(PSA_ALG_IS_HASH(alg) && |
| secret->len == hash_len && |
| transcript->len == hash_len && |
| client_expected->len == hash_len && |
| server_expected->len == hash_len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_derive_handshake_secrets( |
| alg, secret->x, transcript->x, transcript->len, |
| &secrets) == 0); |
| |
| ASSERT_COMPARE(secrets.client_handshake_traffic_secret, hash_len, |
| client_expected->x, client_expected->len); |
| ASSERT_COMPARE(secrets.server_handshake_traffic_secret, hash_len, |
| server_expected->x, server_expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_derive_application_secrets(int hash_alg, |
| data_t *secret, |
| data_t *transcript, |
| data_t *client_expected, |
| data_t *server_expected, |
| data_t *exporter_expected) |
| { |
| mbedtls_ssl_tls13_application_secrets secrets; |
| |
| /* Double-check that we've passed sane parameters. */ |
| psa_algorithm_t alg = (psa_algorithm_t) hash_alg; |
| size_t const hash_len = PSA_HASH_LENGTH(alg); |
| TEST_ASSERT(PSA_ALG_IS_HASH(alg) && |
| secret->len == hash_len && |
| transcript->len == hash_len && |
| client_expected->len == hash_len && |
| server_expected->len == hash_len && |
| exporter_expected->len == hash_len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_derive_application_secrets( |
| alg, secret->x, transcript->x, transcript->len, |
| &secrets) == 0); |
| |
| ASSERT_COMPARE(secrets.client_application_traffic_secret_N, hash_len, |
| client_expected->x, client_expected->len); |
| ASSERT_COMPARE(secrets.server_application_traffic_secret_N, hash_len, |
| server_expected->x, server_expected->len); |
| ASSERT_COMPARE(secrets.exporter_master_secret, hash_len, |
| exporter_expected->x, exporter_expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_derive_resumption_secrets(int hash_alg, |
| data_t *secret, |
| data_t *transcript, |
| data_t *resumption_expected) |
| { |
| mbedtls_ssl_tls13_application_secrets secrets; |
| |
| /* Double-check that we've passed sane parameters. */ |
| psa_algorithm_t alg = (psa_algorithm_t) hash_alg; |
| size_t const hash_len = PSA_HASH_LENGTH(alg); |
| TEST_ASSERT(PSA_ALG_IS_HASH(alg) && |
| secret->len == hash_len && |
| transcript->len == hash_len && |
| resumption_expected->len == hash_len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_derive_resumption_master_secret( |
| alg, secret->x, transcript->x, transcript->len, |
| &secrets) == 0); |
| |
| ASSERT_COMPARE(secrets.resumption_master_secret, hash_len, |
| resumption_expected->x, resumption_expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_create_psk_binder(int hash_alg, |
| data_t *psk, |
| int psk_type, |
| data_t *transcript, |
| data_t *binder_expected) |
| { |
| unsigned char binder[MBEDTLS_HASH_MAX_SIZE]; |
| |
| /* Double-check that we've passed sane parameters. */ |
| psa_algorithm_t alg = (psa_algorithm_t) hash_alg; |
| size_t const hash_len = PSA_HASH_LENGTH(alg); |
| TEST_ASSERT(PSA_ALG_IS_HASH(alg) && |
| transcript->len == hash_len && |
| binder_expected->len == hash_len); |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_create_psk_binder( |
| NULL, /* SSL context for debugging only */ |
| alg, |
| psk->x, psk->len, |
| psk_type, |
| transcript->x, |
| binder) == 0); |
| |
| ASSERT_COMPARE(binder, hash_len, |
| binder_expected->x, binder_expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void ssl_tls13_record_protection(int ciphersuite, |
| int endpoint, |
| int ctr, |
| int padding_used, |
| data_t *server_write_key, |
| data_t *server_write_iv, |
| data_t *client_write_key, |
| data_t *client_write_iv, |
| data_t *plaintext, |
| data_t *ciphertext) |
| { |
| mbedtls_ssl_key_set keys; |
| mbedtls_ssl_transform transform_send; |
| mbedtls_ssl_transform transform_recv; |
| mbedtls_record rec; |
| unsigned char *buf = NULL; |
| size_t buf_len; |
| int other_endpoint; |
| |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(endpoint == MBEDTLS_SSL_IS_CLIENT || |
| endpoint == MBEDTLS_SSL_IS_SERVER); |
| |
| if (endpoint == MBEDTLS_SSL_IS_SERVER) { |
| other_endpoint = MBEDTLS_SSL_IS_CLIENT; |
| } |
| if (endpoint == MBEDTLS_SSL_IS_CLIENT) { |
| other_endpoint = MBEDTLS_SSL_IS_SERVER; |
| } |
| |
| TEST_ASSERT(server_write_key->len == client_write_key->len); |
| TEST_ASSERT(server_write_iv->len == client_write_iv->len); |
| |
| memcpy(keys.client_write_key, |
| client_write_key->x, client_write_key->len); |
| memcpy(keys.client_write_iv, |
| client_write_iv->x, client_write_iv->len); |
| memcpy(keys.server_write_key, |
| server_write_key->x, server_write_key->len); |
| memcpy(keys.server_write_iv, |
| server_write_iv->x, server_write_iv->len); |
| |
| keys.key_len = server_write_key->len; |
| keys.iv_len = server_write_iv->len; |
| |
| mbedtls_ssl_transform_init(&transform_recv); |
| mbedtls_ssl_transform_init(&transform_send); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( |
| &transform_send, endpoint, |
| ciphersuite, &keys, NULL) == 0); |
| TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( |
| &transform_recv, other_endpoint, |
| ciphersuite, &keys, NULL) == 0); |
| |
| /* Make sure we have enough space in the buffer even if |
| * we use more padding than the KAT. */ |
| buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; |
| ASSERT_ALLOC(buf, buf_len); |
| rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
| |
| /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ |
| mbedtls_ssl_write_version(rec.ver, |
| MBEDTLS_SSL_TRANSPORT_STREAM, |
| MBEDTLS_SSL_VERSION_TLS1_2); |
| |
| /* Copy plaintext into record structure */ |
| rec.buf = buf; |
| rec.buf_len = buf_len; |
| rec.data_offset = 0; |
| TEST_ASSERT(plaintext->len <= ciphertext->len); |
| memcpy(rec.buf + rec.data_offset, plaintext->x, plaintext->len); |
| rec.data_len = plaintext->len; |
| #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| rec.cid_len = 0; |
| #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| |
| memset(&rec.ctr[0], 0, 8); |
| rec.ctr[7] = ctr; |
| |
| TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec, |
| NULL, NULL) == 0); |
| |
| if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { |
| ASSERT_COMPARE(rec.buf + rec.data_offset, rec.data_len, |
| ciphertext->x, ciphertext->len); |
| } |
| |
| TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); |
| ASSERT_COMPARE(rec.buf + rec.data_offset, rec.data_len, |
| plaintext->x, plaintext->len); |
| |
| mbedtls_free(buf); |
| mbedtls_ssl_transform_free(&transform_send); |
| mbedtls_ssl_transform_free(&transform_recv); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ |
| void ssl_tls13_key_evolution(int hash_alg, |
| data_t *secret, |
| data_t *input, |
| data_t *expected) |
| { |
| unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE]; |
| |
| PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls13_evolve_secret( |
| (psa_algorithm_t) hash_alg, |
| secret->len ? secret->x : NULL, |
| input->len ? input->x : NULL, input->len, |
| secret_new) == 0); |
| |
| ASSERT_COMPARE(secret_new, (size_t) expected->len, |
| expected->x, (size_t) expected->len); |
| |
| PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */ |
| void ssl_tls_prf(int type, data_t *secret, data_t *random, |
| char *label, data_t *result_str, int exp_ret) |
| { |
| unsigned char *output; |
| |
| output = mbedtls_calloc(1, result_str->len); |
| if (output == NULL) { |
| goto exit; |
| } |
| |
| USE_PSA_INIT(); |
| |
| TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len, |
| label, random->x, random->len, |
| output, result_str->len) == exp_ret); |
| |
| if (exp_ret == 0) { |
| TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, |
| result_str->len, result_str->len) == 0); |
| } |
| exit: |
| |
| mbedtls_free(output); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_serialize_session_save_load(int ticket_len, char *crt_file, |
| int endpoint_type, int tls_version) |
| { |
| mbedtls_ssl_session original, restored; |
| unsigned char *buf = NULL; |
| size_t len; |
| |
| /* |
| * Test that a save-load pair is the identity |
| */ |
| |
| mbedtls_ssl_session_init(&original); |
| mbedtls_ssl_session_init(&restored); |
| |
| /* Prepare a dummy session to work on */ |
| ((void) endpoint_type); |
| ((void) tls_version); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( |
| &original, 0, endpoint_type) == 0); |
| } else |
| #endif |
| { |
| TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( |
| &original, ticket_len, crt_file) == 0); |
| } |
| |
| /* Serialize it */ |
| TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) |
| == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL); |
| TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len) |
| == 0); |
| |
| /* Restore session from serialized data */ |
| TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0); |
| |
| /* |
| * Make sure both session structures are identical |
| */ |
| #if defined(MBEDTLS_HAVE_TIME) |
| TEST_ASSERT(original.start == restored.start); |
| #endif |
| TEST_ASSERT(original.tls_version == restored.tls_version); |
| TEST_ASSERT(original.ciphersuite == restored.ciphersuite); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { |
| TEST_ASSERT(original.id_len == restored.id_len); |
| TEST_ASSERT(memcmp(original.id, |
| restored.id, sizeof(original.id)) == 0); |
| TEST_ASSERT(memcmp(original.master, |
| restored.master, sizeof(original.master)) == 0); |
| |
| #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) |
| #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) |
| TEST_ASSERT((original.peer_cert == NULL) == |
| (restored.peer_cert == NULL)); |
| if (original.peer_cert != NULL) { |
| TEST_ASSERT(original.peer_cert->raw.len == |
| restored.peer_cert->raw.len); |
| TEST_ASSERT(memcmp(original.peer_cert->raw.p, |
| restored.peer_cert->raw.p, |
| original.peer_cert->raw.len) == 0); |
| } |
| #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ |
| TEST_ASSERT(original.peer_cert_digest_type == |
| restored.peer_cert_digest_type); |
| TEST_ASSERT(original.peer_cert_digest_len == |
| restored.peer_cert_digest_len); |
| TEST_ASSERT((original.peer_cert_digest == NULL) == |
| (restored.peer_cert_digest == NULL)); |
| if (original.peer_cert_digest != NULL) { |
| TEST_ASSERT(memcmp(original.peer_cert_digest, |
| restored.peer_cert_digest, |
| original.peer_cert_digest_len) == 0); |
| } |
| #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ |
| #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ |
| TEST_ASSERT(original.verify_result == restored.verify_result); |
| |
| #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| TEST_ASSERT(original.mfl_code == restored.mfl_code); |
| #endif |
| |
| #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac); |
| #endif |
| #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
| TEST_ASSERT(original.ticket_len == restored.ticket_len); |
| if (original.ticket_len != 0) { |
| TEST_ASSERT(original.ticket != NULL); |
| TEST_ASSERT(restored.ticket != NULL); |
| TEST_ASSERT(memcmp(original.ticket, |
| restored.ticket, original.ticket_len) == 0); |
| } |
| TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); |
| #endif |
| } |
| #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| TEST_ASSERT(original.endpoint == restored.endpoint); |
| TEST_ASSERT(original.ciphersuite == restored.ciphersuite); |
| TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); |
| TEST_ASSERT(original.ticket_flags == restored.ticket_flags); |
| TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len); |
| if (original.resumption_key_len != 0) { |
| TEST_ASSERT(original.resumption_key != NULL); |
| TEST_ASSERT(restored.resumption_key != NULL); |
| TEST_ASSERT(memcmp(original.resumption_key, |
| restored.resumption_key, |
| original.resumption_key_len) == 0); |
| } |
| #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) |
| if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { |
| TEST_ASSERT(original.start == restored.start); |
| } |
| #endif |
| #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
| if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { |
| #if defined(MBEDTLS_HAVE_TIME) |
| TEST_ASSERT(original.ticket_received == restored.ticket_received); |
| #endif |
| TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); |
| TEST_ASSERT(original.ticket_len == restored.ticket_len); |
| if (original.ticket_len != 0) { |
| TEST_ASSERT(original.ticket != NULL); |
| TEST_ASSERT(restored.ticket != NULL); |
| TEST_ASSERT(memcmp(original.ticket, |
| restored.ticket, |
| original.ticket_len) == 0); |
| } |
| |
| } |
| #endif |
| } |
| #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| |
| exit: |
| mbedtls_ssl_session_free(&original); |
| mbedtls_ssl_session_free(&restored); |
| mbedtls_free(buf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_serialize_session_load_save(int ticket_len, char *crt_file, |
| int endpoint_type, int tls_version) |
| { |
| mbedtls_ssl_session session; |
| unsigned char *buf1 = NULL, *buf2 = NULL; |
| size_t len0, len1, len2; |
| |
| /* |
| * Test that a load-save pair is the identity |
| */ |
| |
| mbedtls_ssl_session_init(&session); |
| |
| /* Prepare a dummy session to work on */ |
| ((void) endpoint_type); |
| ((void) tls_version); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( |
| &session, 0, endpoint_type) == 0); |
| } else |
| #endif |
| { |
| TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( |
| &session, ticket_len, crt_file) == 0); |
| } |
| |
| /* Get desired buffer size for serializing */ |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) |
| == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| |
| /* Allocate first buffer */ |
| buf1 = mbedtls_calloc(1, len0); |
| TEST_ASSERT(buf1 != NULL); |
| |
| /* Serialize to buffer and free live session */ |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1) |
| == 0); |
| TEST_ASSERT(len0 == len1); |
| mbedtls_ssl_session_free(&session); |
| |
| /* Restore session from serialized data */ |
| TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0); |
| |
| /* Allocate second buffer and serialize to it */ |
| buf2 = mbedtls_calloc(1, len0); |
| TEST_ASSERT(buf2 != NULL); |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2) |
| == 0); |
| |
| /* Make sure both serialized versions are identical */ |
| TEST_ASSERT(len1 == len2); |
| TEST_ASSERT(memcmp(buf1, buf2, len1) == 0); |
| |
| exit: |
| mbedtls_ssl_session_free(&session); |
| mbedtls_free(buf1); |
| mbedtls_free(buf2); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, |
| int endpoint_type, int tls_version) |
| { |
| mbedtls_ssl_session session; |
| unsigned char *buf = NULL; |
| size_t good_len, bad_len, test_len; |
| |
| /* |
| * Test that session_save() fails cleanly on small buffers |
| */ |
| |
| mbedtls_ssl_session_init(&session); |
| |
| /* Prepare dummy session and get serialized size */ |
| ((void) endpoint_type); |
| ((void) tls_version); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( |
| &session, 0, endpoint_type) == 0); |
| } else |
| #endif |
| { |
| TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( |
| &session, ticket_len, crt_file) == 0); |
| } |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) |
| == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| |
| /* Try all possible bad lengths */ |
| for (bad_len = 1; bad_len < good_len; bad_len++) { |
| /* Allocate exact size so that asan/valgrind can detect any overwrite */ |
| mbedtls_free(buf); |
| TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL); |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len, |
| &test_len) |
| == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| TEST_ASSERT(test_len == good_len); |
| } |
| |
| exit: |
| mbedtls_ssl_session_free(&session); |
| mbedtls_free(buf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, |
| int endpoint_type, int tls_version) |
| { |
| mbedtls_ssl_session session; |
| unsigned char *good_buf = NULL, *bad_buf = NULL; |
| size_t good_len, bad_len; |
| |
| /* |
| * Test that session_load() fails cleanly on small buffers |
| */ |
| |
| mbedtls_ssl_session_init(&session); |
| |
| /* Prepare serialized session data */ |
| ((void) endpoint_type); |
| ((void) tls_version); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( |
| &session, 0, endpoint_type) == 0); |
| } else |
| #endif |
| { |
| TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( |
| &session, ticket_len, crt_file) == 0); |
| } |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) |
| == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); |
| TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL); |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len, |
| &good_len) == 0); |
| mbedtls_ssl_session_free(&session); |
| |
| /* Try all possible bad lengths */ |
| for (bad_len = 0; bad_len < good_len; bad_len++) { |
| /* Allocate exact size so that asan/valgrind can detect any overread */ |
| mbedtls_free(bad_buf); |
| bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1); |
| TEST_ASSERT(bad_buf != NULL); |
| memcpy(bad_buf, good_buf, bad_len); |
| |
| TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len) |
| == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| } |
| |
| exit: |
| mbedtls_ssl_session_free(&session); |
| mbedtls_free(good_buf); |
| mbedtls_free(bad_buf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void ssl_session_serialize_version_check(int corrupt_major, |
| int corrupt_minor, |
| int corrupt_patch, |
| int corrupt_config, |
| int endpoint_type, |
| int tls_version) |
| { |
| unsigned char serialized_session[2048]; |
| size_t serialized_session_len; |
| unsigned cur_byte; |
| mbedtls_ssl_session session; |
| uint8_t should_corrupt_byte[] = { corrupt_major == 1, |
| corrupt_minor == 1, |
| corrupt_patch == 1, |
| corrupt_config == 1, |
| corrupt_config == 1 }; |
| |
| mbedtls_ssl_session_init(&session); |
| ((void) endpoint_type); |
| ((void) tls_version); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { |
| TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( |
| &session, 0, endpoint_type) == 0); |
| } else |
| #endif |
| TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( |
| &session, 0, NULL) == 0); |
| |
| |
| /* Infer length of serialized session. */ |
| TEST_ASSERT(mbedtls_ssl_session_save(&session, |
| serialized_session, |
| sizeof(serialized_session), |
| &serialized_session_len) == 0); |
| |
| mbedtls_ssl_session_free(&session); |
| |
| /* Without any modification, we should be able to successfully |
| * de-serialize the session - double-check that. */ |
| TEST_ASSERT(mbedtls_ssl_session_load(&session, |
| serialized_session, |
| serialized_session_len) == 0); |
| mbedtls_ssl_session_free(&session); |
| |
| /* Go through the bytes in the serialized session header and |
| * corrupt them bit-by-bit. */ |
| for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) { |
| int cur_bit; |
| unsigned char * const byte = &serialized_session[cur_byte]; |
| |
| if (should_corrupt_byte[cur_byte] == 0) { |
| continue; |
| } |
| |
| for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) { |
| unsigned char const corrupted_bit = 0x1u << cur_bit; |
| /* Modify a single bit in the serialized session. */ |
| *byte ^= corrupted_bit; |
| |
| /* Attempt to deserialize */ |
| TEST_ASSERT(mbedtls_ssl_session_load(&session, |
| serialized_session, |
| serialized_session_len) == |
| MBEDTLS_ERR_SSL_VERSION_MISMATCH); |
| |
| /* Undo the change */ |
| *byte ^= corrupted_bit; |
| } |
| } |
| |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void mbedtls_endpoint_sanity(int endpoint_type) |
| { |
| enum { BUFFSIZE = 1024 }; |
| mbedtls_test_ssl_endpoint ep; |
| int ret = -1; |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| options.pk_alg = MBEDTLS_PK_RSA; |
| |
| ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, |
| NULL, NULL, NULL, NULL); |
| TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); |
| |
| ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, |
| 0, 0, 0); |
| TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); |
| |
| ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, |
| NULL, NULL, NULL, NULL); |
| TEST_ASSERT(ret == 0); |
| |
| exit: |
| mbedtls_test_ssl_endpoint_free(&ep, NULL); |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */ |
| void move_handshake_to_state(int endpoint_type, int state, int need_pass) |
| { |
| enum { BUFFSIZE = 1024 }; |
| mbedtls_test_ssl_endpoint base_ep, second_ep; |
| int ret = -1; |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| options.pk_alg = MBEDTLS_PK_RSA; |
| |
| USE_PSA_INIT(); |
| mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); |
| mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); |
| |
| ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, |
| NULL, NULL, NULL, NULL); |
| TEST_ASSERT(ret == 0); |
| |
| ret = mbedtls_test_ssl_endpoint_init( |
| &second_ep, |
| (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? |
| MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, |
| &options, NULL, NULL, NULL, NULL); |
| |
| TEST_ASSERT(ret == 0); |
| |
| ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), |
| &(second_ep.socket), |
| BUFFSIZE); |
| TEST_ASSERT(ret == 0); |
| |
| ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), |
| &(second_ep.ssl), |
| state); |
| if (need_pass) { |
| TEST_ASSERT(ret == 0 || |
| ret == MBEDTLS_ERR_SSL_WANT_READ || |
| ret == MBEDTLS_ERR_SSL_WANT_WRITE); |
| TEST_ASSERT(base_ep.ssl.state == state); |
| } else { |
| TEST_ASSERT(ret != 0 && |
| ret != MBEDTLS_ERR_SSL_WANT_READ && |
| ret != MBEDTLS_ERR_SSL_WANT_WRITE); |
| TEST_ASSERT(base_ep.ssl.state != state); |
| } |
| |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| mbedtls_test_ssl_endpoint_free(&base_ep, NULL); |
| mbedtls_test_ssl_endpoint_free(&second_ep, NULL); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void handshake_version(int dtls, int client_min_version, int client_max_version, |
| int server_min_version, int server_max_version, |
| int expected_negotiated_version) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.client_min_version = client_min_version; |
| options.client_max_version = client_max_version; |
| options.server_min_version = server_min_version; |
| options.server_max_version = server_max_version; |
| options.expected_negotiated_version = expected_negotiated_version; |
| |
| options.dtls = dtls; |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.cipher = cipher; |
| options.dtls = dtls; |
| options.psk_str = psk_str; |
| options.pk_alg = pk_alg; |
| |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void handshake_cipher(char *cipher, int pk_alg, int dtls) |
| { |
| test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, |
| int psa_alg, int psa_alg2, int psa_usage, |
| int expected_handshake_result, |
| int expected_ciphersuite) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.cipher = cipher; |
| options.psk_str = psk_str; |
| options.pk_alg = pk_alg; |
| options.opaque_alg = psa_alg; |
| options.opaque_alg2 = psa_alg2; |
| options.opaque_usage = psa_usage; |
| options.expected_handshake_result = expected_handshake_result; |
| options.expected_ciphersuite = expected_ciphersuite; |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void app_data(int mfl, int cli_msg_len, int srv_msg_len, |
| int expected_cli_fragments, |
| int expected_srv_fragments, int dtls) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.mfl = mfl; |
| options.cli_msg_len = cli_msg_len; |
| options.srv_msg_len = srv_msg_len; |
| options.expected_cli_fragments = expected_cli_fragments; |
| options.expected_srv_fragments = expected_srv_fragments; |
| options.dtls = dtls; |
| #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; |
| #endif |
| |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, |
| int expected_cli_fragments, |
| int expected_srv_fragments) |
| { |
| test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, |
| expected_srv_fragments, 0); |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, |
| int expected_cli_fragments, |
| int expected_srv_fragments) |
| { |
| test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, |
| expected_srv_fragments, 1); |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void handshake_serialization() |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.serialize = 1; |
| options.dtls = 1; |
| mbedtls_test_ssl_perform_handshake(&options); |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ |
| void handshake_fragmentation(int mfl, |
| int expected_srv_hs_fragmentation, |
| int expected_cli_hs_fragmentation) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; |
| |
| srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; |
| srv_pattern.counter = 0; |
| cli_pattern.counter = 0; |
| |
| mbedtls_test_init_handshake_options(&options); |
| options.dtls = 1; |
| options.mfl = mfl; |
| /* Set cipher to one using CBC so that record splitting can be tested */ |
| options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; |
| options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; |
| options.srv_log_obj = &srv_pattern; |
| options.cli_log_obj = &cli_pattern; |
| options.srv_log_fun = mbedtls_test_ssl_log_analyzer; |
| options.cli_log_fun = mbedtls_test_ssl_log_analyzer; |
| |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* Test if the server received a fragmented handshake */ |
| if (expected_srv_hs_fragmentation) { |
| TEST_ASSERT(srv_pattern.counter >= 1); |
| } |
| /* Test if the client received a fragmented handshake */ |
| if (expected_cli_hs_fragmentation) { |
| TEST_ASSERT(cli_pattern.counter >= 1); |
| } |
| |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void renegotiation(int legacy_renegotiation) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.renegotiate = 1; |
| options.legacy_renegotiation = legacy_renegotiation; |
| options.dtls = 1; |
| |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, |
| int serialize, int dtls, char *cipher) |
| { |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.mfl = mfl; |
| options.cipher = cipher; |
| options.renegotiate = renegotiation; |
| options.legacy_renegotiation = legacy_renegotiation; |
| options.serialize = serialize; |
| options.dtls = dtls; |
| options.resize_buffers = 1; |
| |
| mbedtls_test_ssl_perform_handshake(&options); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| exit: |
| mbedtls_test_free_handshake_options(&options); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void resize_buffers_serialize_mfl(int mfl) |
| { |
| test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, |
| (char *) ""); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ |
| void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, |
| char *cipher) |
| { |
| test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); |
| |
| /* The goto below is used to avoid an "unused label" warning.*/ |
| goto exit; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ |
| void test_multiple_psks() |
| { |
| unsigned char psk0[10] = { 0 }; |
| unsigned char psk0_identity[] = { 'f', 'o', 'o' }; |
| |
| unsigned char psk1[10] = { 0 }; |
| unsigned char psk1_identity[] = { 'b', 'a', 'r' }; |
| |
| mbedtls_ssl_config conf; |
| |
| USE_PSA_INIT(); |
| mbedtls_ssl_config_init(&conf); |
| |
| TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, |
| psk0, sizeof(psk0), |
| psk0_identity, sizeof(psk0_identity)) == 0); |
| TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, |
| psk1, sizeof(psk1), |
| psk1_identity, sizeof(psk1_identity)) == |
| MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); |
| |
| exit: |
| |
| mbedtls_ssl_config_free(&conf); |
| |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */ |
| void test_multiple_psks_opaque(int mode) |
| { |
| /* |
| * Mode 0: Raw PSK, then opaque PSK |
| * Mode 1: Opaque PSK, then raw PSK |
| * Mode 2: 2x opaque PSK |
| */ |
| |
| unsigned char psk0_raw[10] = { 0 }; |
| unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' }; |
| |
| mbedtls_svc_key_id_t psk0_opaque = mbedtls_svc_key_id_make(0x1, (psa_key_id_t) 1); |
| |
| unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' }; |
| |
| unsigned char psk1_raw[10] = { 0 }; |
| unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' }; |
| |
| mbedtls_svc_key_id_t psk1_opaque = mbedtls_svc_key_id_make(0x1, (psa_key_id_t) 2); |
| |
| unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' }; |
| |
| mbedtls_ssl_config conf; |
| |
| USE_PSA_INIT(); |
| mbedtls_ssl_config_init(&conf); |
| |
| switch (mode) { |
| case 0: |
| |
| TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, |
| psk0_raw, sizeof(psk0_raw), |
| psk0_raw_identity, sizeof(psk0_raw_identity)) |
| == 0); |
| TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, |
| psk1_opaque, |
| psk1_opaque_identity, |
| sizeof(psk1_opaque_identity)) |
| == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); |
| break; |
| |
| case 1: |
| |
| TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, |
| psk0_opaque, |
| psk0_opaque_identity, |
| sizeof(psk0_opaque_identity)) |
| == 0); |
| TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, |
| psk1_raw, sizeof(psk1_raw), |
| psk1_raw_identity, sizeof(psk1_raw_identity)) |
| == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); |
| |
| break; |
| |
| case 2: |
| |
| TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, |
| psk0_opaque, |
| psk0_opaque_identity, |
| sizeof(psk0_opaque_identity)) |
| == 0); |
| TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, |
| psk1_opaque, |
| psk1_opaque_identity, |
| sizeof(psk1_opaque_identity)) |
| == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); |
| |
| break; |
| |
| default: |
| TEST_ASSERT(0); |
| break; |
| } |
| |
| exit: |
| |
| mbedtls_ssl_config_free(&conf); |
| USE_PSA_DONE(); |
| |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void conf_version(int endpoint, int transport, |
| int min_tls_version, int max_tls_version, |
| int expected_ssl_setup_result) |
| { |
| mbedtls_ssl_config conf; |
| mbedtls_ssl_context ssl; |
| |
| mbedtls_ssl_config_init(&conf); |
| mbedtls_ssl_init(&ssl); |
| |
| mbedtls_ssl_conf_endpoint(&conf, endpoint); |
| mbedtls_ssl_conf_transport(&conf, transport); |
| mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); |
| mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); |
| |
| TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); |
| |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ |
| void conf_curve() |
| { |
| |
| mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1, |
| MBEDTLS_ECP_DP_SECP224R1, |
| MBEDTLS_ECP_DP_SECP256R1, |
| MBEDTLS_ECP_DP_NONE }; |
| uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; |
| |
| mbedtls_ssl_config conf; |
| mbedtls_ssl_config_init(&conf); |
| #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); |
| mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); |
| #else |
| mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3); |
| mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3); |
| #endif |
| mbedtls_ssl_conf_curves(&conf, curve_list); |
| |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_init(&ssl); |
| TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); |
| |
| TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL); |
| TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL); |
| |
| TEST_EQUAL(ssl.handshake-> |
| group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], |
| MBEDTLS_SSL_IANA_TLS_GROUP_NONE); |
| |
| for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { |
| TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]); |
| } |
| |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ |
| void conf_group() |
| { |
| uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; |
| |
| mbedtls_ssl_config conf; |
| mbedtls_ssl_config_init(&conf); |
| |
| mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); |
| mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); |
| |
| mbedtls_ssl_conf_groups(&conf, iana_tls_group_list); |
| |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_init(&ssl); |
| TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); |
| |
| TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL); |
| |
| TEST_EQUAL(ssl.conf-> |
| group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], |
| MBEDTLS_SSL_IANA_TLS_GROUP_NONE); |
| |
| for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { |
| TEST_EQUAL(iana_tls_group_list[i], ssl.conf->group_list[i]); |
| } |
| |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ |
| void force_bad_session_id_len() |
| { |
| enum { BUFFSIZE = 1024 }; |
| mbedtls_test_handshake_test_options options; |
| mbedtls_test_ssl_endpoint client, server; |
| mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; |
| mbedtls_test_message_socket_context server_context, client_context; |
| |
| srv_pattern.pattern = cli_pattern.pattern = "cache did not store session"; |
| srv_pattern.counter = 0; |
| mbedtls_test_init_handshake_options(&options); |
| |
| options.srv_log_obj = &srv_pattern; |
| options.srv_log_fun = mbedtls_test_ssl_log_analyzer; |
| |
| USE_PSA_INIT(); |
| mbedtls_platform_zeroize(&client, sizeof(client)); |
| mbedtls_platform_zeroize(&server, sizeof(server)); |
| |
| mbedtls_test_message_socket_init(&server_context); |
| mbedtls_test_message_socket_init(&client_context); |
| |
| TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, |
| &options, NULL, NULL, |
| NULL, NULL) == 0); |
| |
| TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, |
| &options, NULL, NULL, NULL, |
| NULL) == 0); |
| |
| mbedtls_debug_set_threshold(1); |
| mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, |
| options.srv_log_obj); |
| |
| TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), |
| &(server.socket), |
| BUFFSIZE) == 0); |
| |
| TEST_ASSERT(mbedtls_test_move_handshake_to_state( |
| &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP) |
| == 0); |
| /* Force a bad session_id_len that will be read by the server in |
| * mbedtls_ssl_cache_set. */ |
| server.ssl.session_negotiate->id_len = 33; |
| if (options.cli_msg_len != 0 || options.srv_msg_len != 0) { |
| /* Start data exchanging test */ |
| TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options.cli_msg_len, |
| options.expected_cli_fragments, |
| &(server.ssl), options.srv_msg_len, |
| options.expected_srv_fragments) |
| == 0); |
| } |
| |
| /* Make sure that the cache did not store the session */ |
| TEST_EQUAL(srv_pattern.counter, 1); |
| exit: |
| mbedtls_test_ssl_endpoint_free(&client, NULL); |
| mbedtls_test_ssl_endpoint_free(&server, NULL); |
| mbedtls_test_free_handshake_options(&options); |
| mbedtls_debug_set_threshold(0); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */ |
| void cookie_parsing(data_t *cookie, int exp_ret) |
| { |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_config conf; |
| size_t len; |
| |
| mbedtls_ssl_init(&ssl); |
| mbedtls_ssl_config_init(&conf); |
| TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, |
| MBEDTLS_SSL_TRANSPORT_DATAGRAM, |
| MBEDTLS_SSL_PRESET_DEFAULT), |
| 0); |
| |
| TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); |
| TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, |
| ssl.cli_id_len, |
| cookie->x, cookie->len, |
| ssl.out_buf, |
| MBEDTLS_SSL_OUT_CONTENT_LEN, |
| &len), |
| exp_ret); |
| |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */ |
| void timing_final_delay_accessor() |
| { |
| mbedtls_timing_delay_context delay_context; |
| |
| mbedtls_timing_set_delay(&delay_context, 50, 100); |
| |
| TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| void cid_sanity() |
| { |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_config conf; |
| |
| unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; |
| unsigned char test_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; |
| int cid_enabled; |
| size_t own_cid_len; |
| |
| mbedtls_test_rnd_std_rand(NULL, own_cid, sizeof(own_cid)); |
| |
| mbedtls_ssl_init(&ssl); |
| mbedtls_ssl_config_init(&conf); |
| |
| TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, |
| MBEDTLS_SSL_IS_CLIENT, |
| MBEDTLS_SSL_TRANSPORT_STREAM, |
| MBEDTLS_SSL_PRESET_DEFAULT) |
| == 0); |
| |
| TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); |
| |
| /* Can't use CID functions with stream transport. */ |
| TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, |
| sizeof(own_cid)) |
| == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, |
| &own_cid_len) |
| == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, |
| MBEDTLS_SSL_IS_CLIENT, |
| MBEDTLS_SSL_TRANSPORT_DATAGRAM, |
| MBEDTLS_SSL_PRESET_DEFAULT) |
| == 0); |
| |
| /* Attempt to set config cid size too big. */ |
| TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, |
| MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) |
| == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), |
| MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) |
| == 0); |
| |
| /* Attempt to set CID length not matching config. */ |
| TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, |
| MBEDTLS_SSL_CID_IN_LEN_MAX - 1) |
| == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| |
| TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, |
| sizeof(own_cid)) |
| == 0); |
| |
| /* Test we get back what we put in. */ |
| TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, |
| &own_cid_len) |
| == 0); |
| |
| TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); |
| ASSERT_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); |
| |
| /* Test disabling works. */ |
| TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, |
| 0) |
| == 0); |
| |
| TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, |
| &own_cid_len) |
| == 0); |
| |
| TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED); |
| |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PK_CAN_ECDSA_SOME */ |
| void raw_key_agreement_fail(int bad_server_ecdhe_key) |
| { |
| enum { BUFFSIZE = 17000 }; |
| mbedtls_test_ssl_endpoint client, server; |
| mbedtls_psa_stats_t stats; |
| size_t free_slots_before = -1; |
| mbedtls_test_handshake_test_options options; |
| |
| uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, |
| MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; |
| USE_PSA_INIT(); |
| mbedtls_platform_zeroize(&client, sizeof(client)); |
| mbedtls_platform_zeroize(&server, sizeof(server)); |
| |
| mbedtls_test_init_handshake_options(&options); |
| options.pk_alg = MBEDTLS_PK_ECDSA; |
| |
| /* Client side, force SECP256R1 to make one key bitflip fail |
| * the raw key agreement. Flipping the first byte makes the |
| * required 0x04 identifier invalid. */ |
| TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, |
| &options, NULL, NULL, |
| NULL, iana_tls_group_list), 0); |
| |
| /* Server side */ |
| TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, |
| &options, NULL, NULL, |
| NULL, NULL), 0); |
| |
| TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), |
| &(server.socket), |
| BUFFSIZE), 0); |
| |
| TEST_EQUAL(mbedtls_test_move_handshake_to_state( |
| &(client.ssl), &(server.ssl), |
| MBEDTLS_SSL_CLIENT_KEY_EXCHANGE), 0); |
| |
| mbedtls_psa_get_stats(&stats); |
| /* Save the number of slots in use up to this point. |
| * With PSA, one can be used for the ECDH private key. */ |
| free_slots_before = stats.empty_slots; |
| |
| if (bad_server_ecdhe_key) { |
| /* Force a simulated bitflip in the server key. to make the |
| * raw key agreement in ssl_write_client_key_exchange fail. */ |
| (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; |
| } |
| |
| TEST_EQUAL(mbedtls_test_move_handshake_to_state( |
| &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), |
| bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); |
| |
| mbedtls_psa_get_stats(&stats); |
| |
| /* Make sure that the key slot is already destroyed in case of failure, |
| * without waiting to close the connection. */ |
| if (bad_server_ecdhe_key) { |
| TEST_EQUAL(free_slots_before, stats.empty_slots); |
| } |
| |
| exit: |
| mbedtls_test_ssl_endpoint_free(&client, NULL); |
| mbedtls_test_ssl_endpoint_free(&server, NULL); |
| mbedtls_test_free_handshake_options(&options); |
| |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ |
| void tls13_server_certificate_msg_invalid_vector_len() |
| { |
| int ret = -1; |
| mbedtls_test_ssl_endpoint client_ep, server_ep; |
| unsigned char *buf, *end; |
| size_t buf_len; |
| int step = 0; |
| int expected_result; |
| mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args; |
| mbedtls_test_handshake_test_options client_options; |
| mbedtls_test_handshake_test_options server_options; |
| |
| /* |
| * Test set-up |
| */ |
| USE_PSA_INIT(); |
| mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); |
| mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); |
| |
| mbedtls_test_init_handshake_options(&client_options); |
| client_options.pk_alg = MBEDTLS_PK_ECDSA; |
| ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, |
| &client_options, NULL, NULL, NULL, |
| NULL); |
| TEST_EQUAL(ret, 0); |
| |
| mbedtls_test_init_handshake_options(&server_options); |
| server_options.pk_alg = MBEDTLS_PK_ECDSA; |
| ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, |
| &server_options, NULL, NULL, NULL, |
| NULL); |
| TEST_EQUAL(ret, 0); |
| |
| ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), |
| &(server_ep.socket), 1024); |
| TEST_EQUAL(ret, 0); |
| |
| while (1) { |
| mbedtls_test_set_step(++step); |
| |
| ret = mbedtls_test_move_handshake_to_state( |
| &(server_ep.ssl), &(client_ep.ssl), |
| MBEDTLS_SSL_CERTIFICATE_VERIFY); |
| TEST_EQUAL(ret, 0); |
| |
| ret = mbedtls_ssl_flush_output(&(server_ep.ssl)); |
| TEST_EQUAL(ret, 0); |
| |
| ret = mbedtls_test_move_handshake_to_state( |
| &(client_ep.ssl), &(server_ep.ssl), |
| MBEDTLS_SSL_SERVER_CERTIFICATE); |
| TEST_EQUAL(ret, 0); |
| |
| ret = mbedtls_ssl_tls13_fetch_handshake_msg(&(client_ep.ssl), |
| MBEDTLS_SSL_HS_CERTIFICATE, |
| &buf, &buf_len); |
| TEST_EQUAL(ret, 0); |
| |
| end = buf + buf_len; |
| |
| /* |
| * Tweak server Certificate message and parse it. |
| */ |
| |
| ret = tweak_tls13_certificate_msg_vector_len( |
| buf, &end, step, &expected_result, &expected_chk_buf_ptr_args); |
| |
| if (ret != 0) { |
| break; |
| } |
| |
| ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end); |
| TEST_EQUAL(ret, expected_result); |
| |
| TEST_ASSERT(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( |
| &expected_chk_buf_ptr_args) == 0); |
| |
| mbedtls_ssl_reset_chk_buf_ptr_fail_args(); |
| |
| ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); |
| TEST_EQUAL(ret, 0); |
| |
| ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); |
| TEST_EQUAL(ret, 0); |
| } |
| |
| exit: |
| mbedtls_ssl_reset_chk_buf_ptr_fail_args(); |
| mbedtls_test_ssl_endpoint_free(&client_ep, NULL); |
| mbedtls_test_ssl_endpoint_free(&server_ep, NULL); |
| mbedtls_test_free_handshake_options(&client_options); |
| mbedtls_test_free_handshake_options(&server_options); |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| void ssl_ecjpake_set_password(int use_opaque_arg) |
| { |
| mbedtls_ssl_context ssl; |
| mbedtls_ssl_config conf; |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT; |
| #else /* MBEDTLS_USE_PSA_CRYPTO */ |
| (void) use_opaque_arg; |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = ""; |
| size_t pwd_len = 0; |
| int ret; |
| |
| USE_PSA_INIT(); |
| |
| mbedtls_ssl_init(&ssl); |
| |
| /* test with uninitalized SSL context */ |
| ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| |
| mbedtls_ssl_config_init(&conf); |
| |
| TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, |
| MBEDTLS_SSL_IS_CLIENT, |
| MBEDTLS_SSL_TRANSPORT_STREAM, |
| MBEDTLS_SSL_PRESET_DEFAULT), 0); |
| |
| TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); |
| |
| /* test with empty password or unitialized password key (depending on use_opaque_arg) */ |
| ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA); |
| |
| pwd_len = strlen(ECJPAKE_TEST_PWD); |
| memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| if (use_opaque_arg) { |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; |
| |
| /* First try with an invalid usage */ |
| psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); |
| psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); |
| psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); |
| |
| PSA_ASSERT(psa_import_key(&attributes, pwd_string, |
| pwd_len, &pwd_slot)); |
| |
| ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); |
| |
| /* check that the opaque key is still valid after failure */ |
| TEST_EQUAL(psa_get_key_attributes(pwd_slot, &check_attributes), |
| PSA_SUCCESS); |
| |
| psa_destroy_key(pwd_slot); |
| |
| /* Then set the correct usage */ |
| psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); |
| |
| PSA_ASSERT(psa_import_key(&attributes, pwd_string, |
| pwd_len, &pwd_slot)); |
| } |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| |
| /* final check which should work without errors */ |
| ECJPAKE_TEST_SET_PASSWORD(0); |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| if (use_opaque_arg) { |
| psa_destroy_key(pwd_slot); |
| } |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| mbedtls_ssl_free(&ssl); |
| mbedtls_ssl_config_free(&conf); |
| |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void elliptic_curve_get_properties() |
| { |
| psa_ecc_family_t psa_family; |
| size_t psa_bits; |
| |
| USE_PSA_INIT(); |
| |
| #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) |
| TEST_AVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); |
| #else |
| TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) |
| TEST_AVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); |
| #else |
| TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) |
| TEST_AVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); |
| #else |
| TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) |
| TEST_AVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384); |
| #else |
| TEST_UNAVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) |
| TEST_AVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); |
| #else |
| TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) |
| TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); |
| #else |
| TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) |
| TEST_AVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); |
| #else |
| TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) |
| TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); |
| #else |
| TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) |
| TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224); |
| #else |
| TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) |
| TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); |
| #else |
| TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) |
| TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); |
| #else |
| TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) |
| TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); |
| #else |
| TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); |
| #endif |
| #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) |
| TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448); |
| #else |
| TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448); |
| #endif |
| |
| USE_PSA_DONE(); |
| } |
| /* END_CASE */ |