tests: early data status: Add HRR scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 29ec9b3..2751e58 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -16,7 +16,7 @@
#define TEST_EARLY_DATA_ACCEPTED 0
#define TEST_EARLY_DATA_NO_INDICATION_SENT 1
#define TEST_EARLY_DATA_SERVER_REJECTS 2
-#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3
+#define TEST_EARLY_DATA_HRR 3
#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
@@ -3706,7 +3706,7 @@
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break;
- case TEST_EARLY_DATA_DISCARD_AFTER_HRR:
+ case TEST_EARLY_DATA_HRR:
mbedtls_debug_set_threshold(3);
server_pattern.pattern =
"EarlyData: Ignore application message before 2nd ClientHello";
@@ -3767,7 +3767,7 @@
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
- case TEST_EARLY_DATA_DISCARD_AFTER_HRR:
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(ret, 0);
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0);
TEST_EQUAL(server_pattern.counter, 1);
@@ -3797,6 +3797,11 @@
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
+ uint16_t group_list[3] = {
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+ };
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
@@ -3813,6 +3818,10 @@
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+ if (scenario == TEST_EARLY_DATA_HRR) {
+ client_options.group_list = group_list;
+ server_options.group_list = group_list;
+ }
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
&saved_session);
@@ -3833,6 +3842,10 @@
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break;
+ case TEST_EARLY_DATA_HRR:
+ server_options.group_list = group_list + 1;
+ break;
+
default:
TEST_FAIL("Unknown scenario.");
}
@@ -3888,6 +3901,16 @@
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
break;
+
+ case TEST_EARLY_DATA_HRR:
+ if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
+ TEST_EQUAL(client_ep.ssl.early_data_status,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
+ } else {
+ TEST_EQUAL(client_ep.ssl.early_data_status,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ }
+ break;
}
break;
@@ -3903,6 +3926,16 @@
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
+
+ case TEST_EARLY_DATA_HRR:
+ if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
+ TEST_EQUAL(client_ep.ssl.early_data_status,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
+ } else {
+ TEST_EQUAL(client_ep.ssl.early_data_status,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ }
+ break;
}
break;
@@ -3918,6 +3951,11 @@
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
+
+ case TEST_EARLY_DATA_HRR:
+ TEST_EQUAL(client_ep.ssl.early_data_status,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ break;
}
break;
@@ -3933,7 +3971,8 @@
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
- case TEST_EARLY_DATA_SERVER_REJECTS:
+ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;
@@ -3958,7 +3997,8 @@
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
- case TEST_EARLY_DATA_SERVER_REJECTS:
+ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;
@@ -3977,7 +4017,8 @@
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
- case TEST_EARLY_DATA_SERVER_REJECTS:
+ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;
@@ -3989,13 +4030,20 @@
TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT);
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
- case TEST_EARLY_DATA_SERVER_REJECTS:
+ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SENT);
break;
}
break;
+ case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
+ TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR);
+ TEST_EQUAL(client_ep.ssl.early_data_status,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ break;
+
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
switch (scenario) {
@@ -4004,7 +4052,8 @@
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
- case TEST_EARLY_DATA_SERVER_REJECTS:
+ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;
@@ -4026,7 +4075,8 @@
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break;
- case TEST_EARLY_DATA_SERVER_REJECTS:
+ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+ case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;