Add ALPN checking when accepting early data
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 2fe4997..67d97e4 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -17,6 +17,10 @@
#define TEST_EARLY_DATA_NO_INDICATION_SENT 1
#define TEST_EARLY_DATA_SERVER_REJECTS 2
#define TEST_EARLY_DATA_HRR 3
+#define TEST_EARLY_DATA_SAME_ALPN 4
+#define TEST_EARLY_DATA_DIFF_ALPN 5
+#define TEST_EARLY_DATA_NO_INITIAL_ALPN 6
+#define TEST_EARLY_DATA_NO_LATER_ALPN 7
#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
@@ -3728,6 +3732,19 @@
server_options.group_list = group_list;
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+#if defined(MBEDTLS_SSL_ALPN)
+ switch (scenario) {
+ case TEST_EARLY_DATA_SAME_ALPN:
+ case TEST_EARLY_DATA_DIFF_ALPN:
+ case TEST_EARLY_DATA_NO_LATER_ALPN:
+ client_options.alpn_list[0] = "ALPNExample";
+ client_options.alpn_list[1] = NULL;
+ server_options.alpn_list[0] = "ALPNExample";
+ server_options.alpn_list[1] = NULL;
+ break;
+ }
+#endif
+
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
&saved_session);
TEST_EQUAL(ret, 0);
@@ -3756,6 +3773,33 @@
"EarlyData: Ignore application message before 2nd ClientHello";
server_options.group_list = group_list + 1;
break;
+#if defined(MBEDTLS_SSL_ALPN)
+ case TEST_EARLY_DATA_SAME_ALPN:
+ client_options.alpn_list[0] = "ALPNExample";
+ client_options.alpn_list[1] = NULL;
+ server_options.alpn_list[0] = "ALPNExample";
+ server_options.alpn_list[1] = NULL;
+ break;
+ case TEST_EARLY_DATA_DIFF_ALPN:
+ case TEST_EARLY_DATA_NO_INITIAL_ALPN:
+ client_options.alpn_list[0] = "ALPNExample2";
+ client_options.alpn_list[1] = NULL;
+ server_options.alpn_list[0] = "ALPNExample2";
+ server_options.alpn_list[1] = NULL;
+ mbedtls_debug_set_threshold(3);
+ server_pattern.pattern =
+ "EarlyData: rejected, the selected ALPN is different "
+ "from the one associated with the pre-shared key.";
+ break;
+ case TEST_EARLY_DATA_NO_LATER_ALPN:
+ client_options.alpn_list[0] = NULL;
+ server_options.alpn_list[0] = NULL;
+ mbedtls_debug_set_threshold(3);
+ server_pattern.pattern =
+ "EarlyData: rejected, the selected ALPN is different "
+ "from the one associated with the pre-shared key.";
+ break;
+#endif
default:
TEST_FAIL("Unknown scenario.");
@@ -3807,6 +3851,9 @@
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED:
+#if defined(MBEDTLS_SSL_ALPN)
+ case TEST_EARLY_DATA_SAME_ALPN:
+#endif
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1);
TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl),
@@ -3821,6 +3868,11 @@
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
+#if defined(MBEDTLS_SSL_ALPN)
+ case TEST_EARLY_DATA_DIFF_ALPN:
+ case TEST_EARLY_DATA_NO_INITIAL_ALPN:
+ case TEST_EARLY_DATA_NO_LATER_ALPN:
+#endif
TEST_EQUAL(ret, 0);
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0);
TEST_EQUAL(server_pattern.counter, 1);