TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f57d14bed4dbefb7419cbd439afeddcd096058d2^! / . / tests / suites / test_suite_ssl.function
commitf57d14bed4dbefb7419cbd439afeddcd096058d2[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Wed Nov 15 16:40:09 2023 +0800
committerRonald Cron <ronald.cron@arm.com>Fri Feb 02 17:31:20 2024 +0100
treeca9fe2c15aa107258f89ca4e0aa71967c3ecc3d9
parent263dbf71679c359be8549e111fcd0160a1ed1ed4 [diff] [blame]
Ignore early data app msg before 2nd client hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 31a973b..949356a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -3674,6 +3674,11 @@
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
     mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 };
+    uint16_t group_list[3] = {
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+    };
 
     /*
      * Determine scenario.
@@ -3682,6 +3687,8 @@
         scenario = 0;
     } else if (strcmp(scenario_string, "deprotect and discard") == 0) {
         scenario = 1;
+    } else if (strcmp(scenario_string, "discard after HRR") == 0) {
+        scenario = 2;
     } else {
         TEST_FAIL("Unknown scenario.");
     }
@@ -3700,7 +3707,7 @@
     client_options.pk_alg = MBEDTLS_PK_ECDSA;
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
                                          &client_options, NULL, NULL, NULL,
-                                         NULL);
+                                         group_list);
     TEST_EQUAL(ret, 0);
     mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
 
@@ -3709,7 +3716,7 @@
     server_options.srv_log_obj = &server_pattern;
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
                                          &server_options, NULL, NULL, NULL,
-                                         NULL);
+                                         group_list);
     TEST_EQUAL(ret, 0);
     mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -3763,6 +3770,19 @@
             mbedtls_ssl_conf_early_data(&server_ep.conf,
                                         MBEDTLS_SSL_EARLY_DATA_DISABLED);
             break;
+
+        case 2: /* discard after HRR */
+            mbedtls_debug_set_threshold(3);
+            server_pattern.pattern =
+                "EarlyData: Ignore application message before 2nd ClientHello";
+            mbedtls_ssl_conf_groups(&server_ep.conf, group_list + 1);
+            /*
+             * Need to reset again to reconstruct the group list in the
+             * handshake structure from the configured one.
+             */
+            ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
+            TEST_EQUAL(ret, 0);
+            break;
     }
 
     TEST_EQUAL(mbedtls_test_move_handshake_to_state(
@@ -3793,7 +3813,8 @@
                            MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0);
             break;
 
-        case 1:
+        case 1: /* Intentional fallthrough */
+        case 2:
             TEST_EQUAL(ret, 0);
             TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0);
             TEST_EQUAL(server_pattern.counter, 1);