TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9013b818c63f096e2c755499b466eb1149f1a647 / . / tests / suites / test_suite_ssl.function
blob: e49f37e2fb056d9bde49e9ff73ee6f60af6f8fd9 [file] [log] [blame]
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1/* BEGIN_HEADER */
Yanray Wang5fce1452022-10-24 14:42:01 +0800[diff] [blame]2#include <test/ssl_helpers.h>
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]3
Gabor Mezeic0ae1cf2021-10-20 12:09:35 +0200[diff] [blame]4#include <constant_time_internal.h>
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]5
Manuel Pégourié-Gonnard9670a592020-07-10 10:21:46 +0200[diff] [blame]6#include <test/constant_flow.h>
7
Valerio Setti8388fdd2023-04-28 12:27:14 +0200[diff] [blame]8#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 }
9
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]10/* END_HEADER */
11
12/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]13 * depends_on:MBEDTLS_SSL_TLS_C
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]14 * END_DEPENDENCIES
15 */
16
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]17/* BEGIN_CASE */
18void test_callback_buffer_sanity()
19{
20 enum { MSGLEN = 10 };
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]21 mbedtls_test_ssl_buffer buf;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]22 unsigned char input[MSGLEN];
23 unsigned char output[MSGLEN];
24
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]25 USE_PSA_INIT();
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]26 memset(input, 0, sizeof(input));
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]27
28 /* Make sure calling put and get on NULL buffer results in error. */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]29 TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]30 == -1);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]31 TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]32 == -1);
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]33 TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input))
34 == -1);
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]35
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]36 TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1);
37 TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]38
39 /* Make sure calling put and get on a buffer that hasn't been set up results
Shaun Case0e7791f2021-12-20 21:14:10 -0800[diff] [blame]40 * in error. */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]41 mbedtls_test_ssl_buffer_init(&buf);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]42
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]43 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
44 == -1);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]45 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]46 == -1);
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]47 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
48 == -1);
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]49
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]50 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1);
51 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]52
Andrzej Kurekf7774142020-01-22 06:34:59 -0500[diff] [blame]53 /* Make sure calling put and get on NULL input only results in
54 * error if the length is not zero, and that a NULL output is valid for data
55 * dropping.
56 */
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]57
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]58 TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]59
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]60 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
61 == -1);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]62 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]63 == 0);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]64 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0);
65 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]66
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]67 /* Make sure calling put several times in the row is safe */
68
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]69 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]70 == sizeof(input));
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]71 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2);
72 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1);
73 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1);
74 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0);
Piotr Nowickifb437d72020-01-13 16:59:12 +0100[diff] [blame]75
76
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]77exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]78 mbedtls_test_ssl_buffer_free(&buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]79 USE_PSA_DONE();
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]80}
81/* END_CASE */
82
83/*
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]84 * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]85 * correct and works as expected.
86 *
87 * That is
88 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes.
89 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
90 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret
91 * bytes.
92 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes.
93 * - All of the bytes we got match the bytes we put in in a FIFO manner.
94 */
95
96/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]97void test_callback_buffer(int size, int put1, int put1_ret,
98 int get1, int get1_ret, int put2, int put2_ret,
99 int get2, int get2_ret)
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]100{
101 enum { ROUNDS = 2 };
102 size_t put[ROUNDS];
103 int put_ret[ROUNDS];
104 size_t get[ROUNDS];
105 int get_ret[ROUNDS];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]106 mbedtls_test_ssl_buffer buf;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]107 unsigned char *input = NULL;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]108 size_t input_len;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]109 unsigned char *output = NULL;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]110 size_t output_len;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]111 size_t i, j, written, read;
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]112
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]113 mbedtls_test_ssl_buffer_init(&buf);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]114 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]115 TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]116
117 /* Check the sanity of input parameters and initialise local variables. That
118 * is, ensure that the amount of data is not negative and that we are not
119 * expecting more to put or get than we actually asked for. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]120 TEST_ASSERT(put1 >= 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]121 put[0] = put1;
122 put_ret[0] = put1_ret;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]123 TEST_ASSERT(put1_ret <= put1);
124 TEST_ASSERT(put2 >= 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]125 put[1] = put2;
126 put_ret[1] = put2_ret;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]127 TEST_ASSERT(put2_ret <= put2);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]128
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]129 TEST_ASSERT(get1 >= 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]130 get[0] = get1;
131 get_ret[0] = get1_ret;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]132 TEST_ASSERT(get1_ret <= get1);
133 TEST_ASSERT(get2 >= 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]134 get[1] = get2;
135 get_ret[1] = get2_ret;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]136 TEST_ASSERT(get2_ret <= get2);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]137
138 input_len = 0;
139 /* Calculate actual input and output lengths */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]140 for (j = 0; j < ROUNDS; j++) {
141 if (put_ret[j] > 0) {
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]142 input_len += put_ret[j];
143 }
144 }
145 /* In order to always have a valid pointer we always allocate at least 1
146 * byte. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]147 if (input_len == 0) {
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]148 input_len = 1;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]149 }
Tom Cosgrove30ceb232023-09-04 11:20:19 +0100[diff] [blame]150 TEST_CALLOC(input, input_len);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]151
152 output_len = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]153 for (j = 0; j < ROUNDS; j++) {
154 if (get_ret[j] > 0) {
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]155 output_len += get_ret[j];
156 }
157 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]158 TEST_ASSERT(output_len <= input_len);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]159 /* In order to always have a valid pointer we always allocate at least 1
160 * byte. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]161 if (output_len == 0) {
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]162 output_len = 1;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]163 }
Tom Cosgrove30ceb232023-09-04 11:20:19 +0100[diff] [blame]164 TEST_CALLOC(output, output_len);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]165
166 /* Fill up the buffer with structured data so that unwanted changes
167 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]168 for (i = 0; i < input_len; i++) {
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]169 input[i] = i & 0xFF;
170 }
171
172 written = read = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]173 for (j = 0; j < ROUNDS; j++) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]174 TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf,
175 input + written, put[j]));
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]176 written += put_ret[j];
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]177 TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf,
178 output + read, get[j]));
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]179 read += get_ret[j];
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]180 TEST_ASSERT(read <= written);
181 if (get_ret[j] > 0) {
182 TEST_ASSERT(memcmp(output + read - get_ret[j],
183 input + read - get_ret[j], get_ret[j])
184 == 0);
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]185 }
186 }
187
188exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]189 mbedtls_free(input);
190 mbedtls_free(output);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]191 mbedtls_test_ssl_buffer_free(&buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]192 USE_PSA_DONE();
Janos Follath6264e662019-11-26 11:11:15 +0000[diff] [blame]193}
194/* END_CASE */
195
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]196/*
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]197 * Test if the implementation of `mbedtls_test_mock_socket` related
198 * I/O functions is correct and works as expected on unconnected sockets.
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]199 */
200
201/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]202void ssl_mock_sanity()
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]203{
204 enum { MSGLEN = 105 };
Paul Elliott95457862021-11-24 16:54:26 +0000[diff] [blame]205 unsigned char message[MSGLEN] = { 0 };
206 unsigned char received[MSGLEN] = { 0 };
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]207 mbedtls_test_mock_socket socket;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]208
Yanray Wangd02c3172023-03-15 16:02:29 +0800[diff] [blame]209 mbedtls_test_mock_socket_init(&socket);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]210 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]211 TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
212 mbedtls_test_mock_socket_close(&socket);
Yanray Wangd02c3172023-03-15 16:02:29 +0800[diff] [blame]213 mbedtls_test_mock_socket_init(&socket);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]214 TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0);
215 mbedtls_test_mock_socket_close(&socket);
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]216
Yanray Wangd02c3172023-03-15 16:02:29 +0800[diff] [blame]217 mbedtls_test_mock_socket_init(&socket);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]218 TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0);
219 mbedtls_test_mock_socket_close(&socket);
Yanray Wangd02c3172023-03-15 16:02:29 +0800[diff] [blame]220 mbedtls_test_mock_socket_init(&socket);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]221 TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0);
222 mbedtls_test_mock_socket_close(&socket);
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]223
224exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]225 mbedtls_test_mock_socket_close(&socket);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]226 USE_PSA_DONE();
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]227}
228/* END_CASE */
229
230/*
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]231 * Test if the implementation of `mbedtls_test_mock_socket` related functions
232 * can send a single message from the client to the server.
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]233 */
234
235/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]236void ssl_mock_tcp(int blocking)
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]237{
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]238 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]239 enum { BUFLEN = MSGLEN / 5 };
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]240 unsigned char message[MSGLEN];
241 unsigned char received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]242 mbedtls_test_mock_socket client;
243 mbedtls_test_mock_socket server;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]244 size_t written, read;
245 int send_ret, recv_ret;
246 mbedtls_ssl_send_t *send;
247 mbedtls_ssl_recv_t *recv;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]248 unsigned i;
249
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]250 if (blocking == 0) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]251 send = mbedtls_test_mock_tcp_send_nb;
252 recv = mbedtls_test_mock_tcp_recv_nb;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]253 } else {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]254 send = mbedtls_test_mock_tcp_send_b;
255 recv = mbedtls_test_mock_tcp_recv_b;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]256 }
257
Yanray Wangd02c3172023-03-15 16:02:29 +0800[diff] [blame]258 mbedtls_test_mock_socket_init(&client);
259 mbedtls_test_mock_socket_init(&server);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]260 USE_PSA_INIT();
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]261
262 /* Fill up the buffer with structured data so that unwanted changes
263 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]264 for (i = 0; i < MSGLEN; i++) {
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]265 message[i] = i & 0xFF;
266 }
267
268 /* Make sure that sending a message takes a few iterations. */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]269 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN));
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]270
271 /* Send the message to the server */
272 send_ret = recv_ret = 1;
273 written = read = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]274 while (send_ret != 0 || recv_ret != 0) {
275 send_ret = send(&client, message + written, MSGLEN - written);
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]276
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]277 TEST_ASSERT(send_ret >= 0);
278 TEST_ASSERT(send_ret <= BUFLEN);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]279 written += send_ret;
280
281 /* If the buffer is full we can test blocking and non-blocking send */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]282 if (send_ret == BUFLEN) {
283 int blocking_ret = send(&client, message, 1);
284 if (blocking) {
285 TEST_ASSERT(blocking_ret == 0);
286 } else {
287 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]288 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]289 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]290
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]291 recv_ret = recv(&server, received + read, MSGLEN - read);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]292
293 /* The result depends on whether any data was sent */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]294 if (send_ret > 0) {
295 TEST_ASSERT(recv_ret > 0);
296 TEST_ASSERT(recv_ret <= BUFLEN);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]297 read += recv_ret;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]298 } else if (blocking) {
299 TEST_ASSERT(recv_ret == 0);
300 } else {
301 TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]302 recv_ret = 0;
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]303 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]304
305 /* If the buffer is empty we can test blocking and non-blocking read */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]306 if (recv_ret == BUFLEN) {
307 int blocking_ret = recv(&server, received, 1);
308 if (blocking) {
309 TEST_ASSERT(blocking_ret == 0);
310 } else {
311 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]312 }
313 }
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]314 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]315 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]316
317exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]318 mbedtls_test_mock_socket_close(&client);
319 mbedtls_test_mock_socket_close(&server);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]320 USE_PSA_DONE();
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]321}
322/* END_CASE */
323
324/*
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]325 * Test if the implementation of `mbedtls_test_mock_socket` related functions
326 * can send messages in both direction at the same time (with the I/O calls
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]327 * interleaving).
328 */
329
330/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]331void ssl_mock_tcp_interleaving(int blocking)
Janos Follathc673c2c2019-12-02 15:47:26 +0000[diff] [blame]332{
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]333 enum { ROUNDS = 2 };
334 enum { MSGLEN = 105 };
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]335 enum { BUFLEN = MSGLEN / 5 };
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]336 unsigned char message[ROUNDS][MSGLEN];
337 unsigned char received[ROUNDS][MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]338 mbedtls_test_mock_socket client;
339 mbedtls_test_mock_socket server;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]340 size_t written[ROUNDS];
341 size_t read[ROUNDS];
342 int send_ret[ROUNDS];
343 int recv_ret[ROUNDS];
344 unsigned i, j, progress;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]345 mbedtls_ssl_send_t *send;
346 mbedtls_ssl_recv_t *recv;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]347
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]348 if (blocking == 0) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]349 send = mbedtls_test_mock_tcp_send_nb;
350 recv = mbedtls_test_mock_tcp_recv_nb;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]351 } else {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]352 send = mbedtls_test_mock_tcp_send_b;
353 recv = mbedtls_test_mock_tcp_recv_b;
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]354 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]355
Yanray Wangd02c3172023-03-15 16:02:29 +0800[diff] [blame]356 mbedtls_test_mock_socket_init(&client);
357 mbedtls_test_mock_socket_init(&server);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]358 USE_PSA_INIT();
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]359
360 /* Fill up the buffers with structured data so that unwanted changes
361 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]362 for (i = 0; i < ROUNDS; i++) {
363 for (j = 0; j < MSGLEN; j++) {
364 message[i][j] = (i * MSGLEN + j) & 0xFF;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]365 }
366 }
367
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]368 /* Make sure that sending a message takes a few iterations. */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]369 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
370 BUFLEN));
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]371
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]372 /* Send the message from both sides, interleaving. */
373 progress = 1;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]374 for (i = 0; i < ROUNDS; i++) {
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]375 written[i] = 0;
376 read[i] = 0;
377 }
378 /* This loop does not stop as long as there was a successful write or read
379 * of at least one byte on either side. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]380 while (progress != 0) {
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]381 mbedtls_test_mock_socket *socket;
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]382
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]383 for (i = 0; i < ROUNDS; i++) {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]384 /* First sending is from the client */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]385 socket = (i % 2 == 0) ? (&client) : (&server);
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]386
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]387 send_ret[i] = send(socket, message[i] + written[i],
388 MSGLEN - written[i]);
389 TEST_ASSERT(send_ret[i] >= 0);
390 TEST_ASSERT(send_ret[i] <= BUFLEN);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]391 written[i] += send_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]392
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]393 /* If the buffer is full we can test blocking and non-blocking
394 * send */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]395 if (send_ret[i] == BUFLEN) {
396 int blocking_ret = send(socket, message[i], 1);
397 if (blocking) {
398 TEST_ASSERT(blocking_ret == 0);
399 } else {
400 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]401 }
402 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]403 }
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]404
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]405 for (i = 0; i < ROUNDS; i++) {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]406 /* First receiving is from the server */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]407 socket = (i % 2 == 0) ? (&server) : (&client);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]408
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]409 recv_ret[i] = recv(socket, received[i] + read[i],
410 MSGLEN - read[i]);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]411
412 /* The result depends on whether any data was sent */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]413 if (send_ret[i] > 0) {
414 TEST_ASSERT(recv_ret[i] > 0);
415 TEST_ASSERT(recv_ret[i] <= BUFLEN);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]416 read[i] += recv_ret[i];
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]417 } else if (blocking) {
418 TEST_ASSERT(recv_ret[i] == 0);
419 } else {
420 TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]421 recv_ret[i] = 0;
422 }
423
424 /* If the buffer is empty we can test blocking and non-blocking
425 * read */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]426 if (recv_ret[i] == BUFLEN) {
427 int blocking_ret = recv(socket, received[i], 1);
428 if (blocking) {
429 TEST_ASSERT(blocking_ret == 0);
430 } else {
431 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]432 }
433 }
Janos Follath3766ba52019-11-27 13:31:42 +0000[diff] [blame]434 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]435
436 progress = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]437 for (i = 0; i < ROUNDS; i++) {
Piotr Nowicki890b5ca2020-01-15 16:19:07 +0100[diff] [blame]438 progress += send_ret[i] + recv_ret[i];
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]439 }
440 }
441
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]442 for (i = 0; i < ROUNDS; i++) {
443 TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0);
444 }
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]445
446exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]447 mbedtls_test_mock_socket_close(&client);
448 mbedtls_test_mock_socket_close(&server);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]449 USE_PSA_DONE();
Janos Follath031827f2019-11-27 11:12:14 +0000[diff] [blame]450}
451/* END_CASE */
452
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]453/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]454void ssl_message_queue_sanity()
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]455{
Valerio Setti8388fdd2023-04-28 12:27:14 +0200[diff] [blame]456 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]457
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]458 USE_PSA_INIT();
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]459 /* Trying to push/pull to an empty queue */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]460 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]461 == MBEDTLS_TEST_ERROR_ARG_NULL);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]462 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]463 == MBEDTLS_TEST_ERROR_ARG_NULL);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]464
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]465 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]466 TEST_ASSERT(queue.capacity == 3);
467 TEST_ASSERT(queue.num == 0);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]468
469exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]470 mbedtls_test_ssl_message_queue_free(&queue);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]471 USE_PSA_DONE();
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]472}
473/* END_CASE */
474
475/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]476void ssl_message_queue_basic()
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]477{
Valerio Setti8388fdd2023-04-28 12:27:14 +0200[diff] [blame]478 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]479
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]480 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]481 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]482
483 /* Sanity test - 3 pushes and 3 pops with sufficient space */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]484 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]485 TEST_ASSERT(queue.capacity == 3);
486 TEST_ASSERT(queue.num == 1);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]487 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]488 TEST_ASSERT(queue.capacity == 3);
489 TEST_ASSERT(queue.num == 2);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]490 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]491 TEST_ASSERT(queue.capacity == 3);
492 TEST_ASSERT(queue.num == 3);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]493
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]494 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
495 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
496 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]497
498exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]499 mbedtls_test_ssl_message_queue_free(&queue);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]500 USE_PSA_DONE();
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]501}
502/* END_CASE */
503
504/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]505void ssl_message_queue_overflow_underflow()
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]506{
Valerio Setti8388fdd2023-04-28 12:27:14 +0200[diff] [blame]507 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]508
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]509 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]510 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]511
512 /* 4 pushes (last one with an error), 4 pops (last one with an error) */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]513 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
514 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
515 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
516 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]517 == MBEDTLS_ERR_SSL_WANT_WRITE);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]518
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]519 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
520 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
521 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]522
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]523 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]524 == MBEDTLS_ERR_SSL_WANT_READ);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]525
526exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]527 mbedtls_test_ssl_message_queue_free(&queue);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]528 USE_PSA_DONE();
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]529}
530/* END_CASE */
531
532/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]533void ssl_message_queue_interleaved()
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]534{
Valerio Setti8388fdd2023-04-28 12:27:14 +0200[diff] [blame]535 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]536
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]537 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]538 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]539
540 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
541 * (to wrap around the buffer) */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]542 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
543 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]544
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]545 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]546
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]547 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
548 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]549
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]550 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
551 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]552
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]553 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5);
554 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]555
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]556 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]557
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]558 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]559
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]560 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]561
562exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]563 mbedtls_test_ssl_message_queue_free(&queue);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]564 USE_PSA_DONE();
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]565}
566/* END_CASE */
567
568/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]569void ssl_message_queue_insufficient_buffer()
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]570{
Valerio Setti8388fdd2023-04-28 12:27:14 +0200[diff] [blame]571 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]572 size_t message_len = 10;
573 size_t buffer_len = 5;
574
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]575 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]576 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]577
578 /* Popping without a sufficient buffer */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]579 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]580 == (int) message_len);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]581 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]582 == (int) buffer_len);
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]583exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]584 mbedtls_test_ssl_message_queue_free(&queue);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]585 USE_PSA_DONE();
Andrzej Kurek13719cd2020-01-22 06:36:39 -0500[diff] [blame]586}
587/* END_CASE */
588
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]589/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]590void ssl_message_mock_uninitialized()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]591{
592 enum { MSGLEN = 10 };
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]593 unsigned char message[MSGLEN] = { 0 }, received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]594 mbedtls_test_mock_socket client, server;
595 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]596 mbedtls_test_message_socket_context server_context, client_context;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]597 mbedtls_test_message_socket_init(&server_context);
598 mbedtls_test_message_socket_init(&client_context);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]599
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]600 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]601 /* Send with a NULL context */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]602 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]603 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]604
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]605 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]606 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]607
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]608 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
609 &client_queue, 1,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]610 &server,
611 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]612
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]613 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
614 &server_queue, 1,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]615 &client,
616 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]617
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]618 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
619 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]620 == MBEDTLS_TEST_ERROR_SEND_FAILED);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]621
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]622 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
623 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]624 == MBEDTLS_ERR_SSL_WANT_READ);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]625
626 /* Push directly to a queue to later simulate a disconnected behavior */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]627 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue,
628 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]629 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]630
631 /* Test if there's an error when trying to read from a disconnected
632 * socket */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]633 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
634 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]635 == MBEDTLS_TEST_ERROR_RECV_FAILED);
636exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]637 mbedtls_test_message_socket_close(&server_context);
638 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]639 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]640}
641/* END_CASE */
642
643/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]644void ssl_message_mock_basic()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]645{
646 enum { MSGLEN = 10 };
647 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]648 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]649 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]650 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]651 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]652
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]653 mbedtls_test_message_socket_init(&server_context);
654 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]655 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]656
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]657 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
658 &client_queue, 1,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]659 &server,
660 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]661
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]662 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
663 &server_queue, 1,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]664 &client,
665 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]666
667 /* Fill up the buffer with structured data so that unwanted changes
668 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]669 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]670 message[i] = i & 0xFF;
671 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]672 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
673 MSGLEN));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]674
675 /* Send the message to the server */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]676 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]677 MSGLEN)
678 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]679
680 /* Read from the server */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]681 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
682 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]683 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]684
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]685 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
686 memset(received, 0, MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]687
688 /* Send the message to the client */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]689 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
690 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]691
692 /* Read from the client */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]693 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
694 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]695 == MSGLEN);
696 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]697
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]698exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]699 mbedtls_test_message_socket_close(&server_context);
700 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]701 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]702}
703/* END_CASE */
704
705/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]706void ssl_message_mock_queue_overflow_underflow()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]707{
708 enum { MSGLEN = 10 };
709 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]710 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]711 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]712 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]713 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]714
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]715 mbedtls_test_message_socket_init(&server_context);
716 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]717 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]718
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]719 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
720 &client_queue, 2,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]721 &server,
722 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]723
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]724 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
725 &server_queue, 2,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]726 &client,
727 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]728
729 /* Fill up the buffer with structured data so that unwanted changes
730 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]731 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]732 message[i] = i & 0xFF;
733 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]734 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
735 MSGLEN*2));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]736
737 /* Send three message to the server, last one with an error */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]738 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]739 MSGLEN - 1)
740 == MSGLEN - 1);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]741
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]742 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]743 MSGLEN)
744 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]745
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]746 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
747 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]748 == MBEDTLS_ERR_SSL_WANT_WRITE);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]749
750 /* Read three messages from the server, last one with an error */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]751 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]752 MSGLEN - 1)
753 == MSGLEN - 1);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]754
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]755 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
756 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]757 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]758
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]759 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]760
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]761 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
762 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]763 == MBEDTLS_ERR_SSL_WANT_READ);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]764
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]765exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]766 mbedtls_test_message_socket_close(&server_context);
767 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]768 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]769}
770/* END_CASE */
771
772/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]773void ssl_message_mock_socket_overflow()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]774{
775 enum { MSGLEN = 10 };
776 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]777 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]778 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]779 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]780 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]781
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]782 mbedtls_test_message_socket_init(&server_context);
783 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]784 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]785
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]786 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
787 &client_queue, 2,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]788 &server,
789 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]790
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]791 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
792 &server_queue, 2,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]793 &client,
794 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]795
796 /* Fill up the buffer with structured data so that unwanted changes
797 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]798 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]799 message[i] = i & 0xFF;
800 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]801 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
802 MSGLEN));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]803
804 /* Send two message to the server, second one with an error */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]805 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]806 MSGLEN)
807 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]808
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]809 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
810 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]811 == MBEDTLS_TEST_ERROR_SEND_FAILED);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]812
813 /* Read the only message from the server */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]814 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
815 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]816 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]817
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]818 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]819
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]820exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]821 mbedtls_test_message_socket_close(&server_context);
822 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]823 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]824}
825/* END_CASE */
826
827/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]828void ssl_message_mock_truncated()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]829{
830 enum { MSGLEN = 10 };
831 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]832 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]833 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]834 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]835 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]836
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]837 mbedtls_test_message_socket_init(&server_context);
838 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]839 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]840
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]841 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
842 &client_queue, 2,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]843 &server,
844 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]845
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]846 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
847 &server_queue, 2,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]848 &client,
849 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]850
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]851 memset(received, 0, MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]852 /* Fill up the buffer with structured data so that unwanted changes
853 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]854 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]855 message[i] = i & 0xFF;
856 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]857 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
858 2 * MSGLEN));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]859
860 /* Send two messages to the server, the second one small enough to fit in the
861 * receiver's buffer. */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]862 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]863 MSGLEN)
864 == MSGLEN);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]865 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]866 MSGLEN / 2)
867 == MSGLEN / 2);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]868 /* Read a truncated message from the server */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]869 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
870 MSGLEN/2)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]871 == MSGLEN/2);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]872
873 /* Test that the first half of the message is valid, and second one isn't */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]874 TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
875 TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2)
876 != 0);
877 memset(received, 0, MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]878
879 /* Read a full message from the server */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]880 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
881 MSGLEN/2)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]882 == MSGLEN / 2);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]883
884 /* Test that the first half of the message is valid */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]885 TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]886
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]887exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]888 mbedtls_test_message_socket_close(&server_context);
889 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]890 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]891}
892/* END_CASE */
893
894/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]895void ssl_message_mock_socket_read_error()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]896{
897 enum { MSGLEN = 10 };
898 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]899 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]900 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]901 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]902 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]903
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]904 mbedtls_test_message_socket_init(&server_context);
905 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]906 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]907
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]908 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
909 &client_queue, 1,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]910 &server,
911 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]912
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]913 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
914 &server_queue, 1,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]915 &client,
916 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]917
918 /* Fill up the buffer with structured data so that unwanted changes
919 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]920 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]921 message[i] = i & 0xFF;
922 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]923 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
924 MSGLEN));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]925
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]926 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]927 MSGLEN)
928 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]929
930 /* Force a read error by disconnecting the socket by hand */
931 server.status = 0;
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]932 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
933 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]934 == MBEDTLS_TEST_ERROR_RECV_FAILED);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]935 /* Return to a valid state */
936 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
937
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]938 memset(received, 0, sizeof(received));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]939
940 /* Test that even though the server tried to read once disconnected, the
941 * continuity is preserved */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]942 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
943 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]944 == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]945
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]946 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]947
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]948exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]949 mbedtls_test_message_socket_close(&server_context);
950 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]951 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]952}
953/* END_CASE */
954
955/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]956void ssl_message_mock_interleaved_one_way()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]957{
958 enum { MSGLEN = 10 };
959 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]960 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]961 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]962 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]963 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]964
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]965 mbedtls_test_message_socket_init(&server_context);
966 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]967 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]968
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]969 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
970 &client_queue, 3,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]971 &server,
972 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]973
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]974 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
975 &server_queue, 3,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]976 &client,
977 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]978
979 /* Fill up the buffer with structured data so that unwanted changes
980 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]981 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]982 message[i] = i & 0xFF;
983 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]984 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
985 MSGLEN*3));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]986
987 /* Interleaved test - [2 sends, 1 read] twice, and then two reads
988 * (to wrap around the buffer) */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]989 for (i = 0; i < 2; i++) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]990 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
991 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]992
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]993 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
994 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]995
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]996 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
997 MSGLEN) == MSGLEN);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]998 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
999 memset(received, 0, sizeof(received));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1000 }
1001
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1002 for (i = 0; i < 2; i++) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1003 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
1004 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1005
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1006 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1007 }
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1008 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
1009 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1010 == MBEDTLS_ERR_SSL_WANT_READ);
1011exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1012 mbedtls_test_message_socket_close(&server_context);
1013 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1014 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1015}
1016/* END_CASE */
1017
1018/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1019void ssl_message_mock_interleaved_two_ways()
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1020{
1021 enum { MSGLEN = 10 };
1022 unsigned char message[MSGLEN], received[MSGLEN];
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]1023 mbedtls_test_mock_socket client, server;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1024 unsigned i;
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]1025 mbedtls_test_ssl_message_queue server_queue, client_queue;
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1026 mbedtls_test_message_socket_context server_context, client_context;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1027
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1028 mbedtls_test_message_socket_init(&server_context);
1029 mbedtls_test_message_socket_init(&client_context);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1030 USE_PSA_INIT();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1031
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1032 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
1033 &client_queue, 3,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1034 &server,
1035 &server_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1036
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1037 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
1038 &server_queue, 3,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1039 &client,
1040 &client_context) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1041
1042 /* Fill up the buffer with structured data so that unwanted changes
1043 * can be detected */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1044 for (i = 0; i < MSGLEN; i++) {
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1045 message[i] = i & 0xFF;
1046 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1047 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
1048 MSGLEN*3));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1049
1050 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
1051 * (to wrap around the buffer) both ways. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1052 for (i = 0; i < 2; i++) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1053 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
1054 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1055
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1056 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
1057 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1058
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1059 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
1060 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1061
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1062 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
1063 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1064
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1065 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
1066 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1067
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1068 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1069
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1070 memset(received, 0, sizeof(received));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1071
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1072 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
1073 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1074
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1075 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1076
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1077 memset(received, 0, sizeof(received));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1078 }
1079
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1080 for (i = 0; i < 2; i++) {
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1081 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
1082 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1083
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1084 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
1085 memset(received, 0, sizeof(received));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1086
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1087 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
1088 MSGLEN) == MSGLEN);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1089
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1090 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
1091 memset(received, 0, sizeof(received));
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1092 }
1093
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1094 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
1095 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1096 == MBEDTLS_ERR_SSL_WANT_READ);
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1097
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1098 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
1099 MSGLEN)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1100 == MBEDTLS_ERR_SSL_WANT_READ);
1101exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1102 mbedtls_test_message_socket_close(&server_context);
1103 mbedtls_test_message_socket_close(&client_context);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1104 USE_PSA_DONE();
Andrzej Kurekbc483de2020-01-22 03:40:00 -0500[diff] [blame]1105}
1106/* END_CASE */
1107
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1108/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1109void ssl_dtls_replay(data_t *prevs, data_t *new, int ret)
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1110{
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1111 uint32_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1112 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]1113 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1114
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1115 mbedtls_ssl_init(&ssl);
1116 mbedtls_ssl_config_init(&conf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1117 USE_PSA_INIT();
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]1118
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1119 TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
1120 MBEDTLS_SSL_IS_CLIENT,
1121 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
1122 MBEDTLS_SSL_PRESET_DEFAULT) == 0);
1123 TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1124
1125 /* Read previous record numbers */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1126 for (len = 0; len < prevs->len; len += 6) {
1127 memcpy(ssl.in_ctr + 2, prevs->x + len, 6);
1128 mbedtls_ssl_dtls_replay_update(&ssl);
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1129 }
1130
1131 /* Check new number */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1132 memcpy(ssl.in_ctr + 2, new->x, 6);
1133 TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret);
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1134
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1135exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1136 mbedtls_ssl_free(&ssl);
1137 mbedtls_ssl_config_free(&conf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1138 USE_PSA_DONE();
Manuel Pégourié-Gonnard4956fd72014-09-24 11:13:44 +0200[diff] [blame]1139}
1140/* END_CASE */
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1141
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]1142/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1143void ssl_set_hostname_twice(char *hostname0, char *hostname1)
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1144{
1145 mbedtls_ssl_context ssl;
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1146
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1147 mbedtls_ssl_init(&ssl);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1148 USE_PSA_INIT();
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1149
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1150 TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0);
1151 TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0);
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1152
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1153exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1154 mbedtls_ssl_free(&ssl);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1155 USE_PSA_DONE();
Hanno Beckerb25c0c72017-05-05 11:24:30 +0100[diff] [blame]1156}
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]1157/* END_CASE */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1158
1159/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1160void ssl_crypt_record(int cipher_type, int hash_id,
1161 int etm, int tag_mode, int ver,
1162 int cid0_len, int cid1_len)
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1163{
1164 /*
1165 * Test several record encryptions and decryptions
1166 * with plenty of space before and after the data
1167 * within the record buffer.
1168 */
1169
1170 int ret;
1171 int num_records = 16;
1172 mbedtls_ssl_context ssl; /* ONLY for debugging */
1173
1174 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1175 unsigned char *buf = NULL;
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1176 size_t const buflen = 512;
1177 mbedtls_record rec, rec_backup;
1178
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1179 mbedtls_ssl_init(&ssl);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1180 USE_PSA_INIT();
1181
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1182 mbedtls_ssl_transform_init(&t0);
1183 mbedtls_ssl_transform_init(&t1);
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1184 TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
1185 etm, tag_mode, ver,
1186 (size_t) cid0_len,
1187 (size_t) cid1_len) == 0);
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1188
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1189 TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1190
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1191 while (num_records-- > 0) {
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1192 mbedtls_ssl_transform *t_dec, *t_enc;
1193 /* Take turns in who's sending and who's receiving. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1194 if (num_records % 3 == 0) {
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1195 t_dec = &t0;
1196 t_enc = &t1;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1197 } else {
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1198 t_dec = &t1;
1199 t_enc = &t0;
1200 }
1201
1202 /*
1203 * The record header affects the transformation in two ways:
1204 * 1) It determines the AEAD additional data
1205 * 2) The record counter sometimes determines the IV.
1206 *
1207 * Apart from that, the fields don't have influence.
1208 * In particular, it is currently not the responsibility
1209 * of ssl_encrypt/decrypt_buf to check if the transform
1210 * version matches the record version, or that the
1211 * type is sensible.
1212 */
1213
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1214 memset(rec.ctr, num_records, sizeof(rec.ctr));
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1215 rec.type = 42;
1216 rec.ver[0] = num_records;
1217 rec.ver[1] = num_records;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1218#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1219 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1220#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1221
1222 rec.buf = buf;
1223 rec.buf_len = buflen;
1224 rec.data_offset = 16;
1225 /* Make sure to vary the length to exercise different
1226 * paddings. */
1227 rec.data_len = 1 + num_records;
1228
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1229 memset(rec.buf + rec.data_offset, 42, rec.data_len);
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1230
1231 /* Make a copy for later comparison */
1232 rec_backup = rec;
1233
1234 /* Encrypt record */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1235 ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
1236 mbedtls_test_rnd_std_rand, NULL);
1237 TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
1238 if (ret != 0) {
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1239 continue;
1240 }
1241
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1242#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1243 if (rec.cid_len != 0) {
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1244 /* DTLS 1.2 + CID hides the real content type and
1245 * uses a special CID content type in the protected
1246 * record. Double-check this. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1247 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1248 }
1249#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1250
1251#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1252 if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1253 /* TLS 1.3 hides the real content type and
1254 * always uses Application Data as the content type
1255 * for protected records. Double-check this. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1256 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1257 }
1258#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1259
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1260 /* Decrypt record with t_dec */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1261 ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec);
1262 TEST_ASSERT(ret == 0);
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1263
1264 /* Compare results */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1265 TEST_ASSERT(rec.type == rec_backup.type);
1266 TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
1267 TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
1268 TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
1269 TEST_ASSERT(rec.data_len == rec_backup.data_len);
1270 TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
1271 TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
1272 rec_backup.buf + rec_backup.data_offset,
1273 rec.data_len) == 0);
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1274 }
1275
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1276exit:
1277
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1278 /* Cleanup */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1279 mbedtls_ssl_free(&ssl);
1280 mbedtls_ssl_transform_free(&t0);
1281 mbedtls_ssl_transform_free(&t1);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1282 mbedtls_free(buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1283 USE_PSA_DONE();
Hanno Beckera18d1322018-01-03 14:27:32 +0000[diff] [blame]1284}
1285/* END_CASE */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1286
1287/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1288void ssl_crypt_record_small(int cipher_type, int hash_id,
1289 int etm, int tag_mode, int ver,
1290 int cid0_len, int cid1_len)
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1291{
1292 /*
1293 * Test pairs of encryption and decryption with an increasing
1294 * amount of space in the record buffer - in more detail:
1295 * 1) Try to encrypt with 0, 1, 2, ... bytes available
1296 * in front of the plaintext, and expect the encryption
1297 * to succeed starting from some offset. Always keep
1298 * enough space in the end of the buffer.
1299 * 2) Try to encrypt with 0, 1, 2, ... bytes available
1300 * at the end of the plaintext, and expect the encryption
1301 * to succeed starting from some offset. Always keep
1302 * enough space at the beginning of the buffer.
1303 * 3) Try to encrypt with 0, 1, 2, ... bytes available
1304 * both at the front and end of the plaintext,
1305 * and expect the encryption to succeed starting from
1306 * some offset.
1307 *
1308 * If encryption succeeds, check that decryption succeeds
1309 * and yields the original record.
1310 */
1311
1312 mbedtls_ssl_context ssl; /* ONLY for debugging */
1313
1314 mbedtls_ssl_transform t0, t1;
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1315 unsigned char *buf = NULL;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1316 size_t const buflen = 256;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1317 mbedtls_record rec, rec_backup;
1318
1319 int ret;
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1320 int mode; /* Mode 1, 2 or 3 as explained above */
1321 size_t offset; /* Available space at beginning/end/both */
1322 size_t threshold = 96; /* Maximum offset to test against */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1323
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1324 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
1325 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1326
1327 int seen_success; /* Indicates if in the current mode we've
1328 * already seen a successful test. */
1329
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1330 mbedtls_ssl_init(&ssl);
1331 mbedtls_ssl_transform_init(&t0);
1332 mbedtls_ssl_transform_init(&t1);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1333 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1334 TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
1335 etm, tag_mode, ver,
1336 (size_t) cid0_len,
1337 (size_t) cid1_len) == 0);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1338
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1339 TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1340
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1341 for (mode = 1; mode <= 3; mode++) {
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1342 seen_success = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1343 for (offset = 0; offset <= threshold; offset++) {
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1344 mbedtls_ssl_transform *t_dec, *t_enc;
Hanno Becker6c87b3f2019-04-29 17:24:44 +0100[diff] [blame]1345 t_dec = &t0;
1346 t_enc = &t1;
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1347
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1348 memset(rec.ctr, offset, sizeof(rec.ctr));
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1349 rec.type = 42;
1350 rec.ver[0] = offset;
1351 rec.ver[1] = offset;
1352 rec.buf = buf;
1353 rec.buf_len = buflen;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1354#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Hanno Beckerd856c822019-04-29 17:30:59 +0100[diff] [blame]1355 rec.cid_len = 0;
Hanno Beckera0e20d02019-05-15 14:03:01 +0100[diff] [blame]1356#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1357
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1358 switch (mode) {
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1359 case 1: /* Space in the beginning */
1360 rec.data_offset = offset;
1361 rec.data_len = buflen - offset - default_post_padding;
1362 break;
1363
1364 case 2: /* Space in the end */
1365 rec.data_offset = default_pre_padding;
1366 rec.data_len = buflen - default_pre_padding - offset;
1367 break;
1368
1369 case 3: /* Space in the beginning and end */
1370 rec.data_offset = offset;
1371 rec.data_len = buflen - 2 * offset;
1372 break;
1373
1374 default:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1375 TEST_ASSERT(0);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1376 break;
1377 }
1378
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1379 memset(rec.buf + rec.data_offset, 42, rec.data_len);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1380
1381 /* Make a copy for later comparison */
1382 rec_backup = rec;
1383
1384 /* Encrypt record */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1385 ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
1386 mbedtls_test_rnd_std_rand, NULL);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1387
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1388 if ((mode == 1 || mode == 2) && seen_success) {
1389 TEST_ASSERT(ret == 0);
1390 } else {
1391 TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
1392 if (ret == 0) {
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1393 seen_success = 1;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1394 }
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1395 }
1396
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1397 if (ret != 0) {
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1398 continue;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1399 }
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1400
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1401#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1402 if (rec.cid_len != 0) {
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1403 /* DTLS 1.2 + CID hides the real content type and
1404 * uses a special CID content type in the protected
1405 * record. Double-check this. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1406 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1407 }
1408#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1409
1410#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1411 if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) {
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1412 /* TLS 1.3 hides the real content type and
1413 * always uses Application Data as the content type
1414 * for protected records. Double-check this. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1415 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
Hanno Beckerb2713ab2020-05-07 14:54:22 +0100[diff] [blame]1416 }
1417#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
1418
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1419 /* Decrypt record with t_dec */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1420 TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1421
1422 /* Compare results */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1423 TEST_ASSERT(rec.type == rec_backup.type);
1424 TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
1425 TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
1426 TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
1427 TEST_ASSERT(rec.data_len == rec_backup.data_len);
1428 TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
1429 TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
1430 rec_backup.buf + rec_backup.data_offset,
1431 rec.data_len) == 0);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1432 }
1433
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1434 TEST_ASSERT(seen_success == 1);
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1435 }
1436
Hanno Becker81e16a32019-03-01 11:21:44 +0000[diff] [blame]1437exit:
1438
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1439 /* Cleanup */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1440 mbedtls_ssl_free(&ssl);
1441 mbedtls_ssl_transform_free(&t0);
1442 mbedtls_ssl_transform_free(&t1);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1443 mbedtls_free(buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1444 USE_PSA_DONE();
Hanno Beckerb3268da2018-01-05 15:20:24 +0000[diff] [blame]1445}
1446/* END_CASE */
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1447
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1448/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1449void ssl_tls1_3_hkdf_expand_label(int hash_alg,
1450 data_t *secret,
1451 int label_idx,
1452 data_t *ctx,
1453 int desired_length,
1454 data_t *expected)
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1455{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1456 unsigned char dst[100];
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1457
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1458 unsigned char const *lbl = NULL;
1459 size_t lbl_len;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1460#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
1461 if (label_idx == (int) tls1_3_label_ ## name) \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1462 { \
1463 lbl = mbedtls_ssl_tls1_3_labels.name; \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1464 lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1465 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1466 MBEDTLS_SSL_TLS1_3_LABEL_LIST
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1467#undef MBEDTLS_SSL_TLS1_3_LABEL
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1468 TEST_ASSERT(lbl != NULL);
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1469
1470 /* Check sanity of test parameters. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1471 TEST_ASSERT((size_t) desired_length <= sizeof(dst));
1472 TEST_ASSERT((size_t) desired_length == expected->len);
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1473
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1474 TEST_ASSERT(mbedtls_ssl_tls1_3_hkdf_expand_label(
1475 (mbedtls_md_type_t) hash_alg,
1476 secret->x, secret->len,
1477 lbl, lbl_len,
1478 ctx->x, ctx->len,
1479 dst, desired_length) == 0);
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1480
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1481 TEST_MEMORY_COMPARE(dst, (size_t) desired_length,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1482 expected->x, (size_t) expected->len);
Hanno Becker39ff4922020-08-21 13:36:56 +0100[diff] [blame]1483}
1484/* END_CASE */
1485
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]1486/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1487void ssl_tls1_3_traffic_key_generation(int hash_alg,
1488 data_t *server_secret,
1489 data_t *client_secret,
1490 int desired_iv_len,
1491 int desired_key_len,
1492 data_t *expected_server_write_key,
1493 data_t *expected_server_write_iv,
1494 data_t *expected_client_write_key,
1495 data_t *expected_client_write_iv)
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]1496{
1497 mbedtls_ssl_key_set keys;
1498
1499 /* Check sanity of test parameters. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1500 TEST_ASSERT(client_secret->len == server_secret->len);
Yanray Wang82b41492023-03-14 12:26:44 +0800[diff] [blame]1501 TEST_ASSERT(
1502 expected_client_write_iv->len == expected_server_write_iv->len &&
1503 expected_client_write_iv->len == (size_t) desired_iv_len);
1504 TEST_ASSERT(
1505 expected_client_write_key->len == expected_server_write_key->len &&
1506 expected_client_write_key->len == (size_t) desired_key_len);
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]1507
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1508 TEST_ASSERT(mbedtls_ssl_tls1_3_make_traffic_keys(
1509 (mbedtls_md_type_t) hash_alg,
1510 client_secret->x,
1511 server_secret->x,
1512 client_secret->len /* == server_secret->len */,
1513 desired_key_len, desired_iv_len,
1514 &keys) == 0);
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]1515
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1516 TEST_MEMORY_COMPARE(keys.client_write_key,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1517 keys.key_len,
1518 expected_client_write_key->x,
1519 (size_t) desired_key_len);
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1520 TEST_MEMORY_COMPARE(keys.server_write_key,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1521 keys.key_len,
1522 expected_server_write_key->x,
1523 (size_t) desired_key_len);
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1524 TEST_MEMORY_COMPARE(keys.client_write_iv,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1525 keys.iv_len,
1526 expected_client_write_iv->x,
1527 (size_t) desired_iv_len);
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1528 TEST_MEMORY_COMPARE(keys.server_write_iv,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1529 keys.iv_len,
1530 expected_server_write_iv->x,
1531 (size_t) desired_iv_len);
Hanno Becker19498f82020-08-21 13:37:08 +0100[diff] [blame]1532}
1533/* END_CASE */
1534
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1535/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1536void ssl_tls1_3_derive_secret(int hash_alg,
1537 data_t *secret,
1538 int label_idx,
1539 data_t *ctx,
1540 int desired_length,
1541 int already_hashed,
1542 data_t *expected)
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1543{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1544 unsigned char dst[100];
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1545
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1546 unsigned char const *lbl = NULL;
1547 size_t lbl_len;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1548#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
1549 if (label_idx == (int) tls1_3_label_ ## name) \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1550 { \
1551 lbl = mbedtls_ssl_tls1_3_labels.name; \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1552 lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1553 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1554 MBEDTLS_SSL_TLS1_3_LABEL_LIST
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1555#undef MBEDTLS_SSL_TLS1_3_LABEL
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1556 TEST_ASSERT(lbl != NULL);
Hanno Becker70d7fb02020-09-09 10:11:21 +0100[diff] [blame]1557
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1558 /* Check sanity of test parameters. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1559 TEST_ASSERT((size_t) desired_length <= sizeof(dst));
1560 TEST_ASSERT((size_t) desired_length == expected->len);
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1561
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1562 TEST_ASSERT(mbedtls_ssl_tls1_3_derive_secret(
1563 (mbedtls_md_type_t) hash_alg,
1564 secret->x, secret->len,
1565 lbl, lbl_len,
1566 ctx->x, ctx->len,
1567 already_hashed,
1568 dst, desired_length) == 0);
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1569
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1570 TEST_MEMORY_COMPARE(dst, desired_length,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1571 expected->x, desired_length);
Hanno Beckere4849d12020-08-21 14:14:14 +0100[diff] [blame]1572}
1573/* END_CASE */
1574
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]1575/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1576void ssl_tls1_3_key_evolution(int hash_alg,
1577 data_t *secret,
1578 data_t *input,
1579 data_t *expected)
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]1580{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1581 unsigned char secret_new[MBEDTLS_MD_MAX_SIZE];
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]1582
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1583 TEST_ASSERT(mbedtls_ssl_tls1_3_evolve_secret(
1584 (mbedtls_md_type_t) hash_alg,
1585 secret->len ? secret->x : NULL,
1586 input->len ? input->x : NULL, input->len,
1587 secret_new) == 0);
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]1588
Tom Cosgroveba3b14d2023-09-04 11:23:02 +0100[diff] [blame]1589 TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len,
Tom Cosgrovea240fe32023-09-04 11:29:39 +0100[diff] [blame]1590 expected->x, (size_t) expected->len);
Hanno Becker2d2c3eb2020-08-20 14:54:24 +0100[diff] [blame]1591}
1592/* END_CASE */
1593
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1594/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1595void ssl_tls_prf(int type, data_t *secret, data_t *random,
1596 char *label, data_t *result_str, int exp_ret)
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1597{
1598 unsigned char *output;
1599
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1600 output = mbedtls_calloc(1, result_str->len);
1601 if (output == NULL) {
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1602 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1603 }
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1604
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1605 USE_PSA_INIT();
Ron Eldor6b9b1b82019-05-15 17:04:33 +0300[diff] [blame]1606
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1607 TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len,
1608 label, random->x, random->len,
1609 output, result_str->len) == exp_ret);
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1610
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1611 if (exp_ret == 0) {
1612 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
1613 result_str->len, result_str->len) == 0);
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1614 }
1615exit:
1616
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1617 mbedtls_free(output);
1618 USE_PSA_DONE();
Ron Eldor824ad7b2019-05-13 14:09:00 +0300[diff] [blame]1619}
1620/* END_CASE */
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1621
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1622/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1623void ssl_serialize_session_save_load(int ticket_len, char *crt_file)
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1624{
1625 mbedtls_ssl_session original, restored;
1626 unsigned char *buf = NULL;
1627 size_t len;
1628
1629 /*
1630 * Test that a save-load pair is the identity
1631 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1632 mbedtls_ssl_session_init(&original);
1633 mbedtls_ssl_session_init(&restored);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1634 USE_PSA_INIT();
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1635
1636 /* Prepare a dummy session to work on */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1637 TEST_ASSERT(mbedtls_test_ssl_populate_session(
1638 &original, ticket_len, crt_file) == 0);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1639
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1640 /* Serialize it */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1641 TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
1642 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
1643 TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL);
1644 TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
1645 == 0);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1646
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1647 /* Restore session from serialized data */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1648 TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1649
1650 /*
1651 * Make sure both session structures are identical
1652 */
1653#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1654 TEST_ASSERT(original.start == restored.start);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1655#endif
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1656 TEST_ASSERT(original.ciphersuite == restored.ciphersuite);
1657 TEST_ASSERT(original.compression == restored.compression);
1658 TEST_ASSERT(original.id_len == restored.id_len);
1659 TEST_ASSERT(memcmp(original.id,
1660 restored.id, sizeof(original.id)) == 0);
1661 TEST_ASSERT(memcmp(original.master,
1662 restored.master, sizeof(original.master)) == 0);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1663
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]1664#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
1665 defined(MBEDTLS_CERTS_C)
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1666#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1667 TEST_ASSERT((original.peer_cert == NULL) ==
1668 (restored.peer_cert == NULL));
1669 if (original.peer_cert != NULL) {
1670 TEST_ASSERT(original.peer_cert->raw.len ==
1671 restored.peer_cert->raw.len);
1672 TEST_ASSERT(memcmp(original.peer_cert->raw.p,
1673 restored.peer_cert->raw.p,
1674 original.peer_cert->raw.len) == 0);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1675 }
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1676#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1677 TEST_ASSERT(original.peer_cert_digest_type ==
1678 restored.peer_cert_digest_type);
1679 TEST_ASSERT(original.peer_cert_digest_len ==
1680 restored.peer_cert_digest_len);
1681 TEST_ASSERT((original.peer_cert_digest == NULL) ==
1682 (restored.peer_cert_digest == NULL));
1683 if (original.peer_cert_digest != NULL) {
1684 TEST_ASSERT(memcmp(original.peer_cert_digest,
1685 restored.peer_cert_digest,
1686 original.peer_cert_digest_len) == 0);
Manuel Pégourié-Gonnardee13a732019-07-29 13:00:39 +0200[diff] [blame]1687 }
1688#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]1689#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1690 TEST_ASSERT(original.verify_result == restored.verify_result);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1691
1692#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1693 TEST_ASSERT(original.ticket_len == restored.ticket_len);
1694 if (original.ticket_len != 0) {
1695 TEST_ASSERT(original.ticket != NULL);
1696 TEST_ASSERT(restored.ticket != NULL);
1697 TEST_ASSERT(memcmp(original.ticket,
1698 restored.ticket, original.ticket_len) == 0);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1699 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1700 TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1701#endif
1702
1703#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1704 TEST_ASSERT(original.mfl_code == restored.mfl_code);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1705#endif
1706
1707#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1708 TEST_ASSERT(original.trunc_hmac == restored.trunc_hmac);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1709#endif
1710
1711#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1712 TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac);
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1713#endif
1714
1715exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1716 mbedtls_ssl_session_free(&original);
1717 mbedtls_ssl_session_free(&restored);
1718 mbedtls_free(buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1719 USE_PSA_DONE();
Manuel Pégourié-Gonnardf9deaec2019-05-24 09:41:39 +0200[diff] [blame]1720}
1721/* END_CASE */
1722
Manuel Pégourié-Gonnardaa755832019-06-03 10:53:47 +0200[diff] [blame]1723/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1724void ssl_serialize_session_load_save(int ticket_len, char *crt_file)
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1725{
1726 mbedtls_ssl_session session;
1727 unsigned char *buf1 = NULL, *buf2 = NULL;
1728 size_t len0, len1, len2;
1729
1730 /*
1731 * Test that a load-save pair is the identity
1732 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1733 mbedtls_ssl_session_init(&session);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1734 USE_PSA_INIT();
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1735
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1736 /* Prepare a dummy session to work on */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1737 TEST_ASSERT(mbedtls_test_ssl_populate_session(
1738 &session, ticket_len, crt_file) == 0);
Manuel Pégourié-Gonnard3caa6ca2019-05-23 10:06:14 +0200[diff] [blame]1739
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1740 /* Get desired buffer size for serializing */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1741 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0)
1742 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1743
1744 /* Allocate first buffer */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1745 buf1 = mbedtls_calloc(1, len0);
1746 TEST_ASSERT(buf1 != NULL);
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1747
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1748 /* Serialize to buffer and free live session */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1749 TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1)
1750 == 0);
1751 TEST_ASSERT(len0 == len1);
1752 mbedtls_ssl_session_free(&session);
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1753
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1754 /* Restore session from serialized data */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1755 TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0);
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1756
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1757 /* Allocate second buffer and serialize to it */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1758 buf2 = mbedtls_calloc(1, len0);
1759 TEST_ASSERT(buf2 != NULL);
1760 TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2)
1761 == 0);
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1762
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1763 /* Make sure both serialized versions are identical */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1764 TEST_ASSERT(len1 == len2);
1765 TEST_ASSERT(memcmp(buf1, buf2, len1) == 0);
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1766
1767exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1768 mbedtls_ssl_session_free(&session);
1769 mbedtls_free(buf1);
1770 mbedtls_free(buf2);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1771 USE_PSA_DONE();
Manuel Pégourié-Gonnard6eac11b2019-05-23 09:30:55 +0200[diff] [blame]1772}
1773/* END_CASE */
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1774
1775/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1776void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file)
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1777{
1778 mbedtls_ssl_session session;
1779 unsigned char *buf = NULL;
1780 size_t good_len, bad_len, test_len;
1781
1782 /*
1783 * Test that session_save() fails cleanly on small buffers
1784 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1785 mbedtls_ssl_session_init(&session);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1786 USE_PSA_INIT();
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1787
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1788 /* Prepare dummy session and get serialized size */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1789 TEST_ASSERT(mbedtls_test_ssl_populate_session(
1790 &session, ticket_len, crt_file) == 0);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1791 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
1792 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1793
1794 /* Try all possible bad lengths */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1795 for (bad_len = 1; bad_len < good_len; bad_len++) {
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1796 /* Allocate exact size so that asan/valgrind can detect any overwrite */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1797 mbedtls_free(buf);
1798 TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL);
1799 TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
1800 &test_len)
1801 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
1802 TEST_ASSERT(test_len == good_len);
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1803 }
1804
1805exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1806 mbedtls_ssl_session_free(&session);
1807 mbedtls_free(buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1808 USE_PSA_DONE();
Manuel Pégourié-Gonnardf5fa0aa2019-05-23 10:38:11 +0200[diff] [blame]1809}
1810/* END_CASE */
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1811
1812/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1813void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file)
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1814{
1815 mbedtls_ssl_session session;
1816 unsigned char *good_buf = NULL, *bad_buf = NULL;
1817 size_t good_len, bad_len;
1818
1819 /*
1820 * Test that session_load() fails cleanly on small buffers
1821 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1822 mbedtls_ssl_session_init(&session);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1823 USE_PSA_INIT();
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1824
Manuel Pégourié-Gonnard686adb42019-06-03 09:55:16 +0200[diff] [blame]1825 /* Prepare serialized session data */
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1826 TEST_ASSERT(mbedtls_test_ssl_populate_session(
1827 &session, ticket_len, crt_file) == 0);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1828 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
1829 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
1830 TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL);
1831 TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
1832 &good_len) == 0);
1833 mbedtls_ssl_session_free(&session);
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1834
1835 /* Try all possible bad lengths */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1836 for (bad_len = 0; bad_len < good_len; bad_len++) {
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1837 /* Allocate exact size so that asan/valgrind can detect any overread */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1838 mbedtls_free(bad_buf);
1839 bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1);
1840 TEST_ASSERT(bad_buf != NULL);
1841 memcpy(bad_buf, good_buf, bad_len);
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1842
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1843 TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
1844 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1845 }
1846
1847exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1848 mbedtls_ssl_session_free(&session);
1849 mbedtls_free(good_buf);
1850 mbedtls_free(bad_buf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1851 USE_PSA_DONE();
Manuel Pégourié-Gonnarda3d831b2019-05-23 12:28:45 +0200[diff] [blame]1852}
1853/* END_CASE */
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1854
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1855/* BEGIN_CASE */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1856void ssl_session_serialize_version_check(int corrupt_major,
1857 int corrupt_minor,
1858 int corrupt_patch,
1859 int corrupt_config)
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1860{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1861 unsigned char serialized_session[2048];
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1862 size_t serialized_session_len;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1863 unsigned cur_byte;
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1864 mbedtls_ssl_session session;
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1865 uint8_t should_corrupt_byte[] = { corrupt_major == 1,
1866 corrupt_minor == 1,
1867 corrupt_patch == 1,
1868 corrupt_config == 1,
1869 corrupt_config == 1 };
1870
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1871 mbedtls_ssl_session_init(&session);
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1872 USE_PSA_INIT();
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1873
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1874 /* Infer length of serialized session. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1875 TEST_ASSERT(mbedtls_ssl_session_save(&session,
1876 serialized_session,
1877 sizeof(serialized_session),
1878 &serialized_session_len) == 0);
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1879
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1880 mbedtls_ssl_session_free(&session);
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1881
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1882 /* Without any modification, we should be able to successfully
Hanno Becker363b6462019-05-29 12:44:28 +0100[diff] [blame]1883 * de-serialize the session - double-check that. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1884 TEST_ASSERT(mbedtls_ssl_session_load(&session,
1885 serialized_session,
1886 serialized_session_len) == 0);
1887 mbedtls_ssl_session_free(&session);
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1888
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1889 /* Go through the bytes in the serialized session header and
1890 * corrupt them bit-by-bit. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1891 for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1892 int cur_bit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1893 unsigned char * const byte = &serialized_session[cur_byte];
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1894
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1895 if (should_corrupt_byte[cur_byte] == 0) {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1896 continue;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1897 }
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1898
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1899 for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) {
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1900 unsigned char const corrupted_bit = 0x1u << cur_bit;
1901 /* Modify a single bit in the serialized session. */
1902 *byte ^= corrupted_bit;
1903
1904 /* Attempt to deserialize */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1905 TEST_ASSERT(mbedtls_ssl_session_load(&session,
1906 serialized_session,
1907 serialized_session_len) ==
1908 MBEDTLS_ERR_SSL_VERSION_MISMATCH);
Hanno Beckerfe1275e2019-05-29 12:45:21 +0100[diff] [blame]1909
1910 /* Undo the change */
1911 *byte ^= corrupted_bit;
1912 }
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1913 }
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1914 USE_PSA_DONE();
Hanno Becker861d0bb2019-05-21 16:39:30 +0100[diff] [blame]1915}
1916/* END_CASE */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1917
Gilles Peskine1fc71162023-07-20 20:04:00 +0200[diff] [blame]1918/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1919void mbedtls_endpoint_sanity(int endpoint_type)
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1920{
1921 enum { BUFFSIZE = 1024 };
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]1922 mbedtls_test_ssl_endpoint ep;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1923 int ret = -1;
1924
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1925 USE_PSA_INIT();
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1926 ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA,
1927 NULL, NULL, NULL, NULL);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1928 TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1929
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1930 ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1931 TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1932
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1933 ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA,
1934 NULL, NULL, NULL, NULL);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1935 TEST_ASSERT(ret == 0);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1936
1937exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1938 mbedtls_test_ssl_endpoint_free(&ep, NULL);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1939 USE_PSA_DONE();
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1940}
1941/* END_CASE */
1942
Gilles Peskine1fc71162023-07-20 20:04:00 +0200[diff] [blame]1943/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1944void move_handshake_to_state(int endpoint_type, int state, int need_pass)
1945{
1946 enum { BUFFSIZE = 1024 };
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]1947 mbedtls_test_ssl_endpoint base_ep, second_ep;
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1948 int ret = -1;
1949
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1950 mbedtls_platform_zeroize(&base_ep, sizeof(base_ep));
1951 mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
Andrzej Kurek0d2982b2022-10-18 07:55:46 -0400[diff] [blame]1952
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1953 ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type,
1954 MBEDTLS_PK_RSA,
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1955 NULL, NULL, NULL, NULL);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1956 TEST_ASSERT(ret == 0);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1957
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]1958 ret = mbedtls_test_ssl_endpoint_init(
1959 &second_ep,
1960 (endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
1961 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
1962 MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1963 TEST_ASSERT(ret == 0);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1964
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]1965 USE_PSA_INIT();
1966
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1967 ret = mbedtls_test_mock_socket_connect(&(base_ep.socket),
1968 &(second_ep.socket),
1969 BUFFSIZE);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1970 TEST_ASSERT(ret == 0);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1971
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1972 ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl),
1973 &(second_ep.ssl),
1974 state);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1975 if (need_pass) {
1976 TEST_ASSERT(ret == 0);
1977 TEST_ASSERT(base_ep.ssl.state == state);
1978 } else {
1979 TEST_ASSERT(ret != 0);
1980 TEST_ASSERT(base_ep.ssl.state != state);
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1981 }
1982
1983exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1984 mbedtls_test_ssl_endpoint_free(&base_ep, NULL);
1985 mbedtls_test_ssl_endpoint_free(&second_ep, NULL);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]1986 USE_PSA_DONE();
Piotr Nowicki2a1f1782020-01-13 09:42:10 +0100[diff] [blame]1987}
1988/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1989
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]1990/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1991void handshake_version(int dtls, int client_min_version, int client_max_version,
1992 int server_min_version, int server_max_version,
1993 int expected_negotiated_version)
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]1994{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]1995 mbedtls_test_handshake_test_options options;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]1996 mbedtls_test_init_handshake_options(&options);
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]1997
Paul Elliottc8570442020-04-15 17:00:50 +0100[diff] [blame]1998 options.client_min_version = client_min_version;
1999 options.client_max_version = client_max_version;
2000 options.server_min_version = server_min_version;
2001 options.server_max_version = server_max_version;
2002
2003 options.expected_negotiated_version = expected_negotiated_version;
2004
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2005 options.dtls = dtls;
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]2006 /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so
2007 * the number of fragments will be twice as big. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2008 if (expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 ||
2009 expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1) {
Piotr Nowicki438bf3b2020-03-10 12:59:10 +0100[diff] [blame]2010 options.expected_cli_fragments = 2;
2011 options.expected_srv_fragments = 2;
Andrzej Kurek941962e2020-02-07 09:20:32 -0500[diff] [blame]2012 }
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2013 mbedtls_test_ssl_perform_handshake(&options);
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]2014
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2015 /* The goto below is used to avoid an "unused label" warning.*/
2016 goto exit;
2017}
2018/* END_CASE */
Andrzej Kurek9e9efdc2020-02-26 05:25:23 -0500[diff] [blame]2019
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2020/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2021void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2022{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2023 mbedtls_test_handshake_test_options options;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2024 mbedtls_test_init_handshake_options(&options);
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]2025
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2026 options.cipher = cipher;
2027 options.dtls = dtls;
2028 options.psk_str = psk_str;
2029 options.pk_alg = pk_alg;
Andrzej Kurekcc5169c2020-02-04 09:04:56 -0500[diff] [blame]2030
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2031 mbedtls_test_ssl_perform_handshake(&options);
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]2032
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2033 /* The goto below is used to avoid an "unused label" warning.*/
2034 goto exit;
2035}
2036/* END_CASE */
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]2037
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2038/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2039void handshake_cipher(char *cipher, int pk_alg, int dtls)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2040{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2041 test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls);
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]2042
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2043 /* The goto below is used to avoid an "unused label" warning.*/
2044 goto exit;
2045}
2046/* END_CASE */
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]2047
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2048/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2049void app_data(int mfl, int cli_msg_len, int srv_msg_len,
2050 int expected_cli_fragments,
2051 int expected_srv_fragments, int dtls)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2052{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2053 mbedtls_test_handshake_test_options options;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2054 mbedtls_test_init_handshake_options(&options);
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2055
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2056 options.mfl = mfl;
2057 options.cli_msg_len = cli_msg_len;
2058 options.srv_msg_len = srv_msg_len;
2059 options.expected_cli_fragments = expected_cli_fragments;
2060 options.expected_srv_fragments = expected_srv_fragments;
2061 options.dtls = dtls;
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2062
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2063 mbedtls_test_ssl_perform_handshake(&options);
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2064 /* The goto below is used to avoid an "unused label" warning.*/
2065 goto exit;
2066}
2067/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2068
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2069/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2070void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
2071 int expected_cli_fragments,
2072 int expected_srv_fragments)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2073{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2074 test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
2075 expected_srv_fragments, 0);
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2076 /* The goto below is used to avoid an "unused label" warning.*/
2077 goto exit;
2078}
2079/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2080
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2081/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2082void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
2083 int expected_cli_fragments,
2084 int expected_srv_fragments)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2085{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2086 test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
2087 expected_srv_fragments, 1);
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2088 /* The goto below is used to avoid an "unused label" warning.*/
2089 goto exit;
2090}
2091/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2092
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2093/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2094void handshake_serialization()
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2095{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2096 mbedtls_test_handshake_test_options options;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2097 mbedtls_test_init_handshake_options(&options);
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2098
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2099 options.serialize = 1;
2100 options.dtls = 1;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2101 mbedtls_test_ssl_perform_handshake(&options);
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2102 /* The goto below is used to avoid an "unused label" warning.*/
2103 goto exit;
2104}
2105/* END_CASE */
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2106
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2107/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2108void handshake_fragmentation(int mfl,
2109 int expected_srv_hs_fragmentation,
2110 int expected_cli_hs_fragmentation)
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2111{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2112 mbedtls_test_handshake_test_options options;
2113 mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2114
2115 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
2116 srv_pattern.counter = 0;
2117 cli_pattern.counter = 0;
2118
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2119 mbedtls_test_init_handshake_options(&options);
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2120 options.dtls = 1;
2121 options.mfl = mfl;
Darryl Greenaad82f92019-12-02 10:53:11 +0000[diff] [blame]2122 /* Set cipher to one using CBC so that record splitting can be tested */
2123 options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2124 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
2125 options.srv_log_obj = &srv_pattern;
2126 options.cli_log_obj = &cli_pattern;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2127 options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
2128 options.cli_log_fun = mbedtls_test_ssl_log_analyzer;
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2129
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2130 mbedtls_test_ssl_perform_handshake(&options);
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2131
2132 /* Test if the server received a fragmented handshake */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2133 if (expected_srv_hs_fragmentation) {
2134 TEST_ASSERT(srv_pattern.counter >= 1);
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2135 }
2136 /* Test if the client received a fragmented handshake */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2137 if (expected_cli_hs_fragmentation) {
2138 TEST_ASSERT(cli_pattern.counter >= 1);
Piotr Nowickibde7ee82020-02-21 10:59:50 +0100[diff] [blame]2139 }
2140}
2141/* END_CASE */
2142
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2143/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2144void renegotiation(int legacy_renegotiation)
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2145{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2146 mbedtls_test_handshake_test_options options;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2147 mbedtls_test_init_handshake_options(&options);
Andrzej Kurekda2b6782020-02-12 07:56:36 -0500[diff] [blame]2148
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2149 options.renegotiate = 1;
2150 options.legacy_renegotiation = legacy_renegotiation;
2151 options.dtls = 1;
Andrzej Kurek316da1f2020-02-26 09:03:47 -0500[diff] [blame]2152
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2153 mbedtls_test_ssl_perform_handshake(&options);
Andrzej Kurek8a6ff152020-02-26 09:10:14 -0500[diff] [blame]2154 /* The goto below is used to avoid an "unused label" warning.*/
2155 goto exit;
Andrzej Kurekf40daa32020-02-04 09:00:01 -0500[diff] [blame]2156}
2157/* END_CASE */
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2158
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2159/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2160void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
2161 int serialize, int dtls, char *cipher)
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2162{
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2163 mbedtls_test_handshake_test_options options;
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2164 mbedtls_test_init_handshake_options(&options);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2165
2166 options.mfl = mfl;
Andrzej Kurek8ea68722020-04-03 06:40:47 -0400[diff] [blame]2167 options.cipher = cipher;
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2168 options.renegotiate = renegotiation;
2169 options.legacy_renegotiation = legacy_renegotiation;
2170 options.serialize = serialize;
2171 options.dtls = dtls;
2172 options.resize_buffers = 1;
2173
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2174 mbedtls_test_ssl_perform_handshake(&options);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2175 /* The goto below is used to avoid an "unused label" warning.*/
2176 goto exit;
2177}
2178/* END_CASE */
2179
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2180/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2181void resize_buffers_serialize_mfl(int mfl)
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2182{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2183 test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
2184 (char *) "");
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2185 /* The goto below is used to avoid an "unused label" warning.*/
2186 goto exit;
2187}
2188/* END_CASE */
2189
Gilles Peskine33d03fe2023-02-01 18:37:49 +0100[diff] [blame]2190/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2191void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
2192 char *cipher)
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2193{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2194 test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
Andrzej Kurek0afa2a12020-03-03 10:39:58 -0500[diff] [blame]2195 /* The goto below is used to avoid an "unused label" warning.*/
2196 goto exit;
2197}
2198/* END_CASE */
Manuel Pégourié-Gonnard045f0942020-07-02 11:34:02 +0200[diff] [blame]2199
Gilles Peskine1fc71162023-07-20 20:04:00 +0200[diff] [blame]2200/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2201void raw_key_agreement_fail(int bad_server_ecdhe_key)
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2202{
2203 enum { BUFFSIZE = 17000 };
Yanray Wangabfdcd82022-10-25 16:44:13 +0800[diff] [blame]2204 mbedtls_test_ssl_endpoint client, server;
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2205 mbedtls_psa_stats_t stats;
Andrzej Kurek2582ba32022-03-31 06:30:54 -0400[diff] [blame]2206 size_t free_slots_before = -1;
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2207
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2208 mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
2209 MBEDTLS_ECP_DP_NONE };
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]2210
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2211 mbedtls_platform_zeroize(&client, sizeof(client));
2212 mbedtls_platform_zeroize(&server, sizeof(server));
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2213
2214 /* Client side, force SECP256R1 to make one key bitflip fail
Andrzej Kurek9cb14d42022-04-14 08:51:41 -0400[diff] [blame]2215 * the raw key agreement. Flipping the first byte makes the
2216 * required 0x04 identifier invalid. */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2217 TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
2218 MBEDTLS_PK_ECDSA, NULL, NULL,
2219 NULL, curve_list), 0);
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2220
2221 /* Server side */
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2222 TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
2223 MBEDTLS_PK_ECDSA, NULL, NULL,
2224 NULL, NULL), 0);
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2225
Valerio Setti89ae9b62023-04-27 17:22:54 +0200[diff] [blame]2226 USE_PSA_INIT();
2227
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2228 TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
2229 &(server.socket),
2230 BUFFSIZE), 0);
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2231
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]2232 TEST_EQUAL(mbedtls_test_move_handshake_to_state(
2233 &(client.ssl), &(server.ssl),
2234 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2235 , 0);
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2236
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2237 mbedtls_psa_get_stats(&stats);
Andrzej Kurek2582ba32022-03-31 06:30:54 -0400[diff] [blame]2238 /* Save the number of slots in use up to this point.
2239 * With PSA, one can be used for the ECDH private key. */
2240 free_slots_before = stats.empty_slots;
Andrzej Kurek99f67782022-03-31 07:17:18 -0400[diff] [blame]2241
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2242 if (bad_server_ecdhe_key) {
Gilles Peskine6dd489c2022-04-15 05:54:40 -0400[diff] [blame]2243 /* Force a simulated bitflip in the server key. to make the
2244 * raw key agreement in ssl_write_client_key_exchange fail. */
2245 (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
2246 }
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2247
Yanray Wang862ef862023-03-14 11:05:04 +0800[diff] [blame]2248 TEST_EQUAL(mbedtls_test_move_handshake_to_state(
2249 &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER),
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2250 bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0);
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2251
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2252 mbedtls_psa_get_stats(&stats);
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2253
Gilles Peskine6dd489c2022-04-15 05:54:40 -0400[diff] [blame]2254 /* Make sure that the key slot is already destroyed in case of failure,
2255 * without waiting to close the connection. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2256 if (bad_server_ecdhe_key) {
2257 TEST_EQUAL(free_slots_before, stats.empty_slots);
2258 }
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2259
2260exit:
Yanray Wangc4638492022-10-26 11:51:53 +0800[diff] [blame]2261 mbedtls_test_ssl_endpoint_free(&client, NULL);
2262 mbedtls_test_ssl_endpoint_free(&server, NULL);
Andrzej Kurek99f67782022-03-31 07:17:18 -0400[diff] [blame]2263
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2264 USE_PSA_DONE();
Andrzej Kurekb4eedf72022-04-15 05:41:14 -0400[diff] [blame]2265}
2266/* END_CASE */
Andrzej Kurek862acb82022-06-06 13:08:23 -0400[diff] [blame]2267
Andrzej Kurek3c036f52022-06-08 11:57:57 -0400[diff] [blame]2268/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2269void cookie_parsing(data_t *cookie, int exp_ret)
Andrzej Kurek862acb82022-06-06 13:08:23 -0400[diff] [blame]2270{
2271 mbedtls_ssl_context ssl;
2272 mbedtls_ssl_config conf;
2273 size_t len;
2274
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2275 mbedtls_ssl_init(&ssl);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]2276 USE_PSA_INIT();
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2277 mbedtls_ssl_config_init(&conf);
2278 TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
2279 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
2280 MBEDTLS_SSL_PRESET_DEFAULT),
2281 0);
Andrzej Kurek862acb82022-06-06 13:08:23 -0400[diff] [blame]2282
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2283 TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
2284 TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id,
2285 ssl.cli_id_len,
2286 cookie->x, cookie->len,
2287 ssl.out_buf,
2288 MBEDTLS_SSL_OUT_CONTENT_LEN,
2289 &len),
2290 exp_ret);
Andrzej Kurek862acb82022-06-06 13:08:23 -0400[diff] [blame]2291
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]2292exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]2293 mbedtls_ssl_free(&ssl);
2294 mbedtls_ssl_config_free(&conf);
Valerio Setti44570a52023-04-19 15:10:45 +0200[diff] [blame]2295 USE_PSA_DONE();
Andrzej Kurek862acb82022-06-06 13:08:23 -0400[diff] [blame]2296}
2297/* END_CASE */