1/* BEGIN_HEADER */ 2#include <test/ssl_helpers.h> 3 4#include <constant_time_internal.h> 5 6#include <test/constant_flow.h> 7 8#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } 9 10/* END_HEADER */ 11 12/* BEGIN_DEPENDENCIES 13 * depends_on:MBEDTLS_SSL_TLS_C 14 * END_DEPENDENCIES 15 */ 16 17/* BEGIN_CASE */ 18void test_callback_buffer_sanity() 19{ 20 enum { MSGLEN = 10 }; 21 mbedtls_test_ssl_buffer buf; 22 unsigned char input[MSGLEN]; 23 unsigned char output[MSGLEN]; 24 25 USE_PSA_INIT(); 26 memset(input, 0, sizeof(input)); 27 28 /* Make sure calling put and get on NULL buffer results in error. */ 29 TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) 30 == -1); 31 TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) 32 == -1); 33 TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) 34 == -1); 35 36 TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); 37 TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); 38 39 /* Make sure calling put and get on a buffer that hasn't been set up results 40 * in error. */ 41 mbedtls_test_ssl_buffer_init(&buf); 42 43 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) 44 == -1); 45 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) 46 == -1); 47 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) 48 == -1); 49 50 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); 51 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); 52 53 /* Make sure calling put and get on NULL input only results in 54 * error if the length is not zero, and that a NULL output is valid for data 55 * dropping. 56 */ 57 58 TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); 59 60 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) 61 == -1); 62 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) 63 == 0); 64 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); 65 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); 66 67 /* Make sure calling put several times in the row is safe */ 68 69 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) 70 == sizeof(input)); 71 TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); 72 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); 73 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); 74 TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); 75 76 77exit: 78 mbedtls_test_ssl_buffer_free(&buf); 79 USE_PSA_DONE(); 80} 81/* END_CASE */ 82 83/* 84 * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is 85 * correct and works as expected. 86 * 87 * That is 88 * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes. 89 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. 90 * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret 91 * bytes. 92 * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. 93 * - All of the bytes we got match the bytes we put in in a FIFO manner. 94 */ 95 96/* BEGIN_CASE */ 97void test_callback_buffer(int size, int put1, int put1_ret, 98 int get1, int get1_ret, int put2, int put2_ret, 99 int get2, int get2_ret) 100{ 101 enum { ROUNDS = 2 }; 102 size_t put[ROUNDS]; 103 int put_ret[ROUNDS]; 104 size_t get[ROUNDS]; 105 int get_ret[ROUNDS]; 106 mbedtls_test_ssl_buffer buf; 107 unsigned char *input = NULL; 108 size_t input_len; 109 unsigned char *output = NULL; 110 size_t output_len; 111 size_t i, j, written, read; 112 113 mbedtls_test_ssl_buffer_init(&buf); 114 USE_PSA_INIT(); 115 TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); 116 117 /* Check the sanity of input parameters and initialise local variables. That 118 * is, ensure that the amount of data is not negative and that we are not 119 * expecting more to put or get than we actually asked for. */ 120 TEST_ASSERT(put1 >= 0); 121 put[0] = put1; 122 put_ret[0] = put1_ret; 123 TEST_ASSERT(put1_ret <= put1); 124 TEST_ASSERT(put2 >= 0); 125 put[1] = put2; 126 put_ret[1] = put2_ret; 127 TEST_ASSERT(put2_ret <= put2); 128 129 TEST_ASSERT(get1 >= 0); 130 get[0] = get1; 131 get_ret[0] = get1_ret; 132 TEST_ASSERT(get1_ret <= get1); 133 TEST_ASSERT(get2 >= 0); 134 get[1] = get2; 135 get_ret[1] = get2_ret; 136 TEST_ASSERT(get2_ret <= get2); 137 138 input_len = 0; 139 /* Calculate actual input and output lengths */ 140 for (j = 0; j < ROUNDS; j++) { 141 if (put_ret[j] > 0) { 142 input_len += put_ret[j]; 143 } 144 } 145 /* In order to always have a valid pointer we always allocate at least 1 146 * byte. */ 147 if (input_len == 0) { 148 input_len = 1; 149 } 150 TEST_CALLOC(input, input_len); 151 152 output_len = 0; 153 for (j = 0; j < ROUNDS; j++) { 154 if (get_ret[j] > 0) { 155 output_len += get_ret[j]; 156 } 157 } 158 TEST_ASSERT(output_len <= input_len); 159 /* In order to always have a valid pointer we always allocate at least 1 160 * byte. */ 161 if (output_len == 0) { 162 output_len = 1; 163 } 164 TEST_CALLOC(output, output_len); 165 166 /* Fill up the buffer with structured data so that unwanted changes 167 * can be detected */ 168 for (i = 0; i < input_len; i++) { 169 input[i] = i & 0xFF; 170 } 171 172 written = read = 0; 173 for (j = 0; j < ROUNDS; j++) { 174 TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, 175 input + written, put[j])); 176 written += put_ret[j]; 177 TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, 178 output + read, get[j])); 179 read += get_ret[j]; 180 TEST_ASSERT(read <= written); 181 if (get_ret[j] > 0) { 182 TEST_ASSERT(memcmp(output + read - get_ret[j], 183 input + read - get_ret[j], get_ret[j]) 184 == 0); 185 } 186 } 187 188exit: 189 mbedtls_free(input); 190 mbedtls_free(output); 191 mbedtls_test_ssl_buffer_free(&buf); 192 USE_PSA_DONE(); 193} 194/* END_CASE */ 195 196/* 197 * Test if the implementation of `mbedtls_test_mock_socket` related 198 * I/O functions is correct and works as expected on unconnected sockets. 199 */ 200 201/* BEGIN_CASE */ 202void ssl_mock_sanity() 203{ 204 enum { MSGLEN = 105 }; 205 unsigned char message[MSGLEN] = { 0 }; 206 unsigned char received[MSGLEN] = { 0 }; 207 mbedtls_test_mock_socket socket; 208 209 mbedtls_test_mock_socket_init(&socket); 210 USE_PSA_INIT(); 211 TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); 212 mbedtls_test_mock_socket_close(&socket); 213 mbedtls_test_mock_socket_init(&socket); 214 TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); 215 mbedtls_test_mock_socket_close(&socket); 216 217 mbedtls_test_mock_socket_init(&socket); 218 TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); 219 mbedtls_test_mock_socket_close(&socket); 220 mbedtls_test_mock_socket_init(&socket); 221 TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); 222 mbedtls_test_mock_socket_close(&socket); 223 224exit: 225 mbedtls_test_mock_socket_close(&socket); 226 USE_PSA_DONE(); 227} 228/* END_CASE */ 229 230/* 231 * Test if the implementation of `mbedtls_test_mock_socket` related functions 232 * can send a single message from the client to the server. 233 */ 234 235/* BEGIN_CASE */ 236void ssl_mock_tcp(int blocking) 237{ 238 enum { MSGLEN = 105 }; 239 enum { BUFLEN = MSGLEN / 5 }; 240 unsigned char message[MSGLEN]; 241 unsigned char received[MSGLEN]; 242 mbedtls_test_mock_socket client; 243 mbedtls_test_mock_socket server; 244 size_t written, read; 245 int send_ret, recv_ret; 246 mbedtls_ssl_send_t *send; 247 mbedtls_ssl_recv_t *recv; 248 unsigned i; 249 250 if (blocking == 0) { 251 send = mbedtls_test_mock_tcp_send_nb; 252 recv = mbedtls_test_mock_tcp_recv_nb; 253 } else { 254 send = mbedtls_test_mock_tcp_send_b; 255 recv = mbedtls_test_mock_tcp_recv_b; 256 } 257 258 mbedtls_test_mock_socket_init(&client); 259 mbedtls_test_mock_socket_init(&server); 260 USE_PSA_INIT(); 261 262 /* Fill up the buffer with structured data so that unwanted changes 263 * can be detected */ 264 for (i = 0; i < MSGLEN; i++) { 265 message[i] = i & 0xFF; 266 } 267 268 /* Make sure that sending a message takes a few iterations. */ 269 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); 270 271 /* Send the message to the server */ 272 send_ret = recv_ret = 1; 273 written = read = 0; 274 while (send_ret != 0 || recv_ret != 0) { 275 send_ret = send(&client, message + written, MSGLEN - written); 276 277 TEST_ASSERT(send_ret >= 0); 278 TEST_ASSERT(send_ret <= BUFLEN); 279 written += send_ret; 280 281 /* If the buffer is full we can test blocking and non-blocking send */ 282 if (send_ret == BUFLEN) { 283 int blocking_ret = send(&client, message, 1); 284 if (blocking) { 285 TEST_ASSERT(blocking_ret == 0); 286 } else { 287 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); 288 } 289 } 290 291 recv_ret = recv(&server, received + read, MSGLEN - read); 292 293 /* The result depends on whether any data was sent */ 294 if (send_ret > 0) { 295 TEST_ASSERT(recv_ret > 0); 296 TEST_ASSERT(recv_ret <= BUFLEN); 297 read += recv_ret; 298 } else if (blocking) { 299 TEST_ASSERT(recv_ret == 0); 300 } else { 301 TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ); 302 recv_ret = 0; 303 } 304 305 /* If the buffer is empty we can test blocking and non-blocking read */ 306 if (recv_ret == BUFLEN) { 307 int blocking_ret = recv(&server, received, 1); 308 if (blocking) { 309 TEST_ASSERT(blocking_ret == 0); 310 } else { 311 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); 312 } 313 } 314 } 315 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 316 317exit: 318 mbedtls_test_mock_socket_close(&client); 319 mbedtls_test_mock_socket_close(&server); 320 USE_PSA_DONE(); 321} 322/* END_CASE */ 323 324/* 325 * Test if the implementation of `mbedtls_test_mock_socket` related functions 326 * can send messages in both direction at the same time (with the I/O calls 327 * interleaving). 328 */ 329 330/* BEGIN_CASE */ 331void ssl_mock_tcp_interleaving(int blocking) 332{ 333 enum { ROUNDS = 2 }; 334 enum { MSGLEN = 105 }; 335 enum { BUFLEN = MSGLEN / 5 }; 336 unsigned char message[ROUNDS][MSGLEN]; 337 unsigned char received[ROUNDS][MSGLEN]; 338 mbedtls_test_mock_socket client; 339 mbedtls_test_mock_socket server; 340 size_t written[ROUNDS]; 341 size_t read[ROUNDS]; 342 int send_ret[ROUNDS]; 343 int recv_ret[ROUNDS]; 344 unsigned i, j, progress; 345 mbedtls_ssl_send_t *send; 346 mbedtls_ssl_recv_t *recv; 347 348 if (blocking == 0) { 349 send = mbedtls_test_mock_tcp_send_nb; 350 recv = mbedtls_test_mock_tcp_recv_nb; 351 } else { 352 send = mbedtls_test_mock_tcp_send_b; 353 recv = mbedtls_test_mock_tcp_recv_b; 354 } 355 356 mbedtls_test_mock_socket_init(&client); 357 mbedtls_test_mock_socket_init(&server); 358 USE_PSA_INIT(); 359 360 /* Fill up the buffers with structured data so that unwanted changes 361 * can be detected */ 362 for (i = 0; i < ROUNDS; i++) { 363 for (j = 0; j < MSGLEN; j++) { 364 message[i][j] = (i * MSGLEN + j) & 0xFF; 365 } 366 } 367 368 /* Make sure that sending a message takes a few iterations. */ 369 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 370 BUFLEN)); 371 372 /* Send the message from both sides, interleaving. */ 373 progress = 1; 374 for (i = 0; i < ROUNDS; i++) { 375 written[i] = 0; 376 read[i] = 0; 377 } 378 /* This loop does not stop as long as there was a successful write or read 379 * of at least one byte on either side. */ 380 while (progress != 0) { 381 mbedtls_test_mock_socket *socket; 382 383 for (i = 0; i < ROUNDS; i++) { 384 /* First sending is from the client */ 385 socket = (i % 2 == 0) ? (&client) : (&server); 386 387 send_ret[i] = send(socket, message[i] + written[i], 388 MSGLEN - written[i]); 389 TEST_ASSERT(send_ret[i] >= 0); 390 TEST_ASSERT(send_ret[i] <= BUFLEN); 391 written[i] += send_ret[i]; 392 393 /* If the buffer is full we can test blocking and non-blocking 394 * send */ 395 if (send_ret[i] == BUFLEN) { 396 int blocking_ret = send(socket, message[i], 1); 397 if (blocking) { 398 TEST_ASSERT(blocking_ret == 0); 399 } else { 400 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); 401 } 402 } 403 } 404 405 for (i = 0; i < ROUNDS; i++) { 406 /* First receiving is from the server */ 407 socket = (i % 2 == 0) ? (&server) : (&client); 408 409 recv_ret[i] = recv(socket, received[i] + read[i], 410 MSGLEN - read[i]); 411 412 /* The result depends on whether any data was sent */ 413 if (send_ret[i] > 0) { 414 TEST_ASSERT(recv_ret[i] > 0); 415 TEST_ASSERT(recv_ret[i] <= BUFLEN); 416 read[i] += recv_ret[i]; 417 } else if (blocking) { 418 TEST_ASSERT(recv_ret[i] == 0); 419 } else { 420 TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ); 421 recv_ret[i] = 0; 422 } 423 424 /* If the buffer is empty we can test blocking and non-blocking 425 * read */ 426 if (recv_ret[i] == BUFLEN) { 427 int blocking_ret = recv(socket, received[i], 1); 428 if (blocking) { 429 TEST_ASSERT(blocking_ret == 0); 430 } else { 431 TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); 432 } 433 } 434 } 435 436 progress = 0; 437 for (i = 0; i < ROUNDS; i++) { 438 progress += send_ret[i] + recv_ret[i]; 439 } 440 } 441 442 for (i = 0; i < ROUNDS; i++) { 443 TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0); 444 } 445 446exit: 447 mbedtls_test_mock_socket_close(&client); 448 mbedtls_test_mock_socket_close(&server); 449 USE_PSA_DONE(); 450} 451/* END_CASE */ 452 453/* BEGIN_CASE */ 454void ssl_message_queue_sanity() 455{ 456 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; 457 458 USE_PSA_INIT(); 459 /* Trying to push/pull to an empty queue */ 460 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) 461 == MBEDTLS_TEST_ERROR_ARG_NULL); 462 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) 463 == MBEDTLS_TEST_ERROR_ARG_NULL); 464 465 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); 466 TEST_ASSERT(queue.capacity == 3); 467 TEST_ASSERT(queue.num == 0); 468 469exit: 470 mbedtls_test_ssl_message_queue_free(&queue); 471 USE_PSA_DONE(); 472} 473/* END_CASE */ 474 475/* BEGIN_CASE */ 476void ssl_message_queue_basic() 477{ 478 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; 479 480 USE_PSA_INIT(); 481 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); 482 483 /* Sanity test - 3 pushes and 3 pops with sufficient space */ 484 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); 485 TEST_ASSERT(queue.capacity == 3); 486 TEST_ASSERT(queue.num == 1); 487 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); 488 TEST_ASSERT(queue.capacity == 3); 489 TEST_ASSERT(queue.num == 2); 490 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); 491 TEST_ASSERT(queue.capacity == 3); 492 TEST_ASSERT(queue.num == 3); 493 494 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); 495 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); 496 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); 497 498exit: 499 mbedtls_test_ssl_message_queue_free(&queue); 500 USE_PSA_DONE(); 501} 502/* END_CASE */ 503 504/* BEGIN_CASE */ 505void ssl_message_queue_overflow_underflow() 506{ 507 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; 508 509 USE_PSA_INIT(); 510 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); 511 512 /* 4 pushes (last one with an error), 4 pops (last one with an error) */ 513 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); 514 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); 515 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); 516 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) 517 == MBEDTLS_ERR_SSL_WANT_WRITE); 518 519 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); 520 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); 521 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); 522 523 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) 524 == MBEDTLS_ERR_SSL_WANT_READ); 525 526exit: 527 mbedtls_test_ssl_message_queue_free(&queue); 528 USE_PSA_DONE(); 529} 530/* END_CASE */ 531 532/* BEGIN_CASE */ 533void ssl_message_queue_interleaved() 534{ 535 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; 536 537 USE_PSA_INIT(); 538 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); 539 540 /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops 541 * (to wrap around the buffer) */ 542 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); 543 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); 544 545 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); 546 547 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); 548 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); 549 550 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); 551 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); 552 553 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); 554 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); 555 556 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); 557 558 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); 559 560 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); 561 562exit: 563 mbedtls_test_ssl_message_queue_free(&queue); 564 USE_PSA_DONE(); 565} 566/* END_CASE */ 567 568/* BEGIN_CASE */ 569void ssl_message_queue_insufficient_buffer() 570{ 571 mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; 572 size_t message_len = 10; 573 size_t buffer_len = 5; 574 575 USE_PSA_INIT(); 576 TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); 577 578 /* Popping without a sufficient buffer */ 579 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) 580 == (int) message_len); 581 TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) 582 == (int) buffer_len); 583exit: 584 mbedtls_test_ssl_message_queue_free(&queue); 585 USE_PSA_DONE(); 586} 587/* END_CASE */ 588 589/* BEGIN_CASE */ 590void ssl_message_mock_uninitialized() 591{ 592 enum { MSGLEN = 10 }; 593 unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; 594 mbedtls_test_mock_socket client, server; 595 mbedtls_test_ssl_message_queue server_queue, client_queue; 596 mbedtls_test_message_socket_context server_context, client_context; 597 mbedtls_test_message_socket_init(&server_context); 598 mbedtls_test_message_socket_init(&client_context); 599 600 USE_PSA_INIT(); 601 /* Send with a NULL context */ 602 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) 603 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); 604 605 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) 606 == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); 607 608 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 609 &client_queue, 1, 610 &server, 611 &server_context) == 0); 612 613 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 614 &server_queue, 1, 615 &client, 616 &client_context) == 0); 617 618 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 619 MSGLEN) 620 == MBEDTLS_TEST_ERROR_SEND_FAILED); 621 622 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 623 MSGLEN) 624 == MBEDTLS_ERR_SSL_WANT_READ); 625 626 /* Push directly to a queue to later simulate a disconnected behavior */ 627 TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, 628 MSGLEN) 629 == MSGLEN); 630 631 /* Test if there's an error when trying to read from a disconnected 632 * socket */ 633 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 634 MSGLEN) 635 == MBEDTLS_TEST_ERROR_RECV_FAILED); 636exit: 637 mbedtls_test_message_socket_close(&server_context); 638 mbedtls_test_message_socket_close(&client_context); 639 USE_PSA_DONE(); 640} 641/* END_CASE */ 642 643/* BEGIN_CASE */ 644void ssl_message_mock_basic() 645{ 646 enum { MSGLEN = 10 }; 647 unsigned char message[MSGLEN], received[MSGLEN]; 648 mbedtls_test_mock_socket client, server; 649 unsigned i; 650 mbedtls_test_ssl_message_queue server_queue, client_queue; 651 mbedtls_test_message_socket_context server_context, client_context; 652 653 mbedtls_test_message_socket_init(&server_context); 654 mbedtls_test_message_socket_init(&client_context); 655 USE_PSA_INIT(); 656 657 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 658 &client_queue, 1, 659 &server, 660 &server_context) == 0); 661 662 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 663 &server_queue, 1, 664 &client, 665 &client_context) == 0); 666 667 /* Fill up the buffer with structured data so that unwanted changes 668 * can be detected */ 669 for (i = 0; i < MSGLEN; i++) { 670 message[i] = i & 0xFF; 671 } 672 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 673 MSGLEN)); 674 675 /* Send the message to the server */ 676 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 677 MSGLEN) 678 == MSGLEN); 679 680 /* Read from the server */ 681 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 682 MSGLEN) 683 == MSGLEN); 684 685 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 686 memset(received, 0, MSGLEN); 687 688 /* Send the message to the client */ 689 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, 690 MSGLEN) == MSGLEN); 691 692 /* Read from the client */ 693 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, 694 MSGLEN) 695 == MSGLEN); 696 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 697 698exit: 699 mbedtls_test_message_socket_close(&server_context); 700 mbedtls_test_message_socket_close(&client_context); 701 USE_PSA_DONE(); 702} 703/* END_CASE */ 704 705/* BEGIN_CASE */ 706void ssl_message_mock_queue_overflow_underflow() 707{ 708 enum { MSGLEN = 10 }; 709 unsigned char message[MSGLEN], received[MSGLEN]; 710 mbedtls_test_mock_socket client, server; 711 unsigned i; 712 mbedtls_test_ssl_message_queue server_queue, client_queue; 713 mbedtls_test_message_socket_context server_context, client_context; 714 715 mbedtls_test_message_socket_init(&server_context); 716 mbedtls_test_message_socket_init(&client_context); 717 USE_PSA_INIT(); 718 719 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 720 &client_queue, 2, 721 &server, 722 &server_context) == 0); 723 724 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 725 &server_queue, 2, 726 &client, 727 &client_context) == 0); 728 729 /* Fill up the buffer with structured data so that unwanted changes 730 * can be detected */ 731 for (i = 0; i < MSGLEN; i++) { 732 message[i] = i & 0xFF; 733 } 734 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 735 MSGLEN*2)); 736 737 /* Send three message to the server, last one with an error */ 738 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 739 MSGLEN - 1) 740 == MSGLEN - 1); 741 742 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 743 MSGLEN) 744 == MSGLEN); 745 746 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 747 MSGLEN) 748 == MBEDTLS_ERR_SSL_WANT_WRITE); 749 750 /* Read three messages from the server, last one with an error */ 751 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 752 MSGLEN - 1) 753 == MSGLEN - 1); 754 755 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 756 MSGLEN) 757 == MSGLEN); 758 759 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 760 761 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 762 MSGLEN) 763 == MBEDTLS_ERR_SSL_WANT_READ); 764 765exit: 766 mbedtls_test_message_socket_close(&server_context); 767 mbedtls_test_message_socket_close(&client_context); 768 USE_PSA_DONE(); 769} 770/* END_CASE */ 771 772/* BEGIN_CASE */ 773void ssl_message_mock_socket_overflow() 774{ 775 enum { MSGLEN = 10 }; 776 unsigned char message[MSGLEN], received[MSGLEN]; 777 mbedtls_test_mock_socket client, server; 778 unsigned i; 779 mbedtls_test_ssl_message_queue server_queue, client_queue; 780 mbedtls_test_message_socket_context server_context, client_context; 781 782 mbedtls_test_message_socket_init(&server_context); 783 mbedtls_test_message_socket_init(&client_context); 784 USE_PSA_INIT(); 785 786 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 787 &client_queue, 2, 788 &server, 789 &server_context) == 0); 790 791 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 792 &server_queue, 2, 793 &client, 794 &client_context) == 0); 795 796 /* Fill up the buffer with structured data so that unwanted changes 797 * can be detected */ 798 for (i = 0; i < MSGLEN; i++) { 799 message[i] = i & 0xFF; 800 } 801 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 802 MSGLEN)); 803 804 /* Send two message to the server, second one with an error */ 805 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 806 MSGLEN) 807 == MSGLEN); 808 809 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 810 MSGLEN) 811 == MBEDTLS_TEST_ERROR_SEND_FAILED); 812 813 /* Read the only message from the server */ 814 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 815 MSGLEN) 816 == MSGLEN); 817 818 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 819 820exit: 821 mbedtls_test_message_socket_close(&server_context); 822 mbedtls_test_message_socket_close(&client_context); 823 USE_PSA_DONE(); 824} 825/* END_CASE */ 826 827/* BEGIN_CASE */ 828void ssl_message_mock_truncated() 829{ 830 enum { MSGLEN = 10 }; 831 unsigned char message[MSGLEN], received[MSGLEN]; 832 mbedtls_test_mock_socket client, server; 833 unsigned i; 834 mbedtls_test_ssl_message_queue server_queue, client_queue; 835 mbedtls_test_message_socket_context server_context, client_context; 836 837 mbedtls_test_message_socket_init(&server_context); 838 mbedtls_test_message_socket_init(&client_context); 839 USE_PSA_INIT(); 840 841 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 842 &client_queue, 2, 843 &server, 844 &server_context) == 0); 845 846 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 847 &server_queue, 2, 848 &client, 849 &client_context) == 0); 850 851 memset(received, 0, MSGLEN); 852 /* Fill up the buffer with structured data so that unwanted changes 853 * can be detected */ 854 for (i = 0; i < MSGLEN; i++) { 855 message[i] = i & 0xFF; 856 } 857 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 858 2 * MSGLEN)); 859 860 /* Send two messages to the server, the second one small enough to fit in the 861 * receiver's buffer. */ 862 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 863 MSGLEN) 864 == MSGLEN); 865 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 866 MSGLEN / 2) 867 == MSGLEN / 2); 868 /* Read a truncated message from the server */ 869 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 870 MSGLEN/2) 871 == MSGLEN/2); 872 873 /* Test that the first half of the message is valid, and second one isn't */ 874 TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); 875 TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) 876 != 0); 877 memset(received, 0, MSGLEN); 878 879 /* Read a full message from the server */ 880 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 881 MSGLEN/2) 882 == MSGLEN / 2); 883 884 /* Test that the first half of the message is valid */ 885 TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); 886 887exit: 888 mbedtls_test_message_socket_close(&server_context); 889 mbedtls_test_message_socket_close(&client_context); 890 USE_PSA_DONE(); 891} 892/* END_CASE */ 893 894/* BEGIN_CASE */ 895void ssl_message_mock_socket_read_error() 896{ 897 enum { MSGLEN = 10 }; 898 unsigned char message[MSGLEN], received[MSGLEN]; 899 mbedtls_test_mock_socket client, server; 900 unsigned i; 901 mbedtls_test_ssl_message_queue server_queue, client_queue; 902 mbedtls_test_message_socket_context server_context, client_context; 903 904 mbedtls_test_message_socket_init(&server_context); 905 mbedtls_test_message_socket_init(&client_context); 906 USE_PSA_INIT(); 907 908 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 909 &client_queue, 1, 910 &server, 911 &server_context) == 0); 912 913 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 914 &server_queue, 1, 915 &client, 916 &client_context) == 0); 917 918 /* Fill up the buffer with structured data so that unwanted changes 919 * can be detected */ 920 for (i = 0; i < MSGLEN; i++) { 921 message[i] = i & 0xFF; 922 } 923 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 924 MSGLEN)); 925 926 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 927 MSGLEN) 928 == MSGLEN); 929 930 /* Force a read error by disconnecting the socket by hand */ 931 server.status = 0; 932 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 933 MSGLEN) 934 == MBEDTLS_TEST_ERROR_RECV_FAILED); 935 /* Return to a valid state */ 936 server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; 937 938 memset(received, 0, sizeof(received)); 939 940 /* Test that even though the server tried to read once disconnected, the 941 * continuity is preserved */ 942 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 943 MSGLEN) 944 == MSGLEN); 945 946 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 947 948exit: 949 mbedtls_test_message_socket_close(&server_context); 950 mbedtls_test_message_socket_close(&client_context); 951 USE_PSA_DONE(); 952} 953/* END_CASE */ 954 955/* BEGIN_CASE */ 956void ssl_message_mock_interleaved_one_way() 957{ 958 enum { MSGLEN = 10 }; 959 unsigned char message[MSGLEN], received[MSGLEN]; 960 mbedtls_test_mock_socket client, server; 961 unsigned i; 962 mbedtls_test_ssl_message_queue server_queue, client_queue; 963 mbedtls_test_message_socket_context server_context, client_context; 964 965 mbedtls_test_message_socket_init(&server_context); 966 mbedtls_test_message_socket_init(&client_context); 967 USE_PSA_INIT(); 968 969 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 970 &client_queue, 3, 971 &server, 972 &server_context) == 0); 973 974 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 975 &server_queue, 3, 976 &client, 977 &client_context) == 0); 978 979 /* Fill up the buffer with structured data so that unwanted changes 980 * can be detected */ 981 for (i = 0; i < MSGLEN; i++) { 982 message[i] = i & 0xFF; 983 } 984 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 985 MSGLEN*3)); 986 987 /* Interleaved test - [2 sends, 1 read] twice, and then two reads 988 * (to wrap around the buffer) */ 989 for (i = 0; i < 2; i++) { 990 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 991 MSGLEN) == MSGLEN); 992 993 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 994 MSGLEN) == MSGLEN); 995 996 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 997 MSGLEN) == MSGLEN); 998 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 999 memset(received, 0, sizeof(received)); 1000 } 1001 1002 for (i = 0; i < 2; i++) { 1003 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 1004 MSGLEN) == MSGLEN); 1005 1006 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 1007 } 1008 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 1009 MSGLEN) 1010 == MBEDTLS_ERR_SSL_WANT_READ); 1011exit: 1012 mbedtls_test_message_socket_close(&server_context); 1013 mbedtls_test_message_socket_close(&client_context); 1014 USE_PSA_DONE(); 1015} 1016/* END_CASE */ 1017 1018/* BEGIN_CASE */ 1019void ssl_message_mock_interleaved_two_ways() 1020{ 1021 enum { MSGLEN = 10 }; 1022 unsigned char message[MSGLEN], received[MSGLEN]; 1023 mbedtls_test_mock_socket client, server; 1024 unsigned i; 1025 mbedtls_test_ssl_message_queue server_queue, client_queue; 1026 mbedtls_test_message_socket_context server_context, client_context; 1027 1028 mbedtls_test_message_socket_init(&server_context); 1029 mbedtls_test_message_socket_init(&client_context); 1030 USE_PSA_INIT(); 1031 1032 TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, 1033 &client_queue, 3, 1034 &server, 1035 &server_context) == 0); 1036 1037 TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, 1038 &server_queue, 3, 1039 &client, 1040 &client_context) == 0); 1041 1042 /* Fill up the buffer with structured data so that unwanted changes 1043 * can be detected */ 1044 for (i = 0; i < MSGLEN; i++) { 1045 message[i] = i & 0xFF; 1046 } 1047 TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 1048 MSGLEN*3)); 1049 1050 /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads 1051 * (to wrap around the buffer) both ways. */ 1052 for (i = 0; i < 2; i++) { 1053 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 1054 MSGLEN) == MSGLEN); 1055 1056 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, 1057 MSGLEN) == MSGLEN); 1058 1059 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, 1060 MSGLEN) == MSGLEN); 1061 1062 TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, 1063 MSGLEN) == MSGLEN); 1064 1065 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 1066 MSGLEN) == MSGLEN); 1067 1068 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 1069 1070 memset(received, 0, sizeof(received)); 1071 1072 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, 1073 MSGLEN) == MSGLEN); 1074 1075 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 1076 1077 memset(received, 0, sizeof(received)); 1078 } 1079 1080 for (i = 0; i < 2; i++) { 1081 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 1082 MSGLEN) == MSGLEN); 1083 1084 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 1085 memset(received, 0, sizeof(received)); 1086 1087 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, 1088 MSGLEN) == MSGLEN); 1089 1090 TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); 1091 memset(received, 0, sizeof(received)); 1092 } 1093 1094 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, 1095 MSGLEN) 1096 == MBEDTLS_ERR_SSL_WANT_READ); 1097 1098 TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, 1099 MSGLEN) 1100 == MBEDTLS_ERR_SSL_WANT_READ); 1101exit: 1102 mbedtls_test_message_socket_close(&server_context); 1103 mbedtls_test_message_socket_close(&client_context); 1104 USE_PSA_DONE(); 1105} 1106/* END_CASE */ 1107 1108/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ 1109void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) 1110{ 1111 uint32_t len = 0; 1112 mbedtls_ssl_context ssl; 1113 mbedtls_ssl_config conf; 1114 1115 mbedtls_ssl_init(&ssl); 1116 mbedtls_ssl_config_init(&conf); 1117 USE_PSA_INIT(); 1118 1119 TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, 1120 MBEDTLS_SSL_IS_CLIENT, 1121 MBEDTLS_SSL_TRANSPORT_DATAGRAM, 1122 MBEDTLS_SSL_PRESET_DEFAULT) == 0); 1123 TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); 1124 1125 /* Read previous record numbers */ 1126 for (len = 0; len < prevs->len; len += 6) { 1127 memcpy(ssl.in_ctr + 2, prevs->x + len, 6); 1128 mbedtls_ssl_dtls_replay_update(&ssl); 1129 } 1130 1131 /* Check new number */ 1132 memcpy(ssl.in_ctr + 2, new->x, 6); 1133 TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret); 1134 1135exit: 1136 mbedtls_ssl_free(&ssl); 1137 mbedtls_ssl_config_free(&conf); 1138 USE_PSA_DONE(); 1139} 1140/* END_CASE */ 1141 1142/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C */ 1143void ssl_set_hostname_twice(char *hostname0, char *hostname1) 1144{ 1145 mbedtls_ssl_context ssl; 1146 1147 mbedtls_ssl_init(&ssl); 1148 USE_PSA_INIT(); 1149 1150 TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0); 1151 TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0); 1152 1153exit: 1154 mbedtls_ssl_free(&ssl); 1155 USE_PSA_DONE(); 1156} 1157/* END_CASE */ 1158 1159/* BEGIN_CASE */ 1160void ssl_crypt_record(int cipher_type, int hash_id, 1161 int etm, int tag_mode, int ver, 1162 int cid0_len, int cid1_len) 1163{ 1164 /* 1165 * Test several record encryptions and decryptions 1166 * with plenty of space before and after the data 1167 * within the record buffer. 1168 */ 1169 1170 int ret; 1171 int num_records = 16; 1172 mbedtls_ssl_context ssl; /* ONLY for debugging */ 1173 1174 mbedtls_ssl_transform t0, t1; 1175 unsigned char *buf = NULL; 1176 size_t const buflen = 512; 1177 mbedtls_record rec, rec_backup; 1178 1179 mbedtls_ssl_init(&ssl); 1180 USE_PSA_INIT(); 1181 1182 mbedtls_ssl_transform_init(&t0); 1183 mbedtls_ssl_transform_init(&t1); 1184 TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, 1185 etm, tag_mode, ver, 1186 (size_t) cid0_len, 1187 (size_t) cid1_len) == 0); 1188 1189 TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); 1190 1191 while (num_records-- > 0) { 1192 mbedtls_ssl_transform *t_dec, *t_enc; 1193 /* Take turns in who's sending and who's receiving. */ 1194 if (num_records % 3 == 0) { 1195 t_dec = &t0; 1196 t_enc = &t1; 1197 } else { 1198 t_dec = &t1; 1199 t_enc = &t0; 1200 } 1201 1202 /* 1203 * The record header affects the transformation in two ways: 1204 * 1) It determines the AEAD additional data 1205 * 2) The record counter sometimes determines the IV. 1206 * 1207 * Apart from that, the fields don't have influence. 1208 * In particular, it is currently not the responsibility 1209 * of ssl_encrypt/decrypt_buf to check if the transform 1210 * version matches the record version, or that the 1211 * type is sensible. 1212 */ 1213 1214 memset(rec.ctr, num_records, sizeof(rec.ctr)); 1215 rec.type = 42; 1216 rec.ver[0] = num_records; 1217 rec.ver[1] = num_records; 1218#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1219 rec.cid_len = 0; 1220#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1221 1222 rec.buf = buf; 1223 rec.buf_len = buflen; 1224 rec.data_offset = 16; 1225 /* Make sure to vary the length to exercise different 1226 * paddings. */ 1227 rec.data_len = 1 + num_records; 1228 1229 memset(rec.buf + rec.data_offset, 42, rec.data_len); 1230 1231 /* Make a copy for later comparison */ 1232 rec_backup = rec; 1233 1234 /* Encrypt record */ 1235 ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, 1236 mbedtls_test_rnd_std_rand, NULL); 1237 TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 1238 if (ret != 0) { 1239 continue; 1240 } 1241 1242#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1243 if (rec.cid_len != 0) { 1244 /* DTLS 1.2 + CID hides the real content type and 1245 * uses a special CID content type in the protected 1246 * record. Double-check this. */ 1247 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); 1248 } 1249#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1250 1251#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) 1252 if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { 1253 /* TLS 1.3 hides the real content type and 1254 * always uses Application Data as the content type 1255 * for protected records. Double-check this. */ 1256 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); 1257 } 1258#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ 1259 1260 /* Decrypt record with t_dec */ 1261 ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); 1262 TEST_ASSERT(ret == 0); 1263 1264 /* Compare results */ 1265 TEST_ASSERT(rec.type == rec_backup.type); 1266 TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); 1267 TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); 1268 TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); 1269 TEST_ASSERT(rec.data_len == rec_backup.data_len); 1270 TEST_ASSERT(rec.data_offset == rec_backup.data_offset); 1271 TEST_ASSERT(memcmp(rec.buf + rec.data_offset, 1272 rec_backup.buf + rec_backup.data_offset, 1273 rec.data_len) == 0); 1274 } 1275 1276exit: 1277 1278 /* Cleanup */ 1279 mbedtls_ssl_free(&ssl); 1280 mbedtls_ssl_transform_free(&t0); 1281 mbedtls_ssl_transform_free(&t1); 1282 mbedtls_free(buf); 1283 USE_PSA_DONE(); 1284} 1285/* END_CASE */ 1286 1287/* BEGIN_CASE */ 1288void ssl_crypt_record_small(int cipher_type, int hash_id, 1289 int etm, int tag_mode, int ver, 1290 int cid0_len, int cid1_len) 1291{ 1292 /* 1293 * Test pairs of encryption and decryption with an increasing 1294 * amount of space in the record buffer - in more detail: 1295 * 1) Try to encrypt with 0, 1, 2, ... bytes available 1296 * in front of the plaintext, and expect the encryption 1297 * to succeed starting from some offset. Always keep 1298 * enough space in the end of the buffer. 1299 * 2) Try to encrypt with 0, 1, 2, ... bytes available 1300 * at the end of the plaintext, and expect the encryption 1301 * to succeed starting from some offset. Always keep 1302 * enough space at the beginning of the buffer. 1303 * 3) Try to encrypt with 0, 1, 2, ... bytes available 1304 * both at the front and end of the plaintext, 1305 * and expect the encryption to succeed starting from 1306 * some offset. 1307 * 1308 * If encryption succeeds, check that decryption succeeds 1309 * and yields the original record. 1310 */ 1311 1312 mbedtls_ssl_context ssl; /* ONLY for debugging */ 1313 1314 mbedtls_ssl_transform t0, t1; 1315 unsigned char *buf = NULL; 1316 size_t const buflen = 256; 1317 mbedtls_record rec, rec_backup; 1318 1319 int ret; 1320 int mode; /* Mode 1, 2 or 3 as explained above */ 1321 size_t offset; /* Available space at beginning/end/both */ 1322 size_t threshold = 96; /* Maximum offset to test against */ 1323 1324 size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */ 1325 size_t default_post_padding = 128; /* Post-padding to use in mode 1 */ 1326 1327 int seen_success; /* Indicates if in the current mode we've 1328 * already seen a successful test. */ 1329 1330 mbedtls_ssl_init(&ssl); 1331 mbedtls_ssl_transform_init(&t0); 1332 mbedtls_ssl_transform_init(&t1); 1333 USE_PSA_INIT(); 1334 TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, 1335 etm, tag_mode, ver, 1336 (size_t) cid0_len, 1337 (size_t) cid1_len) == 0); 1338 1339 TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); 1340 1341 for (mode = 1; mode <= 3; mode++) { 1342 seen_success = 0; 1343 for (offset = 0; offset <= threshold; offset++) { 1344 mbedtls_ssl_transform *t_dec, *t_enc; 1345 t_dec = &t0; 1346 t_enc = &t1; 1347 1348 memset(rec.ctr, offset, sizeof(rec.ctr)); 1349 rec.type = 42; 1350 rec.ver[0] = offset; 1351 rec.ver[1] = offset; 1352 rec.buf = buf; 1353 rec.buf_len = buflen; 1354#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1355 rec.cid_len = 0; 1356#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1357 1358 switch (mode) { 1359 case 1: /* Space in the beginning */ 1360 rec.data_offset = offset; 1361 rec.data_len = buflen - offset - default_post_padding; 1362 break; 1363 1364 case 2: /* Space in the end */ 1365 rec.data_offset = default_pre_padding; 1366 rec.data_len = buflen - default_pre_padding - offset; 1367 break; 1368 1369 case 3: /* Space in the beginning and end */ 1370 rec.data_offset = offset; 1371 rec.data_len = buflen - 2 * offset; 1372 break; 1373 1374 default: 1375 TEST_ASSERT(0); 1376 break; 1377 } 1378 1379 memset(rec.buf + rec.data_offset, 42, rec.data_len); 1380 1381 /* Make a copy for later comparison */ 1382 rec_backup = rec; 1383 1384 /* Encrypt record */ 1385 ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, 1386 mbedtls_test_rnd_std_rand, NULL); 1387 1388 if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { 1389 /* It's ok if the output buffer is too small. We do insist 1390 * on at least one mode succeeding; this is tracked by 1391 * seen_success. */ 1392 continue; 1393 } 1394 1395 TEST_EQUAL(ret, 0); 1396 seen_success = 1; 1397 1398#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) 1399 if (rec.cid_len != 0) { 1400 /* DTLS 1.2 + CID hides the real content type and 1401 * uses a special CID content type in the protected 1402 * record. Double-check this. */ 1403 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); 1404 } 1405#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ 1406 1407#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) 1408 if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { 1409 /* TLS 1.3 hides the real content type and 1410 * always uses Application Data as the content type 1411 * for protected records. Double-check this. */ 1412 TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); 1413 } 1414#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ 1415 1416 /* Decrypt record with t_dec */ 1417 TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0); 1418 1419 /* Compare results */ 1420 TEST_ASSERT(rec.type == rec_backup.type); 1421 TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); 1422 TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); 1423 TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); 1424 TEST_ASSERT(rec.data_len == rec_backup.data_len); 1425 TEST_ASSERT(rec.data_offset == rec_backup.data_offset); 1426 TEST_ASSERT(memcmp(rec.buf + rec.data_offset, 1427 rec_backup.buf + rec_backup.data_offset, 1428 rec.data_len) == 0); 1429 } 1430 1431 TEST_ASSERT(seen_success == 1); 1432 } 1433 1434exit: 1435 1436 /* Cleanup */ 1437 mbedtls_ssl_free(&ssl); 1438 mbedtls_ssl_transform_free(&t0); 1439 mbedtls_ssl_transform_free(&t1); 1440 mbedtls_free(buf); 1441 USE_PSA_DONE(); 1442} 1443/* END_CASE */ 1444 1445/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ 1446void ssl_tls1_3_hkdf_expand_label(int hash_alg, 1447 data_t *secret, 1448 int label_idx, 1449 data_t *ctx, 1450 int desired_length, 1451 data_t *expected) 1452{ 1453 unsigned char dst[100]; 1454 1455 unsigned char const *lbl = NULL; 1456 size_t lbl_len; 1457#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ 1458 if (label_idx == (int) tls1_3_label_ ## name) \ 1459 { \ 1460 lbl = mbedtls_ssl_tls1_3_labels.name; \ 1461 lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \ 1462 } 1463 MBEDTLS_SSL_TLS1_3_LABEL_LIST 1464#undef MBEDTLS_SSL_TLS1_3_LABEL 1465 TEST_ASSERT(lbl != NULL); 1466 1467 /* Check sanity of test parameters. */ 1468 TEST_ASSERT((size_t) desired_length <= sizeof(dst)); 1469 TEST_ASSERT((size_t) desired_length == expected->len); 1470 1471 TEST_ASSERT(mbedtls_ssl_tls1_3_hkdf_expand_label( 1472 (mbedtls_md_type_t) hash_alg, 1473 secret->x, secret->len, 1474 lbl, lbl_len, 1475 ctx->x, ctx->len, 1476 dst, desired_length) == 0); 1477 1478 TEST_MEMORY_COMPARE(dst, (size_t) desired_length, 1479 expected->x, (size_t) expected->len); 1480} 1481/* END_CASE */ 1482 1483/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ 1484void ssl_tls1_3_traffic_key_generation(int hash_alg, 1485 data_t *server_secret, 1486 data_t *client_secret, 1487 int desired_iv_len, 1488 int desired_key_len, 1489 data_t *expected_server_write_key, 1490 data_t *expected_server_write_iv, 1491 data_t *expected_client_write_key, 1492 data_t *expected_client_write_iv) 1493{ 1494 mbedtls_ssl_key_set keys; 1495 1496 /* Check sanity of test parameters. */ 1497 TEST_ASSERT(client_secret->len == server_secret->len); 1498 TEST_ASSERT( 1499 expected_client_write_iv->len == expected_server_write_iv->len && 1500 expected_client_write_iv->len == (size_t) desired_iv_len); 1501 TEST_ASSERT( 1502 expected_client_write_key->len == expected_server_write_key->len && 1503 expected_client_write_key->len == (size_t) desired_key_len); 1504 1505 TEST_ASSERT(mbedtls_ssl_tls1_3_make_traffic_keys( 1506 (mbedtls_md_type_t) hash_alg, 1507 client_secret->x, 1508 server_secret->x, 1509 client_secret->len /* == server_secret->len */, 1510 desired_key_len, desired_iv_len, 1511 &keys) == 0); 1512 1513 TEST_MEMORY_COMPARE(keys.client_write_key, 1514 keys.key_len, 1515 expected_client_write_key->x, 1516 (size_t) desired_key_len); 1517 TEST_MEMORY_COMPARE(keys.server_write_key, 1518 keys.key_len, 1519 expected_server_write_key->x, 1520 (size_t) desired_key_len); 1521 TEST_MEMORY_COMPARE(keys.client_write_iv, 1522 keys.iv_len, 1523 expected_client_write_iv->x, 1524 (size_t) desired_iv_len); 1525 TEST_MEMORY_COMPARE(keys.server_write_iv, 1526 keys.iv_len, 1527 expected_server_write_iv->x, 1528 (size_t) desired_iv_len); 1529} 1530/* END_CASE */ 1531 1532/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ 1533void ssl_tls1_3_derive_secret(int hash_alg, 1534 data_t *secret, 1535 int label_idx, 1536 data_t *ctx, 1537 int desired_length, 1538 int already_hashed, 1539 data_t *expected) 1540{ 1541 unsigned char dst[100]; 1542 1543 unsigned char const *lbl = NULL; 1544 size_t lbl_len; 1545#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ 1546 if (label_idx == (int) tls1_3_label_ ## name) \ 1547 { \ 1548 lbl = mbedtls_ssl_tls1_3_labels.name; \ 1549 lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \ 1550 } 1551 MBEDTLS_SSL_TLS1_3_LABEL_LIST 1552#undef MBEDTLS_SSL_TLS1_3_LABEL 1553 TEST_ASSERT(lbl != NULL); 1554 1555 /* Check sanity of test parameters. */ 1556 TEST_ASSERT((size_t) desired_length <= sizeof(dst)); 1557 TEST_ASSERT((size_t) desired_length == expected->len); 1558 1559 TEST_ASSERT(mbedtls_ssl_tls1_3_derive_secret( 1560 (mbedtls_md_type_t) hash_alg, 1561 secret->x, secret->len, 1562 lbl, lbl_len, 1563 ctx->x, ctx->len, 1564 already_hashed, 1565 dst, desired_length) == 0); 1566 1567 TEST_MEMORY_COMPARE(dst, desired_length, 1568 expected->x, desired_length); 1569} 1570/* END_CASE */ 1571 1572/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ 1573void ssl_tls1_3_key_evolution(int hash_alg, 1574 data_t *secret, 1575 data_t *input, 1576 data_t *expected) 1577{ 1578 unsigned char secret_new[MBEDTLS_MD_MAX_SIZE]; 1579 1580 TEST_ASSERT(mbedtls_ssl_tls1_3_evolve_secret( 1581 (mbedtls_md_type_t) hash_alg, 1582 secret->len ? secret->x : NULL, 1583 input->len ? input->x : NULL, input->len, 1584 secret_new) == 0); 1585 1586 TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, 1587 expected->x, (size_t) expected->len); 1588} 1589/* END_CASE */ 1590 1591/* BEGIN_CASE */ 1592void ssl_tls_prf(int type, data_t *secret, data_t *random, 1593 char *label, data_t *result_str, int exp_ret) 1594{ 1595 unsigned char *output; 1596 1597 output = mbedtls_calloc(1, result_str->len); 1598 if (output == NULL) { 1599 goto exit; 1600 } 1601 1602 USE_PSA_INIT(); 1603 1604 TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len, 1605 label, random->x, random->len, 1606 output, result_str->len) == exp_ret); 1607 1608 if (exp_ret == 0) { 1609 TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, 1610 result_str->len, result_str->len) == 0); 1611 } 1612exit: 1613 1614 mbedtls_free(output); 1615 USE_PSA_DONE(); 1616} 1617/* END_CASE */ 1618 1619/* BEGIN_CASE */ 1620void ssl_serialize_session_save_load(int ticket_len, char *crt_file) 1621{ 1622 mbedtls_ssl_session original, restored; 1623 unsigned char *buf = NULL; 1624 size_t len; 1625 1626 /* 1627 * Test that a save-load pair is the identity 1628 */ 1629 mbedtls_ssl_session_init(&original); 1630 mbedtls_ssl_session_init(&restored); 1631 USE_PSA_INIT(); 1632 1633 /* Prepare a dummy session to work on */ 1634 TEST_ASSERT(mbedtls_test_ssl_populate_session( 1635 &original, ticket_len, crt_file) == 0); 1636 1637 /* Serialize it */ 1638 TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) 1639 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 1640 TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL); 1641 TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len) 1642 == 0); 1643 1644 /* Restore session from serialized data */ 1645 TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0); 1646 1647 /* 1648 * Make sure both session structures are identical 1649 */ 1650#if defined(MBEDTLS_HAVE_TIME) 1651 TEST_ASSERT(original.start == restored.start); 1652#endif 1653 TEST_ASSERT(original.ciphersuite == restored.ciphersuite); 1654 TEST_ASSERT(original.compression == restored.compression); 1655 TEST_ASSERT(original.id_len == restored.id_len); 1656 TEST_ASSERT(memcmp(original.id, 1657 restored.id, sizeof(original.id)) == 0); 1658 TEST_ASSERT(memcmp(original.master, 1659 restored.master, sizeof(original.master)) == 0); 1660 1661#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ 1662 defined(MBEDTLS_CERTS_C) 1663#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 1664 TEST_ASSERT((original.peer_cert == NULL) == 1665 (restored.peer_cert == NULL)); 1666 if (original.peer_cert != NULL) { 1667 TEST_ASSERT(original.peer_cert->raw.len == 1668 restored.peer_cert->raw.len); 1669 TEST_ASSERT(memcmp(original.peer_cert->raw.p, 1670 restored.peer_cert->raw.p, 1671 original.peer_cert->raw.len) == 0); 1672 } 1673#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 1674 TEST_ASSERT(original.peer_cert_digest_type == 1675 restored.peer_cert_digest_type); 1676 TEST_ASSERT(original.peer_cert_digest_len == 1677 restored.peer_cert_digest_len); 1678 TEST_ASSERT((original.peer_cert_digest == NULL) == 1679 (restored.peer_cert_digest == NULL)); 1680 if (original.peer_cert_digest != NULL) { 1681 TEST_ASSERT(memcmp(original.peer_cert_digest, 1682 restored.peer_cert_digest, 1683 original.peer_cert_digest_len) == 0); 1684 } 1685#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ 1686#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C */ 1687 TEST_ASSERT(original.verify_result == restored.verify_result); 1688 1689#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) 1690 TEST_ASSERT(original.ticket_len == restored.ticket_len); 1691 if (original.ticket_len != 0) { 1692 TEST_ASSERT(original.ticket != NULL); 1693 TEST_ASSERT(restored.ticket != NULL); 1694 TEST_ASSERT(memcmp(original.ticket, 1695 restored.ticket, original.ticket_len) == 0); 1696 } 1697 TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); 1698#endif 1699 1700#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 1701 TEST_ASSERT(original.mfl_code == restored.mfl_code); 1702#endif 1703 1704#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) 1705 TEST_ASSERT(original.trunc_hmac == restored.trunc_hmac); 1706#endif 1707 1708#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 1709 TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac); 1710#endif 1711 1712exit: 1713 mbedtls_ssl_session_free(&original); 1714 mbedtls_ssl_session_free(&restored); 1715 mbedtls_free(buf); 1716 USE_PSA_DONE(); 1717} 1718/* END_CASE */ 1719 1720/* BEGIN_CASE */ 1721void ssl_serialize_session_load_save(int ticket_len, char *crt_file) 1722{ 1723 mbedtls_ssl_session session; 1724 unsigned char *buf1 = NULL, *buf2 = NULL; 1725 size_t len0, len1, len2; 1726 1727 /* 1728 * Test that a load-save pair is the identity 1729 */ 1730 mbedtls_ssl_session_init(&session); 1731 USE_PSA_INIT(); 1732 1733 /* Prepare a dummy session to work on */ 1734 TEST_ASSERT(mbedtls_test_ssl_populate_session( 1735 &session, ticket_len, crt_file) == 0); 1736 1737 /* Get desired buffer size for serializing */ 1738 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) 1739 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 1740 1741 /* Allocate first buffer */ 1742 buf1 = mbedtls_calloc(1, len0); 1743 TEST_ASSERT(buf1 != NULL); 1744 1745 /* Serialize to buffer and free live session */ 1746 TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1) 1747 == 0); 1748 TEST_ASSERT(len0 == len1); 1749 mbedtls_ssl_session_free(&session); 1750 1751 /* Restore session from serialized data */ 1752 TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0); 1753 1754 /* Allocate second buffer and serialize to it */ 1755 buf2 = mbedtls_calloc(1, len0); 1756 TEST_ASSERT(buf2 != NULL); 1757 TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2) 1758 == 0); 1759 1760 /* Make sure both serialized versions are identical */ 1761 TEST_ASSERT(len1 == len2); 1762 TEST_ASSERT(memcmp(buf1, buf2, len1) == 0); 1763 1764exit: 1765 mbedtls_ssl_session_free(&session); 1766 mbedtls_free(buf1); 1767 mbedtls_free(buf2); 1768 USE_PSA_DONE(); 1769} 1770/* END_CASE */ 1771 1772/* BEGIN_CASE */ 1773void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file) 1774{ 1775 mbedtls_ssl_session session; 1776 unsigned char *buf = NULL; 1777 size_t good_len, bad_len, test_len; 1778 1779 /* 1780 * Test that session_save() fails cleanly on small buffers 1781 */ 1782 mbedtls_ssl_session_init(&session); 1783 USE_PSA_INIT(); 1784 1785 /* Prepare dummy session and get serialized size */ 1786 TEST_ASSERT(mbedtls_test_ssl_populate_session( 1787 &session, ticket_len, crt_file) == 0); 1788 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) 1789 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 1790 1791 /* Try all possible bad lengths */ 1792 for (bad_len = 1; bad_len < good_len; bad_len++) { 1793 /* Allocate exact size so that asan/valgrind can detect any overwrite */ 1794 mbedtls_free(buf); 1795 TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL); 1796 TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len, 1797 &test_len) 1798 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 1799 TEST_ASSERT(test_len == good_len); 1800 } 1801 1802exit: 1803 mbedtls_ssl_session_free(&session); 1804 mbedtls_free(buf); 1805 USE_PSA_DONE(); 1806} 1807/* END_CASE */ 1808 1809/* BEGIN_CASE */ 1810void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file) 1811{ 1812 mbedtls_ssl_session session; 1813 unsigned char *good_buf = NULL, *bad_buf = NULL; 1814 size_t good_len, bad_len; 1815 1816 /* 1817 * Test that session_load() fails cleanly on small buffers 1818 */ 1819 mbedtls_ssl_session_init(&session); 1820 USE_PSA_INIT(); 1821 1822 /* Prepare serialized session data */ 1823 TEST_ASSERT(mbedtls_test_ssl_populate_session( 1824 &session, ticket_len, crt_file) == 0); 1825 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) 1826 == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); 1827 TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL); 1828 TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len, 1829 &good_len) == 0); 1830 mbedtls_ssl_session_free(&session); 1831 1832 /* Try all possible bad lengths */ 1833 for (bad_len = 0; bad_len < good_len; bad_len++) { 1834 /* Allocate exact size so that asan/valgrind can detect any overread */ 1835 mbedtls_free(bad_buf); 1836 bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1); 1837 TEST_ASSERT(bad_buf != NULL); 1838 memcpy(bad_buf, good_buf, bad_len); 1839 1840 TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len) 1841 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); 1842 } 1843 1844exit: 1845 mbedtls_ssl_session_free(&session); 1846 mbedtls_free(good_buf); 1847 mbedtls_free(bad_buf); 1848 USE_PSA_DONE(); 1849} 1850/* END_CASE */ 1851 1852/* BEGIN_CASE */ 1853void ssl_session_serialize_version_check(int corrupt_major, 1854 int corrupt_minor, 1855 int corrupt_patch, 1856 int corrupt_config) 1857{ 1858 unsigned char serialized_session[2048]; 1859 size_t serialized_session_len; 1860 unsigned cur_byte; 1861 mbedtls_ssl_session session; 1862 uint8_t should_corrupt_byte[] = { corrupt_major == 1, 1863 corrupt_minor == 1, 1864 corrupt_patch == 1, 1865 corrupt_config == 1, 1866 corrupt_config == 1 }; 1867 1868 mbedtls_ssl_session_init(&session); 1869 USE_PSA_INIT(); 1870 1871 /* Infer length of serialized session. */ 1872 TEST_ASSERT(mbedtls_ssl_session_save(&session, 1873 serialized_session, 1874 sizeof(serialized_session), 1875 &serialized_session_len) == 0); 1876 1877 mbedtls_ssl_session_free(&session); 1878 1879 /* Without any modification, we should be able to successfully 1880 * de-serialize the session - double-check that. */ 1881 TEST_ASSERT(mbedtls_ssl_session_load(&session, 1882 serialized_session, 1883 serialized_session_len) == 0); 1884 mbedtls_ssl_session_free(&session); 1885 1886 /* Go through the bytes in the serialized session header and 1887 * corrupt them bit-by-bit. */ 1888 for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) { 1889 int cur_bit; 1890 unsigned char * const byte = &serialized_session[cur_byte]; 1891 1892 if (should_corrupt_byte[cur_byte] == 0) { 1893 continue; 1894 } 1895 1896 for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) { 1897 unsigned char const corrupted_bit = 0x1u << cur_bit; 1898 /* Modify a single bit in the serialized session. */ 1899 *byte ^= corrupted_bit; 1900 1901 /* Attempt to deserialize */ 1902 TEST_ASSERT(mbedtls_ssl_session_load(&session, 1903 serialized_session, 1904 serialized_session_len) == 1905 MBEDTLS_ERR_SSL_VERSION_MISMATCH); 1906 1907 /* Undo the change */ 1908 *byte ^= corrupted_bit; 1909 } 1910 } 1911 USE_PSA_DONE(); 1912} 1913/* END_CASE */ 1914 1915/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ 1916void mbedtls_endpoint_sanity(int endpoint_type) 1917{ 1918 enum { BUFFSIZE = 1024 }; 1919 mbedtls_test_ssl_endpoint ep; 1920 int ret = -1; 1921 1922 USE_PSA_INIT(); 1923 ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA, 1924 NULL, NULL, NULL, NULL); 1925 TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); 1926 1927 ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA); 1928 TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); 1929 1930 ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA, 1931 NULL, NULL, NULL, NULL); 1932 TEST_ASSERT(ret == 0); 1933 1934exit: 1935 mbedtls_test_ssl_endpoint_free(&ep, NULL); 1936 USE_PSA_DONE(); 1937} 1938/* END_CASE */ 1939 1940/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */ 1941void move_handshake_to_state(int endpoint_type, int state, int need_pass) 1942{ 1943 enum { BUFFSIZE = 1024 }; 1944 mbedtls_test_ssl_endpoint base_ep, second_ep; 1945 int ret = -1; 1946 1947 mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); 1948 mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); 1949 1950 ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, 1951 MBEDTLS_PK_RSA, 1952 NULL, NULL, NULL, NULL); 1953 TEST_ASSERT(ret == 0); 1954 1955 ret = mbedtls_test_ssl_endpoint_init( 1956 &second_ep, 1957 (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? 1958 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, 1959 MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); 1960 TEST_ASSERT(ret == 0); 1961 1962 USE_PSA_INIT(); 1963 1964 ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), 1965 &(second_ep.socket), 1966 BUFFSIZE); 1967 TEST_ASSERT(ret == 0); 1968 1969 ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), 1970 &(second_ep.ssl), 1971 state); 1972 if (need_pass) { 1973 TEST_ASSERT(ret == 0); 1974 TEST_ASSERT(base_ep.ssl.state == state); 1975 } else { 1976 TEST_ASSERT(ret != 0); 1977 TEST_ASSERT(base_ep.ssl.state != state); 1978 } 1979 1980exit: 1981 mbedtls_test_ssl_endpoint_free(&base_ep, NULL); 1982 mbedtls_test_ssl_endpoint_free(&second_ep, NULL); 1983 USE_PSA_DONE(); 1984} 1985/* END_CASE */ 1986 1987/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 1988void handshake_version(int dtls, int client_min_version, int client_max_version, 1989 int server_min_version, int server_max_version, 1990 int expected_negotiated_version) 1991{ 1992 mbedtls_test_handshake_test_options options; 1993 mbedtls_test_init_handshake_options(&options); 1994 1995 options.client_min_version = client_min_version; 1996 options.client_max_version = client_max_version; 1997 options.server_min_version = server_min_version; 1998 options.server_max_version = server_max_version; 1999 2000 options.expected_negotiated_version = expected_negotiated_version; 2001 2002 options.dtls = dtls; 2003 /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so 2004 * the number of fragments will be twice as big. */ 2005 if (expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 || 2006 expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1) { 2007 options.expected_cli_fragments = 2; 2008 options.expected_srv_fragments = 2; 2009 } 2010 mbedtls_test_ssl_perform_handshake(&options); 2011 2012 /* The goto below is used to avoid an "unused label" warning.*/ 2013 goto exit; 2014} 2015/* END_CASE */ 2016 2017/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ 2018void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) 2019{ 2020 mbedtls_test_handshake_test_options options; 2021 mbedtls_test_init_handshake_options(&options); 2022 2023 options.cipher = cipher; 2024 options.dtls = dtls; 2025 options.psk_str = psk_str; 2026 options.pk_alg = pk_alg; 2027 2028 mbedtls_test_ssl_perform_handshake(&options); 2029 2030 /* The goto below is used to avoid an "unused label" warning.*/ 2031 goto exit; 2032} 2033/* END_CASE */ 2034 2035/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ 2036void handshake_cipher(char *cipher, int pk_alg, int dtls) 2037{ 2038 test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls); 2039 2040 /* The goto below is used to avoid an "unused label" warning.*/ 2041 goto exit; 2042} 2043/* END_CASE */ 2044 2045/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ 2046void app_data(int mfl, int cli_msg_len, int srv_msg_len, 2047 int expected_cli_fragments, 2048 int expected_srv_fragments, int dtls) 2049{ 2050 mbedtls_test_handshake_test_options options; 2051 mbedtls_test_init_handshake_options(&options); 2052 2053 options.mfl = mfl; 2054 options.cli_msg_len = cli_msg_len; 2055 options.srv_msg_len = srv_msg_len; 2056 options.expected_cli_fragments = expected_cli_fragments; 2057 options.expected_srv_fragments = expected_srv_fragments; 2058 options.dtls = dtls; 2059 2060 mbedtls_test_ssl_perform_handshake(&options); 2061 /* The goto below is used to avoid an "unused label" warning.*/ 2062 goto exit; 2063} 2064/* END_CASE */ 2065 2066/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 2067void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, 2068 int expected_cli_fragments, 2069 int expected_srv_fragments) 2070{ 2071 test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, 2072 expected_srv_fragments, 0); 2073 /* The goto below is used to avoid an "unused label" warning.*/ 2074 goto exit; 2075} 2076/* END_CASE */ 2077 2078/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 2079void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, 2080 int expected_cli_fragments, 2081 int expected_srv_fragments) 2082{ 2083 test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, 2084 expected_srv_fragments, 1); 2085 /* The goto below is used to avoid an "unused label" warning.*/ 2086 goto exit; 2087} 2088/* END_CASE */ 2089 2090/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 2091void handshake_serialization() 2092{ 2093 mbedtls_test_handshake_test_options options; 2094 mbedtls_test_init_handshake_options(&options); 2095 2096 options.serialize = 1; 2097 options.dtls = 1; 2098 mbedtls_test_ssl_perform_handshake(&options); 2099 /* The goto below is used to avoid an "unused label" warning.*/ 2100 goto exit; 2101} 2102/* END_CASE */ 2103 2104/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/ 2105void handshake_fragmentation(int mfl, 2106 int expected_srv_hs_fragmentation, 2107 int expected_cli_hs_fragmentation) 2108{ 2109 mbedtls_test_handshake_test_options options; 2110 mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; 2111 2112 srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; 2113 srv_pattern.counter = 0; 2114 cli_pattern.counter = 0; 2115 2116 mbedtls_test_init_handshake_options(&options); 2117 options.dtls = 1; 2118 options.mfl = mfl; 2119 /* Set cipher to one using CBC so that record splitting can be tested */ 2120 options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; 2121 options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; 2122 options.srv_log_obj = &srv_pattern; 2123 options.cli_log_obj = &cli_pattern; 2124 options.srv_log_fun = mbedtls_test_ssl_log_analyzer; 2125 options.cli_log_fun = mbedtls_test_ssl_log_analyzer; 2126 2127 mbedtls_test_ssl_perform_handshake(&options); 2128 2129 /* Test if the server received a fragmented handshake */ 2130 if (expected_srv_hs_fragmentation) { 2131 TEST_ASSERT(srv_pattern.counter >= 1); 2132 } 2133 /* Test if the client received a fragmented handshake */ 2134 if (expected_cli_hs_fragmentation) { 2135 TEST_ASSERT(cli_pattern.counter >= 1); 2136 } 2137} 2138/* END_CASE */ 2139 2140/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 2141void renegotiation(int legacy_renegotiation) 2142{ 2143 mbedtls_test_handshake_test_options options; 2144 mbedtls_test_init_handshake_options(&options); 2145 2146 options.renegotiate = 1; 2147 options.legacy_renegotiation = legacy_renegotiation; 2148 options.dtls = 1; 2149 2150 mbedtls_test_ssl_perform_handshake(&options); 2151 /* The goto below is used to avoid an "unused label" warning.*/ 2152 goto exit; 2153} 2154/* END_CASE */ 2155 2156/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ 2157void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, 2158 int serialize, int dtls, char *cipher) 2159{ 2160 mbedtls_test_handshake_test_options options; 2161 mbedtls_test_init_handshake_options(&options); 2162 2163 options.mfl = mfl; 2164 options.cipher = cipher; 2165 options.renegotiate = renegotiation; 2166 options.legacy_renegotiation = legacy_renegotiation; 2167 options.serialize = serialize; 2168 options.dtls = dtls; 2169 options.resize_buffers = 1; 2170 2171 mbedtls_test_ssl_perform_handshake(&options); 2172 /* The goto below is used to avoid an "unused label" warning.*/ 2173 goto exit; 2174} 2175/* END_CASE */ 2176 2177/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 2178void resize_buffers_serialize_mfl(int mfl) 2179{ 2180 test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, 2181 (char *) ""); 2182 /* The goto below is used to avoid an "unused label" warning.*/ 2183 goto exit; 2184} 2185/* END_CASE */ 2186 2187/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ 2188void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, 2189 char *cipher) 2190{ 2191 test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); 2192 /* The goto below is used to avoid an "unused label" warning.*/ 2193 goto exit; 2194} 2195/* END_CASE */ 2196 2197/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ 2198void raw_key_agreement_fail(int bad_server_ecdhe_key) 2199{ 2200 enum { BUFFSIZE = 17000 }; 2201 mbedtls_test_ssl_endpoint client, server; 2202 mbedtls_psa_stats_t stats; 2203 size_t free_slots_before = -1; 2204 2205 mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1, 2206 MBEDTLS_ECP_DP_NONE }; 2207 2208 mbedtls_platform_zeroize(&client, sizeof(client)); 2209 mbedtls_platform_zeroize(&server, sizeof(server)); 2210 2211 /* Client side, force SECP256R1 to make one key bitflip fail 2212 * the raw key agreement. Flipping the first byte makes the 2213 * required 0x04 identifier invalid. */ 2214 TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, 2215 MBEDTLS_PK_ECDSA, NULL, NULL, 2216 NULL, curve_list), 0); 2217 2218 /* Server side */ 2219 TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, 2220 MBEDTLS_PK_ECDSA, NULL, NULL, 2221 NULL, NULL), 0); 2222 2223 USE_PSA_INIT(); 2224 2225 TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), 2226 &(server.socket), 2227 BUFFSIZE), 0); 2228 2229 TEST_EQUAL(mbedtls_test_move_handshake_to_state( 2230 &(client.ssl), &(server.ssl), 2231 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) 2232 , 0); 2233 2234 mbedtls_psa_get_stats(&stats); 2235 /* Save the number of slots in use up to this point. 2236 * With PSA, one can be used for the ECDH private key. */ 2237 free_slots_before = stats.empty_slots; 2238 2239 if (bad_server_ecdhe_key) { 2240 /* Force a simulated bitflip in the server key. to make the 2241 * raw key agreement in ssl_write_client_key_exchange fail. */ 2242 (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; 2243 } 2244 2245 TEST_EQUAL(mbedtls_test_move_handshake_to_state( 2246 &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), 2247 bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); 2248 2249 mbedtls_psa_get_stats(&stats); 2250 2251 /* Make sure that the key slot is already destroyed in case of failure, 2252 * without waiting to close the connection. */ 2253 if (bad_server_ecdhe_key) { 2254 TEST_EQUAL(free_slots_before, stats.empty_slots); 2255 } 2256 2257exit: 2258 mbedtls_test_ssl_endpoint_free(&client, NULL); 2259 mbedtls_test_ssl_endpoint_free(&server, NULL); 2260 2261 USE_PSA_DONE(); 2262} 2263/* END_CASE */ 2264 2265/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */ 2266void cookie_parsing(data_t *cookie, int exp_ret) 2267{ 2268 mbedtls_ssl_context ssl; 2269 mbedtls_ssl_config conf; 2270 size_t len; 2271 2272 mbedtls_ssl_init(&ssl); 2273 USE_PSA_INIT(); 2274 mbedtls_ssl_config_init(&conf); 2275 TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, 2276 MBEDTLS_SSL_TRANSPORT_DATAGRAM, 2277 MBEDTLS_SSL_PRESET_DEFAULT), 2278 0); 2279 2280 TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); 2281 TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, 2282 ssl.cli_id_len, 2283 cookie->x, cookie->len, 2284 ssl.out_buf, 2285 MBEDTLS_SSL_OUT_CONTENT_LEN, 2286 &len), 2287 exp_ret); 2288 2289exit: 2290 mbedtls_ssl_free(&ssl); 2291 mbedtls_ssl_config_free(&conf); 2292 USE_PSA_DONE(); 2293} 2294/* END_CASE */ 2295