/* BEGIN_HEADER */ #include #include #include #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_SSL_TLS_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void test_callback_buffer_sanity() { enum { MSGLEN = 10 }; mbedtls_test_ssl_buffer buf; unsigned char input[MSGLEN]; unsigned char output[MSGLEN]; USE_PSA_INIT(); memset(input, 0, sizeof(input)); /* Make sure calling put and get on NULL buffer results in error. */ TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); /* Make sure calling put and get on a buffer that hasn't been set up results * in error. */ mbedtls_test_ssl_buffer_init(&buf); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); /* Make sure calling put and get on NULL input only results in * error if the length is not zero, and that a NULL output is valid for data * dropping. */ TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) == 0); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); /* Make sure calling put several times in the row is safe */ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == sizeof(input)); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); exit: mbedtls_test_ssl_buffer_free(&buf); USE_PSA_DONE(); } /* END_CASE */ /* * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is * correct and works as expected. * * That is * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes. * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret * bytes. * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. * - All of the bytes we got match the bytes we put in in a FIFO manner. */ /* BEGIN_CASE */ void test_callback_buffer(int size, int put1, int put1_ret, int get1, int get1_ret, int put2, int put2_ret, int get2, int get2_ret) { enum { ROUNDS = 2 }; size_t put[ROUNDS]; int put_ret[ROUNDS]; size_t get[ROUNDS]; int get_ret[ROUNDS]; mbedtls_test_ssl_buffer buf; unsigned char *input = NULL; size_t input_len; unsigned char *output = NULL; size_t output_len; size_t i, j, written, read; mbedtls_test_ssl_buffer_init(&buf); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); /* Check the sanity of input parameters and initialise local variables. That * is, ensure that the amount of data is not negative and that we are not * expecting more to put or get than we actually asked for. */ TEST_ASSERT(put1 >= 0); put[0] = put1; put_ret[0] = put1_ret; TEST_ASSERT(put1_ret <= put1); TEST_ASSERT(put2 >= 0); put[1] = put2; put_ret[1] = put2_ret; TEST_ASSERT(put2_ret <= put2); TEST_ASSERT(get1 >= 0); get[0] = get1; get_ret[0] = get1_ret; TEST_ASSERT(get1_ret <= get1); TEST_ASSERT(get2 >= 0); get[1] = get2; get_ret[1] = get2_ret; TEST_ASSERT(get2_ret <= get2); input_len = 0; /* Calculate actual input and output lengths */ for (j = 0; j < ROUNDS; j++) { if (put_ret[j] > 0) { input_len += put_ret[j]; } } /* In order to always have a valid pointer we always allocate at least 1 * byte. */ if (input_len == 0) { input_len = 1; } TEST_CALLOC(input, input_len); output_len = 0; for (j = 0; j < ROUNDS; j++) { if (get_ret[j] > 0) { output_len += get_ret[j]; } } TEST_ASSERT(output_len <= input_len); /* In order to always have a valid pointer we always allocate at least 1 * byte. */ if (output_len == 0) { output_len = 1; } TEST_CALLOC(output, output_len); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < input_len; i++) { input[i] = i & 0xFF; } written = read = 0; for (j = 0; j < ROUNDS; j++) { TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, input + written, put[j])); written += put_ret[j]; TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, output + read, get[j])); read += get_ret[j]; TEST_ASSERT(read <= written); if (get_ret[j] > 0) { TEST_ASSERT(memcmp(output + read - get_ret[j], input + read - get_ret[j], get_ret[j]) == 0); } } exit: mbedtls_free(input); mbedtls_free(output); mbedtls_test_ssl_buffer_free(&buf); USE_PSA_DONE(); } /* END_CASE */ /* * Test if the implementation of `mbedtls_test_mock_socket` related * I/O functions is correct and works as expected on unconnected sockets. */ /* BEGIN_CASE */ void ssl_mock_sanity() { enum { MSGLEN = 105 }; unsigned char message[MSGLEN] = { 0 }; unsigned char received[MSGLEN] = { 0 }; mbedtls_test_mock_socket socket; mbedtls_test_mock_socket_init(&socket); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); exit: mbedtls_test_mock_socket_close(&socket); USE_PSA_DONE(); } /* END_CASE */ /* * Test if the implementation of `mbedtls_test_mock_socket` related functions * can send a single message from the client to the server. */ /* BEGIN_CASE */ void ssl_mock_tcp(int blocking) { enum { MSGLEN = 105 }; enum { BUFLEN = MSGLEN / 5 }; unsigned char message[MSGLEN]; unsigned char received[MSGLEN]; mbedtls_test_mock_socket client; mbedtls_test_mock_socket server; size_t written, read; int send_ret, recv_ret; mbedtls_ssl_send_t *send; mbedtls_ssl_recv_t *recv; unsigned i; if (blocking == 0) { send = mbedtls_test_mock_tcp_send_nb; recv = mbedtls_test_mock_tcp_recv_nb; } else { send = mbedtls_test_mock_tcp_send_b; recv = mbedtls_test_mock_tcp_recv_b; } mbedtls_test_mock_socket_init(&client); mbedtls_test_mock_socket_init(&server); USE_PSA_INIT(); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } /* Make sure that sending a message takes a few iterations. */ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); /* Send the message to the server */ send_ret = recv_ret = 1; written = read = 0; while (send_ret != 0 || recv_ret != 0) { send_ret = send(&client, message + written, MSGLEN - written); TEST_ASSERT(send_ret >= 0); TEST_ASSERT(send_ret <= BUFLEN); written += send_ret; /* If the buffer is full we can test blocking and non-blocking send */ if (send_ret == BUFLEN) { int blocking_ret = send(&client, message, 1); if (blocking) { TEST_ASSERT(blocking_ret == 0); } else { TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); } } recv_ret = recv(&server, received + read, MSGLEN - read); /* The result depends on whether any data was sent */ if (send_ret > 0) { TEST_ASSERT(recv_ret > 0); TEST_ASSERT(recv_ret <= BUFLEN); read += recv_ret; } else if (blocking) { TEST_ASSERT(recv_ret == 0); } else { TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ); recv_ret = 0; } /* If the buffer is empty we can test blocking and non-blocking read */ if (recv_ret == BUFLEN) { int blocking_ret = recv(&server, received, 1); if (blocking) { TEST_ASSERT(blocking_ret == 0); } else { TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); } } } TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: mbedtls_test_mock_socket_close(&client); mbedtls_test_mock_socket_close(&server); USE_PSA_DONE(); } /* END_CASE */ /* * Test if the implementation of `mbedtls_test_mock_socket` related functions * can send messages in both direction at the same time (with the I/O calls * interleaving). */ /* BEGIN_CASE */ void ssl_mock_tcp_interleaving(int blocking) { enum { ROUNDS = 2 }; enum { MSGLEN = 105 }; enum { BUFLEN = MSGLEN / 5 }; unsigned char message[ROUNDS][MSGLEN]; unsigned char received[ROUNDS][MSGLEN]; mbedtls_test_mock_socket client; mbedtls_test_mock_socket server; size_t written[ROUNDS]; size_t read[ROUNDS]; int send_ret[ROUNDS]; int recv_ret[ROUNDS]; unsigned i, j, progress; mbedtls_ssl_send_t *send; mbedtls_ssl_recv_t *recv; if (blocking == 0) { send = mbedtls_test_mock_tcp_send_nb; recv = mbedtls_test_mock_tcp_recv_nb; } else { send = mbedtls_test_mock_tcp_send_b; recv = mbedtls_test_mock_tcp_recv_b; } mbedtls_test_mock_socket_init(&client); mbedtls_test_mock_socket_init(&server); USE_PSA_INIT(); /* Fill up the buffers with structured data so that unwanted changes * can be detected */ for (i = 0; i < ROUNDS; i++) { for (j = 0; j < MSGLEN; j++) { message[i][j] = (i * MSGLEN + j) & 0xFF; } } /* Make sure that sending a message takes a few iterations. */ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; for (i = 0; i < ROUNDS; i++) { written[i] = 0; read[i] = 0; } /* This loop does not stop as long as there was a successful write or read * of at least one byte on either side. */ while (progress != 0) { mbedtls_test_mock_socket *socket; for (i = 0; i < ROUNDS; i++) { /* First sending is from the client */ socket = (i % 2 == 0) ? (&client) : (&server); send_ret[i] = send(socket, message[i] + written[i], MSGLEN - written[i]); TEST_ASSERT(send_ret[i] >= 0); TEST_ASSERT(send_ret[i] <= BUFLEN); written[i] += send_ret[i]; /* If the buffer is full we can test blocking and non-blocking * send */ if (send_ret[i] == BUFLEN) { int blocking_ret = send(socket, message[i], 1); if (blocking) { TEST_ASSERT(blocking_ret == 0); } else { TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); } } } for (i = 0; i < ROUNDS; i++) { /* First receiving is from the server */ socket = (i % 2 == 0) ? (&server) : (&client); recv_ret[i] = recv(socket, received[i] + read[i], MSGLEN - read[i]); /* The result depends on whether any data was sent */ if (send_ret[i] > 0) { TEST_ASSERT(recv_ret[i] > 0); TEST_ASSERT(recv_ret[i] <= BUFLEN); read[i] += recv_ret[i]; } else if (blocking) { TEST_ASSERT(recv_ret[i] == 0); } else { TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ); recv_ret[i] = 0; } /* If the buffer is empty we can test blocking and non-blocking * read */ if (recv_ret[i] == BUFLEN) { int blocking_ret = recv(socket, received[i], 1); if (blocking) { TEST_ASSERT(blocking_ret == 0); } else { TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); } } } progress = 0; for (i = 0; i < ROUNDS; i++) { progress += send_ret[i] + recv_ret[i]; } } for (i = 0; i < ROUNDS; i++) { TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0); } exit: mbedtls_test_mock_socket_close(&client); mbedtls_test_mock_socket_close(&server); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_queue_sanity() { mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); /* Trying to push/pull to an empty queue */ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) == MBEDTLS_TEST_ERROR_ARG_NULL); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) == MBEDTLS_TEST_ERROR_ARG_NULL); TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 0); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_queue_basic() { mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* Sanity test - 3 pushes and 3 pops with sufficient space */ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 2); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 3); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_queue_overflow_underflow() { mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* 4 pushes (last one with an error), 4 pops (last one with an error) */ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == MBEDTLS_ERR_SSL_WANT_WRITE); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_queue_interleaved() { mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops * (to wrap around the buffer) */ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_queue_insufficient_buffer() { mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; size_t message_len = 10; size_t buffer_len = 5; USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); /* Popping without a sufficient buffer */ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) == (int) message_len); TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) == (int) buffer_len); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_uninitialized() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; mbedtls_test_mock_socket client, server; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); /* Send with a NULL context */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, &client, &client_context) == 0); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, MSGLEN) == MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_basic() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, &client, &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, MSGLEN)); /* Send the message to the server */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); /* Read from the server */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, MSGLEN); /* Send the message to the client */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, MSGLEN) == MSGLEN); /* Read from the client */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_queue_overflow_underflow() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, &client, &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, MSGLEN*2)); /* Send three message to the server, last one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN - 1) == MSGLEN - 1); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_ERR_SSL_WANT_WRITE); /* Read three messages from the server, last one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN - 1) == MSGLEN - 1); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_socket_overflow() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, &client, &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, MSGLEN)); /* Send two message to the server, second one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_truncated() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, &client, &client_context) == 0); memset(received, 0, MSGLEN); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, 2 * MSGLEN)); /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN / 2) == MSGLEN / 2); /* Read a truncated message from the server */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) == MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) != 0); memset(received, 0, MSGLEN); /* Read a full message from the server */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) == MSGLEN / 2); /* Test that the first half of the message is valid */ TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_socket_read_error() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, &client, &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, MSGLEN)); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; memset(received, 0, sizeof(received)); /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_interleaved_one_way() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, &client, &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, and then two reads * (to wrap around the buffer) */ for (i = 0; i < 2; i++) { TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); } TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_message_mock_interleaved_two_ways() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; mbedtls_test_mock_socket client, server; unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, &server, &server_context) == 0); TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, &client, &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads * (to wrap around the buffer) both ways. */ for (i = 0; i < 2; i++) { TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, MSGLEN) == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) { uint32_t len = 0; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); USE_PSA_INIT(); TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); /* Read previous record numbers */ for (len = 0; len < prevs->len; len += 6) { memcpy(ssl.in_ctr + 2, prevs->x + len, 6); mbedtls_ssl_dtls_replay_update(&ssl); } /* Check new number */ memcpy(ssl.in_ctr + 2, new->x, 6); TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret); exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C */ void ssl_set_hostname_twice(char *hostname0, char *hostname1) { mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); USE_PSA_INIT(); TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0); TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0); exit: mbedtls_ssl_free(&ssl); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_crypt_record(int cipher_type, int hash_id, int etm, int tag_mode, int ver, int cid0_len, int cid1_len) { /* * Test several record encryptions and decryptions * with plenty of space before and after the data * within the record buffer. */ int ret; int num_records = 16; mbedtls_ssl_context ssl; /* ONLY for debugging */ mbedtls_ssl_transform t0, t1; unsigned char *buf = NULL; size_t const buflen = 512; mbedtls_record rec, rec_backup; mbedtls_ssl_init(&ssl); USE_PSA_INIT(); mbedtls_ssl_transform_init(&t0); mbedtls_ssl_transform_init(&t1); TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, etm, tag_mode, ver, (size_t) cid0_len, (size_t) cid1_len) == 0); TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); while (num_records-- > 0) { mbedtls_ssl_transform *t_dec, *t_enc; /* Take turns in who's sending and who's receiving. */ if (num_records % 3 == 0) { t_dec = &t0; t_enc = &t1; } else { t_dec = &t1; t_enc = &t0; } /* * The record header affects the transformation in two ways: * 1) It determines the AEAD additional data * 2) The record counter sometimes determines the IV. * * Apart from that, the fields don't have influence. * In particular, it is currently not the responsibility * of ssl_encrypt/decrypt_buf to check if the transform * version matches the record version, or that the * type is sensible. */ memset(rec.ctr, num_records, sizeof(rec.ctr)); rec.type = 42; rec.ver[0] = num_records; rec.ver[1] = num_records; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ rec.buf = buf; rec.buf_len = buflen; rec.data_offset = 16; /* Make sure to vary the length to exercise different * paddings. */ rec.data_len = 1 + num_records; memset(rec.buf + rec.data_offset, 42, rec.data_len); /* Make a copy for later comparison */ rec_backup = rec; /* Encrypt record */ ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); if (ret != 0) { continue; } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec.cid_len != 0) { /* DTLS 1.2 + CID hides the real content type and * uses a special CID content type in the protected * record. Double-check this. */ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { /* TLS 1.3 hides the real content type and * always uses Application Data as the content type * for protected records. Double-check this. */ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* Decrypt record with t_dec */ ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); TEST_ASSERT(ret == 0); /* Compare results */ TEST_ASSERT(rec.type == rec_backup.type); TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); TEST_ASSERT(rec.data_len == rec_backup.data_len); TEST_ASSERT(rec.data_offset == rec_backup.data_offset); TEST_ASSERT(memcmp(rec.buf + rec.data_offset, rec_backup.buf + rec_backup.data_offset, rec.data_len) == 0); } exit: /* Cleanup */ mbedtls_ssl_free(&ssl); mbedtls_ssl_transform_free(&t0); mbedtls_ssl_transform_free(&t1); mbedtls_free(buf); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_crypt_record_small(int cipher_type, int hash_id, int etm, int tag_mode, int ver, int cid0_len, int cid1_len) { /* * Test pairs of encryption and decryption with an increasing * amount of space in the record buffer - in more detail: * 1) Try to encrypt with 0, 1, 2, ... bytes available * in front of the plaintext, and expect the encryption * to succeed starting from some offset. Always keep * enough space in the end of the buffer. * 2) Try to encrypt with 0, 1, 2, ... bytes available * at the end of the plaintext, and expect the encryption * to succeed starting from some offset. Always keep * enough space at the beginning of the buffer. * 3) Try to encrypt with 0, 1, 2, ... bytes available * both at the front and end of the plaintext, * and expect the encryption to succeed starting from * some offset. * * If encryption succeeds, check that decryption succeeds * and yields the original record. */ mbedtls_ssl_context ssl; /* ONLY for debugging */ mbedtls_ssl_transform t0, t1; unsigned char *buf = NULL; size_t const buflen = 256; mbedtls_record rec, rec_backup; int ret; int mode; /* Mode 1, 2 or 3 as explained above */ size_t offset; /* Available space at beginning/end/both */ size_t threshold = 96; /* Maximum offset to test against */ size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */ size_t default_post_padding = 128; /* Post-padding to use in mode 1 */ int seen_success; /* Indicates if in the current mode we've * already seen a successful test. */ mbedtls_ssl_init(&ssl); mbedtls_ssl_transform_init(&t0); mbedtls_ssl_transform_init(&t1); USE_PSA_INIT(); TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, etm, tag_mode, ver, (size_t) cid0_len, (size_t) cid1_len) == 0); TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); for (mode = 1; mode <= 3; mode++) { seen_success = 0; for (offset = 0; offset <= threshold; offset++) { mbedtls_ssl_transform *t_dec, *t_enc; t_dec = &t0; t_enc = &t1; memset(rec.ctr, offset, sizeof(rec.ctr)); rec.type = 42; rec.ver[0] = offset; rec.ver[1] = offset; rec.buf = buf; rec.buf_len = buflen; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ switch (mode) { case 1: /* Space in the beginning */ rec.data_offset = offset; rec.data_len = buflen - offset - default_post_padding; break; case 2: /* Space in the end */ rec.data_offset = default_pre_padding; rec.data_len = buflen - default_pre_padding - offset; break; case 3: /* Space in the beginning and end */ rec.data_offset = offset; rec.data_len = buflen - 2 * offset; break; default: TEST_ASSERT(0); break; } memset(rec.buf + rec.data_offset, 42, rec.data_len); /* Make a copy for later comparison */ rec_backup = rec; /* Encrypt record */ ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL); if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { /* It's ok if the output buffer is too small. We do insist * on at least one mode succeeding; this is tracked by * seen_success. */ continue; } TEST_EQUAL(ret, 0); seen_success = 1; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec.cid_len != 0) { /* DTLS 1.2 + CID hides the real content type and * uses a special CID content type in the protected * record. Double-check this. */ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if (t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { /* TLS 1.3 hides the real content type and * always uses Application Data as the content type * for protected records. Double-check this. */ TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* Decrypt record with t_dec */ TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0); /* Compare results */ TEST_ASSERT(rec.type == rec_backup.type); TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); TEST_ASSERT(rec.data_len == rec_backup.data_len); TEST_ASSERT(rec.data_offset == rec_backup.data_offset); TEST_ASSERT(memcmp(rec.buf + rec.data_offset, rec_backup.buf + rec_backup.data_offset, rec.data_len) == 0); } TEST_ASSERT(seen_success == 1); } exit: /* Cleanup */ mbedtls_ssl_free(&ssl); mbedtls_ssl_transform_free(&t0); mbedtls_ssl_transform_free(&t1); mbedtls_free(buf); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_hkdf_expand_label(int hash_alg, data_t *secret, int label_idx, data_t *ctx, int desired_length, data_t *expected) { unsigned char dst[100]; unsigned char const *lbl = NULL; size_t lbl_len; #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ if (label_idx == (int) tls1_3_label_ ## name) \ { \ lbl = mbedtls_ssl_tls1_3_labels.name; \ lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \ } MBEDTLS_SSL_TLS1_3_LABEL_LIST #undef MBEDTLS_SSL_TLS1_3_LABEL TEST_ASSERT(lbl != NULL); /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); TEST_ASSERT((size_t) desired_length == expected->len); TEST_ASSERT(mbedtls_ssl_tls1_3_hkdf_expand_label( (mbedtls_md_type_t) hash_alg, secret->x, secret->len, lbl, lbl_len, ctx->x, ctx->len, dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, (size_t) desired_length, expected->x, (size_t) expected->len); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_traffic_key_generation(int hash_alg, data_t *server_secret, data_t *client_secret, int desired_iv_len, int desired_key_len, data_t *expected_server_write_key, data_t *expected_server_write_iv, data_t *expected_client_write_key, data_t *expected_client_write_iv) { mbedtls_ssl_key_set keys; /* Check sanity of test parameters. */ TEST_ASSERT(client_secret->len == server_secret->len); TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len && expected_client_write_iv->len == (size_t) desired_iv_len); TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len && expected_client_write_key->len == (size_t) desired_key_len); TEST_ASSERT(mbedtls_ssl_tls1_3_make_traffic_keys( (mbedtls_md_type_t) hash_alg, client_secret->x, server_secret->x, client_secret->len /* == server_secret->len */, desired_key_len, desired_iv_len, &keys) == 0); TEST_MEMORY_COMPARE(keys.client_write_key, keys.key_len, expected_client_write_key->x, (size_t) desired_key_len); TEST_MEMORY_COMPARE(keys.server_write_key, keys.key_len, expected_server_write_key->x, (size_t) desired_key_len); TEST_MEMORY_COMPARE(keys.client_write_iv, keys.iv_len, expected_client_write_iv->x, (size_t) desired_iv_len); TEST_MEMORY_COMPARE(keys.server_write_iv, keys.iv_len, expected_server_write_iv->x, (size_t) desired_iv_len); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_derive_secret(int hash_alg, data_t *secret, int label_idx, data_t *ctx, int desired_length, int already_hashed, data_t *expected) { unsigned char dst[100]; unsigned char const *lbl = NULL; size_t lbl_len; #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ if (label_idx == (int) tls1_3_label_ ## name) \ { \ lbl = mbedtls_ssl_tls1_3_labels.name; \ lbl_len = sizeof(mbedtls_ssl_tls1_3_labels.name); \ } MBEDTLS_SSL_TLS1_3_LABEL_LIST #undef MBEDTLS_SSL_TLS1_3_LABEL TEST_ASSERT(lbl != NULL); /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); TEST_ASSERT((size_t) desired_length == expected->len); TEST_ASSERT(mbedtls_ssl_tls1_3_derive_secret( (mbedtls_md_type_t) hash_alg, secret->x, secret->len, lbl, lbl_len, ctx->x, ctx->len, already_hashed, dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, desired_length, expected->x, desired_length); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_key_evolution(int hash_alg, data_t *secret, data_t *input, data_t *expected) { unsigned char secret_new[MBEDTLS_MD_MAX_SIZE]; TEST_ASSERT(mbedtls_ssl_tls1_3_evolve_secret( (mbedtls_md_type_t) hash_alg, secret->len ? secret->x : NULL, input->len ? input->x : NULL, input->len, secret_new) == 0); TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, expected->x, (size_t) expected->len); } /* END_CASE */ /* BEGIN_CASE */ void ssl_tls_prf(int type, data_t *secret, data_t *random, char *label, data_t *result_str, int exp_ret) { unsigned char *output; output = mbedtls_calloc(1, result_str->len); if (output == NULL) { goto exit; } USE_PSA_INIT(); TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len, label, random->x, random->len, output, result_str->len) == exp_ret); if (exp_ret == 0) { TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, result_str->len, result_str->len) == 0); } exit: mbedtls_free(output); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_serialize_session_save_load(int ticket_len, char *crt_file) { mbedtls_ssl_session original, restored; unsigned char *buf = NULL; size_t len; /* * Test that a save-load pair is the identity */ mbedtls_ssl_session_init(&original); mbedtls_ssl_session_init(&restored); USE_PSA_INIT(); /* Prepare a dummy session to work on */ TEST_ASSERT(mbedtls_test_ssl_populate_session( &original, ticket_len, crt_file) == 0); /* Serialize it */ TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL); TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len) == 0); /* Restore session from serialized data */ TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0); /* * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) TEST_ASSERT(original.start == restored.start); #endif TEST_ASSERT(original.ciphersuite == restored.ciphersuite); TEST_ASSERT(original.compression == restored.compression); TEST_ASSERT(original.id_len == restored.id_len); TEST_ASSERT(memcmp(original.id, restored.id, sizeof(original.id)) == 0); TEST_ASSERT(memcmp(original.master, restored.master, sizeof(original.master)) == 0); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) TEST_ASSERT((original.peer_cert == NULL) == (restored.peer_cert == NULL)); if (original.peer_cert != NULL) { TEST_ASSERT(original.peer_cert->raw.len == restored.peer_cert->raw.len); TEST_ASSERT(memcmp(original.peer_cert->raw.p, restored.peer_cert->raw.p, original.peer_cert->raw.len) == 0); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ TEST_ASSERT(original.peer_cert_digest_type == restored.peer_cert_digest_type); TEST_ASSERT(original.peer_cert_digest_len == restored.peer_cert_digest_len); TEST_ASSERT((original.peer_cert_digest == NULL) == (restored.peer_cert_digest == NULL)); if (original.peer_cert_digest != NULL) { TEST_ASSERT(memcmp(original.peer_cert_digest, restored.peer_cert_digest, original.peer_cert_digest_len) == 0); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C */ TEST_ASSERT(original.verify_result == restored.verify_result); #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) TEST_ASSERT(original.ticket_len == restored.ticket_len); if (original.ticket_len != 0) { TEST_ASSERT(original.ticket != NULL); TEST_ASSERT(restored.ticket != NULL); TEST_ASSERT(memcmp(original.ticket, restored.ticket, original.ticket_len) == 0); } TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_ASSERT(original.mfl_code == restored.mfl_code); #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) TEST_ASSERT(original.trunc_hmac == restored.trunc_hmac); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac); #endif exit: mbedtls_ssl_session_free(&original); mbedtls_ssl_session_free(&restored); mbedtls_free(buf); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_serialize_session_load_save(int ticket_len, char *crt_file) { mbedtls_ssl_session session; unsigned char *buf1 = NULL, *buf2 = NULL; size_t len0, len1, len2; /* * Test that a load-save pair is the identity */ mbedtls_ssl_session_init(&session); USE_PSA_INIT(); /* Prepare a dummy session to work on */ TEST_ASSERT(mbedtls_test_ssl_populate_session( &session, ticket_len, crt_file) == 0); /* Get desired buffer size for serializing */ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Allocate first buffer */ buf1 = mbedtls_calloc(1, len0); TEST_ASSERT(buf1 != NULL); /* Serialize to buffer and free live session */ TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1) == 0); TEST_ASSERT(len0 == len1); mbedtls_ssl_session_free(&session); /* Restore session from serialized data */ TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0); /* Allocate second buffer and serialize to it */ buf2 = mbedtls_calloc(1, len0); TEST_ASSERT(buf2 != NULL); TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2) == 0); /* Make sure both serialized versions are identical */ TEST_ASSERT(len1 == len2); TEST_ASSERT(memcmp(buf1, buf2, len1) == 0); exit: mbedtls_ssl_session_free(&session); mbedtls_free(buf1); mbedtls_free(buf2); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file) { mbedtls_ssl_session session; unsigned char *buf = NULL; size_t good_len, bad_len, test_len; /* * Test that session_save() fails cleanly on small buffers */ mbedtls_ssl_session_init(&session); USE_PSA_INIT(); /* Prepare dummy session and get serialized size */ TEST_ASSERT(mbedtls_test_ssl_populate_session( &session, ticket_len, crt_file) == 0); TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Try all possible bad lengths */ for (bad_len = 1; bad_len < good_len; bad_len++) { /* Allocate exact size so that asan/valgrind can detect any overwrite */ mbedtls_free(buf); TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL); TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len, &test_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_ASSERT(test_len == good_len); } exit: mbedtls_ssl_session_free(&session); mbedtls_free(buf); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file) { mbedtls_ssl_session session; unsigned char *good_buf = NULL, *bad_buf = NULL; size_t good_len, bad_len; /* * Test that session_load() fails cleanly on small buffers */ mbedtls_ssl_session_init(&session); USE_PSA_INIT(); /* Prepare serialized session data */ TEST_ASSERT(mbedtls_test_ssl_populate_session( &session, ticket_len, crt_file) == 0); TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL); TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len, &good_len) == 0); mbedtls_ssl_session_free(&session); /* Try all possible bad lengths */ for (bad_len = 0; bad_len < good_len; bad_len++) { /* Allocate exact size so that asan/valgrind can detect any overread */ mbedtls_free(bad_buf); bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1); TEST_ASSERT(bad_buf != NULL); memcpy(bad_buf, good_buf, bad_len); TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } exit: mbedtls_ssl_session_free(&session); mbedtls_free(good_buf); mbedtls_free(bad_buf); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void ssl_session_serialize_version_check(int corrupt_major, int corrupt_minor, int corrupt_patch, int corrupt_config) { unsigned char serialized_session[2048]; size_t serialized_session_len; unsigned cur_byte; mbedtls_ssl_session session; uint8_t should_corrupt_byte[] = { corrupt_major == 1, corrupt_minor == 1, corrupt_patch == 1, corrupt_config == 1, corrupt_config == 1 }; mbedtls_ssl_session_init(&session); USE_PSA_INIT(); /* Infer length of serialized session. */ TEST_ASSERT(mbedtls_ssl_session_save(&session, serialized_session, sizeof(serialized_session), &serialized_session_len) == 0); mbedtls_ssl_session_free(&session); /* Without any modification, we should be able to successfully * de-serialize the session - double-check that. */ TEST_ASSERT(mbedtls_ssl_session_load(&session, serialized_session, serialized_session_len) == 0); mbedtls_ssl_session_free(&session); /* Go through the bytes in the serialized session header and * corrupt them bit-by-bit. */ for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) { int cur_bit; unsigned char * const byte = &serialized_session[cur_byte]; if (should_corrupt_byte[cur_byte] == 0) { continue; } for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) { unsigned char const corrupted_bit = 0x1u << cur_bit; /* Modify a single bit in the serialized session. */ *byte ^= corrupted_bit; /* Attempt to deserialize */ TEST_ASSERT(mbedtls_ssl_session_load(&session, serialized_session, serialized_session_len) == MBEDTLS_ERR_SSL_VERSION_MISMATCH); /* Undo the change */ *byte ^= corrupted_bit; } } USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint ep; int ret = -1; USE_PSA_INIT(); ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); exit: mbedtls_test_ssl_endpoint_free(&ep, NULL); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */ void move_handshake_to_state(int endpoint_type, int state, int need_pass) { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint base_ep, second_ep; int ret = -1; mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); USE_PSA_INIT(); ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), &(second_ep.socket), BUFFSIZE); TEST_ASSERT(ret == 0); ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), &(second_ep.ssl), state); if (need_pass) { TEST_ASSERT(ret == 0); TEST_ASSERT(base_ep.ssl.state == state); } else { TEST_ASSERT(ret != 0); TEST_ASSERT(base_ep.ssl.state != state); } exit: mbedtls_test_ssl_endpoint_free(&base_ep, NULL); mbedtls_test_ssl_endpoint_free(&second_ep, NULL); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) { mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); options.client_min_version = client_min_version; options.client_max_version = client_max_version; options.server_min_version = server_min_version; options.server_max_version = server_max_version; options.expected_negotiated_version = expected_negotiated_version; options.dtls = dtls; /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so * the number of fragments will be twice as big. */ if (expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 || expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1) { options.expected_cli_fragments = 2; options.expected_srv_fragments = 2; } mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) { mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); options.cipher = cipher; options.dtls = dtls; options.psk_str = psk_str; options.pk_alg = pk_alg; mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_cipher(char *cipher, int pk_alg, int dtls) { test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls) { mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); options.mfl = mfl; options.cli_msg_len = cli_msg_len; options.srv_msg_len = srv_msg_len; options.expected_cli_fragments = expected_cli_fragments; options.expected_srv_fragments = expected_srv_fragments; options.dtls = dtls; mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) { test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, expected_srv_fragments, 0); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) { test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, expected_srv_fragments, 1); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_serialization() { mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); options.serialize = 1; options.dtls = 1; mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) { mbedtls_test_handshake_test_options options; mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; srv_pattern.counter = 0; cli_pattern.counter = 0; mbedtls_test_init_handshake_options(&options); options.dtls = 1; options.mfl = mfl; /* Set cipher to one using CBC so that record splitting can be tested */ options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; options.srv_log_obj = &srv_pattern; options.cli_log_obj = &cli_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; options.cli_log_fun = mbedtls_test_ssl_log_analyzer; mbedtls_test_ssl_perform_handshake(&options); /* Test if the server received a fragmented handshake */ if (expected_srv_hs_fragmentation) { TEST_ASSERT(srv_pattern.counter >= 1); } /* Test if the client received a fragmented handshake */ if (expected_cli_hs_fragmentation) { TEST_ASSERT(cli_pattern.counter >= 1); } } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); options.renegotiate = 1; options.legacy_renegotiation = legacy_renegotiation; options.dtls = 1; mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); options.mfl = mfl; options.cipher = cipher; options.renegotiate = renegotiation; options.legacy_renegotiation = legacy_renegotiation; options.serialize = serialize; options.dtls = dtls; options.resize_buffers = 1; mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_serialize_mfl(int mfl) { test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, (char *) ""); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; mbedtls_psa_stats_t stats; size_t free_slots_before = -1; mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE }; mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the * required 0x04 identifier invalid. */ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_ECDSA, NULL, NULL, NULL, curve_list), 0); /* Server side */ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_ECDSA, NULL, NULL, NULL, NULL), 0); USE_PSA_INIT(); TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), BUFFSIZE), 0); TEST_EQUAL(mbedtls_test_move_handshake_to_state( &(client.ssl), &(server.ssl), MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) , 0); mbedtls_psa_get_stats(&stats); /* Save the number of slots in use up to this point. * With PSA, one can be used for the ECDH private key. */ free_slots_before = stats.empty_slots; if (bad_server_ecdhe_key) { /* Force a simulated bitflip in the server key. to make the * raw key agreement in ssl_write_client_key_exchange fail. */ (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; } TEST_EQUAL(mbedtls_test_move_handshake_to_state( &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); mbedtls_psa_get_stats(&stats); /* Make sure that the key slot is already destroyed in case of failure, * without waiting to close the connection. */ if (bad_server_ecdhe_key) { TEST_EQUAL(free_slots_before, stats.empty_slots); } exit: mbedtls_test_ssl_endpoint_free(&client, NULL); mbedtls_test_ssl_endpoint_free(&server, NULL); USE_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */ void cookie_parsing(data_t *cookie, int exp_ret) { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; size_t len; mbedtls_ssl_init(&ssl); USE_PSA_INIT(); mbedtls_ssl_config_init(&conf); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, ssl.cli_id_len, cookie->x, cookie->len, ssl.out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len), exp_ret); exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); USE_PSA_DONE(); } /* END_CASE */