diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index e7503c7d5..572b6cb71 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -130,6 +130,9 @@ typedef struct mbedtls_test_handshake_test_options { #endif } mbedtls_test_handshake_test_options; +/* + * Buffer structure for custom I/O callbacks. + */ typedef struct mbedtls_test_ssl_buffer { size_t start; size_t content_length; @@ -311,13 +314,13 @@ int mbedtls_test_ssl_message_queue_pop_info( /* * Setup and teardown functions for mock sockets. */ -void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket); +void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); /* * Closes the socket \p socket. * * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). + * mbedtls_test_mock_socket_init(). * * This function frees all allocated resources and both sockets are aware of the * new connection state. @@ -332,7 +335,7 @@ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); * Establishes a connection between \p peer1 and \p peer2. * * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). + * mbedtls_test_mock_socket_init(). * * The capacities of the internal buffers are set to \p bufsize. Setting this to * the correct value allows for simulation of MTU, sanity testing the mock @@ -374,7 +377,8 @@ void mbedtls_test_message_socket_init( int mbedtls_test_message_socket_setup( mbedtls_test_ssl_message_queue *queue_input, mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, mbedtls_test_mock_socket *socket, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, mbedtls_test_message_socket_context *ctx); /* @@ -411,8 +415,7 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, * mbedtls_test_mock_tcp_recv_b failed. * * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. */ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len); @@ -488,6 +491,12 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, } \ } while (0) +#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX +#else +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX +#endif + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, @@ -544,10 +553,11 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, * * \retval 0 on success, otherwise error code. */ -int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2); +int mbedtls_test_ssl_exchange_data( + mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( @@ -566,7 +576,7 @@ void mbedtls_test_ssl_perform_handshake( * is expected to fail. All zeroes if no * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. */ -int tweak_tls13_certificate_msg_vector_len( +int mbedtls_test_tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 08956e880..e79d152b6 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -124,10 +124,6 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) } #endif /* MBEDTLS_TEST_HOOKS */ -/* - * Buffer structure for custom I/O callbacks. - */ - void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); @@ -233,8 +229,8 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return (output_len > INT_MAX) ? INT_MAX : (int) output_len; } -int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, - size_t capacity) +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); if (NULL == queue->messages) { @@ -248,7 +244,8 @@ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return 0; } -void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -315,8 +312,9 @@ int mbedtls_test_ssl_message_queue_pop_info( * set to the full message length so that the * caller knows what portion of the message can be dropped. */ -int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) +static int test_ssl_message_queue_peek_info( + mbedtls_test_ssl_message_queue *queue, + size_t buf_len, size_t *msg_len) { if (queue == NULL || msg_len == NULL) { return MBEDTLS_TEST_ERROR_ARG_NULL; @@ -329,7 +327,7 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) +void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } @@ -459,7 +457,8 @@ int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; ctx->queue_output = NULL; @@ -480,12 +479,13 @@ int mbedtls_test_message_socket_setup( ctx->queue_input = queue_input; ctx->queue_output = queue_output; ctx->socket = socket; - mbedtls_mock_socket_init(socket); + mbedtls_test_mock_socket_init(socket); return 0; } -void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { return; @@ -544,7 +544,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, /* Peek first, so that in case of a socket error the data remains in * the queue. */ - ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); + ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Calculate how much to drop */ drop_len = msg_len - buf_len; @@ -578,7 +578,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, /* * Deinitializes certificates from endpoint represented by \p ep. */ -void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) +static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) { mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); if (cert != NULL) { @@ -730,7 +730,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, exit: if (ret != 0) { - mbedtls_endpoint_certificate_free(ep); + test_ssl_endpoint_certificate_free(ep); } return ret; @@ -781,7 +781,7 @@ int mbedtls_test_ssl_endpoint_init( 100, &(ep->socket), dtls_context) == 0); } else { - mbedtls_mock_socket_init(&(ep->socket)); + mbedtls_test_mock_socket_init(&(ep->socket)); } /* Non-blocking callbacks without timeout */ @@ -868,7 +868,7 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { - mbedtls_endpoint_certificate_free(ep); + test_ssl_endpoint_certificate_free(ep); mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); @@ -941,7 +941,7 @@ int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, /* Used for DTLS and the message size larger than MFL. In that case * the message can not be fragmented and the library should return * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_exchange_data(). */ + * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ return ret; } else if (expected_fragments == 1) { /* Used for TLS/DTLS and the message size lower than MFL */ @@ -1004,8 +1004,9 @@ exit: return -1; } -void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, + int *forced_ciphersuite) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); @@ -1030,9 +1031,13 @@ void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, exit: return; } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_SSL_SRV_C) +static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) { (void) p_info; (void) ssl; @@ -1041,12 +1046,9 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, return 0; } - -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && + MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) @@ -1600,10 +1602,11 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) +int mbedtls_test_ssl_exchange_data( + mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2) { unsigned char *msg_buf_1 = malloc(msg_len_1); unsigned char *msg_buf_2 = malloc(msg_len_2); @@ -1709,12 +1712,18 @@ exit: * * \retval 0 on success, otherwise error code. */ -int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + (defined(MBEDTLS_SSL_RENEGOTIATION) || \ + defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) +static int exchange_data(mbedtls_ssl_context *ssl_1, + mbedtls_ssl_context *ssl_2) { - return mbedtls_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); + return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, + ssl_2, 256, 1); } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && + (MBEDTLS_SSL_RENEGOTIATION || + MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int check_ssl_version( @@ -1755,7 +1764,6 @@ exit: } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options) @@ -1964,10 +1972,11 @@ void mbedtls_test_ssl_perform_handshake( if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) + TEST_ASSERT(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments) == 0); } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -2024,12 +2033,10 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_exchange_data( - &(client.ssl), - options->cli_msg_len, + TEST_ASSERT(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, options->expected_cli_fragments, - &(server.ssl), - options->srv_msg_len, + &(server.ssl), options->srv_msg_len, options->expected_srv_fragments) == 0); } @@ -2126,7 +2133,7 @@ exit: #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) -int tweak_tls13_certificate_msg_vector_len( +int mbedtls_test_tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 68c587842..e9efebf32 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -209,17 +209,17 @@ void ssl_mock_sanity() unsigned char received[MSGLEN] = { 0 }; mbedtls_test_mock_socket socket; - mbedtls_mock_socket_init(&socket); + mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); - mbedtls_mock_socket_init(&socket); + mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); - mbedtls_mock_socket_init(&socket); + mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); - mbedtls_mock_socket_init(&socket); + mbedtls_test_mock_socket_init(&socket); TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); mbedtls_test_mock_socket_close(&socket); @@ -257,8 +257,8 @@ void ssl_mock_tcp(int blocking) recv = mbedtls_test_mock_tcp_recv_b; } - mbedtls_mock_socket_init(&client); - mbedtls_mock_socket_init(&server); + mbedtls_test_mock_socket_init(&client); + mbedtls_test_mock_socket_init(&server); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ @@ -355,8 +355,8 @@ void ssl_mock_tcp_interleaving(int blocking) recv = mbedtls_test_mock_tcp_recv_b; } - mbedtls_mock_socket_init(&client); - mbedtls_mock_socket_init(&server); + mbedtls_test_mock_socket_init(&client); + mbedtls_test_mock_socket_init(&server); /* Fill up the buffers with structured data so that unwanted changes * can be detected */ @@ -3153,10 +3153,11 @@ void force_bad_session_id_len() server.ssl.session_negotiate->id_len = 33; if (options.cli_msg_len != 0 || options.srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options.cli_msg_len, - options.expected_cli_fragments, - &(server.ssl), options.srv_msg_len, - options.expected_srv_fragments) + TEST_ASSERT(mbedtls_test_ssl_exchange_data( + &(client.ssl), options.cli_msg_len, + options.expected_cli_fragments, + &(server.ssl), options.srv_msg_len, + options.expected_srv_fragments) == 0); } @@ -3431,7 +3432,7 @@ void tls13_server_certificate_msg_invalid_vector_len() * Tweak server Certificate message and parse it. */ - ret = tweak_tls13_certificate_msg_vector_len( + ret = mbedtls_test_tweak_tls13_certificate_msg_vector_len( buf, &end, step, &expected_result, &expected_chk_buf_ptr_args); if (ret != 0) {