eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #3069 from AndrzejKurek/handshake-tests-refactor

Browse source 
Handshake tests refactor
This commit is contained in:
Jaeden Amero 2020-02-27 15:26:48 +04:00 committed by GitHub
commit 5f80040729
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 431 additions and 405 deletions
Download patch file Download diff file Expand all files Collapse all files

122
tests/suites/test_suite_ssl.data
View file

@ -199,166 +199,168 @@ move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_RE
Negative test moving servers ssl to state: NEW_SESSION_TICKET Negative test moving servers ssl to state: NEW_SESSION_TICKET
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, SSL3 Handshake, SSL3
depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_PK_RSA:"":0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0
# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, tls1 Handshake, tls1
depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
handshake:"":MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_PK_RSA:"":0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0
Handshake, tls1_1 Handshake, tls1_1
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0
Handshake, tls1_2 Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_PROTO_TLS1_2
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
Handshake, RSA-WITH-AES-128-CCM Handshake, RSA-WITH-AES-128-CCM
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0 handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0 handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":0:0 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_1 DTLS Handshake, tls1_1
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":1:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1
DTLS Handshake, tls1_2 DTLS Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, RSA-WITH-AES-128-CCM DTLS Handshake, RSA-WITH-AES-128-CCM
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0 handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0 handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":1:0 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2 DTLS Handshake with serialization, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:1 handshake_serialization
Sending app data via TLS, MFL=512 without fragmentation Sending app data via TLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via TLS, MFL=512 with fragmentation Sending app data via TLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
Sending app data via TLS, MFL=1024 without fragmentation Sending app data via TLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via TLS, MFL=1024 with fragmentation Sending app data via TLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
Sending app data via TLS, MFL=2048 without fragmentation Sending app data via TLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via TLS, MFL=2048 with fragmentation Sending app data via TLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
Sending app data via TLS, MFL=4096 without fragmentation Sending app data via TLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via TLS, MFL=4096 with fragmentation Sending app data via TLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
Sending app data via TLS without MFL and without fragmentation Sending app data via TLS without MFL and without fragmentation
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
Sending app data via TLS without MFL and with fragmentation Sending app data via TLS without MFL and with fragmentation
send_application_data:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
Sending app data via DTLS, MFL=512 without fragmentation Sending app data via DTLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via DTLS, MFL=512 with fragmentation Sending app data via DTLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0
Sending app data via DTLS, MFL=1024 without fragmentation Sending app data via DTLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via DTLS, MFL=1024 with fragmentation Sending app data via DTLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0
Sending app data via DTLS, MFL=2048 without fragmentation Sending app data via DTLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via DTLS, MFL=2048 with fragmentation Sending app data via DTLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0
Sending app data via DTLS, MFL=4096 without fragmentation Sending app data via DTLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via DTLS, MFL=4096 with fragmentation Sending app data via DTLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0
Sending app data via DTLS, without MFL and without fragmentation Sending app data via DTLS, without MFL and without fragmentation
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
Sending app data via DTLS, without MFL and with fragmentation Sending app data via DTLS, without MFL and with fragmentation
send_application_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0
DTLS renegotiation: no legacy renegotiation DTLS renegotiation: no legacy renegotiation
dtls_renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS renegotiation: legacy renegotiation DTLS renegotiation: legacy renegotiation
dtls_renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS renegotiation: legacy break handshake DTLS renegotiation: legacy break handshake
dtls_renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
SSL DTLS replay: initial state, seqnum 0 SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0 ssl_dtls_replay:"":"000000000000":0

714
tests/suites/test_suite_ssl.function
View file

@ -6,6 +6,39 @@
#include <mbedtls/certs.h> #include <mbedtls/certs.h>
#include <mbedtls/timing.h> #include <mbedtls/timing.h>
typedef struct handshake_test_options
{
const char *cipher;
int version;
int pk_alg;
data_t *psk_str;
int dtls;
int serialize;
int mfl;
int cli_msg_len;
int srv_msg_len;
int expected_cli_fragments;
int expected_srv_fragments;
int renegotiate;
int legacy_renegotiation;
} handshake_test_options;
void init_handshake_options( handshake_test_options *opts )
{
opts->cipher = "";
opts->version = MBEDTLS_SSL_MINOR_VERSION_3;
opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL;
opts->dtls = 0;
opts->serialize = 0;
opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
opts->cli_msg_len = 100;
opts->srv_msg_len = 100;
opts->expected_cli_fragments = 1;
opts->expected_srv_fragments = 1;
opts->renegotiate = 0;
opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
}
/* /*
* Buffer structure for custom I/O callbacks. * Buffer structure for custom I/O callbacks.
*/ */
@ -1556,6 +1589,241 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
ssl_2, 256, 1 ); ssl_2, 256, 1 );
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void perform_handshake( handshake_test_options* options )
{
/* forced_ciphersuite needs to last until the end of the handshake */
int forced_ciphersuite[2];
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const char *psk_identity = "foo";
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
unsigned char *context_buf = NULL;
size_t context_buf_len;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int ret = -1;
#endif
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
/* Client side */
if( options->dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, &client_context,
&client_queue,
&server_queue ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, NULL, NULL,
NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
if( strlen( options->cipher ) > 0 )
{
set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
}
/* Server side */
if( options->dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, &server_context,
&server_queue,
&client_queue) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
(unsigned char) options->mfl ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
(unsigned char) options->mfl ) == 0 );
#else
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( options->psk_str != NULL && options->psk_str->len > 0 )
{
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
options->psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
options->psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
mbedtls_ssl_conf_renegotiation( &(server.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_renegotiation( &(client.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
options->legacy_renegotiation );
mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
options->legacy_renegotiation );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ) == 0 );
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
== 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
/* Start data exchanging test */
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
options->expected_cli_fragments,
&(server.ssl), options->srv_msg_len,
options->expected_srv_fragments )
== 0 );
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( options->serialize == 1 )
{
TEST_ASSERT( options->dtls == 1 );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
0, &context_buf_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
context_buf = mbedtls_calloc( 1, context_buf_len );
TEST_ASSERT( context_buf != NULL );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
context_buf_len,
&context_buf_len ) == 0 );
mbedtls_ssl_free( &(server.ssl) );
mbedtls_ssl_init( &(server.ssl) );
TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
mbedtls_mock_tcp_send_msg,
mbedtls_mock_tcp_recv_msg,
NULL );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
/* Retest writing/reading */
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
options->cli_msg_len,
options->expected_cli_fragments,
&(server.ssl),
options->srv_msg_len,
options->expected_srv_fragments )
== 0 );
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
/* Start test with renegotiation */
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
/* After calling this function for the server, it only sends a handshake
* request. All renegotiation should happen during data exchanging */
TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_PENDING );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
* perform simultaneous communication betwen client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
exit:
mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( context_buf != NULL )
mbedtls_free( context_buf );
#endif
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
@ -3300,373 +3568,129 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void handshake( const char *cipher, int version, int pk_alg, void handshake_version( int version, int dtls )
data_t *psk_str, int dtls, int serialize )
{ {
/* forced_ciphersuite needs to last until the end of the handshake */ handshake_test_options options;
int forced_ciphersuite[2]; init_handshake_options( &options );
enum { BUFFSIZE = 16384 };
mbedtls_endpoint client, server;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const char *psk_identity = "foo";
#else
(void) psk_str;
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
enum { MSGLEN = 5 };
unsigned char *context_buf = NULL;
size_t context_buf_len;
unsigned char cli_buf[MSGLEN];
unsigned char srv_buf[MSGLEN];
#else
(void) serialize;
#endif
mbedtls_test_message_queue server_queue, client_queue; options.version = version;
mbedtls_test_message_socket_context server_context, client_context; options.dtls = dtls;
/* Note - the case below will have to updated, since the test sends no data
/* Client side */ * due to a 1n-1 split against BEAST, that was not expected when preparing
if( dtls != 0 ) * the fragment counting code. */
if( version == MBEDTLS_SSL_MINOR_VERSION_0 ||
version == MBEDTLS_SSL_MINOR_VERSION_1 )
{ {
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, options.cli_msg_len = 0;
pk_alg, &client_context, options.srv_msg_len = 0;
&client_queue,
&server_queue ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
} }
else perform_handshake( &options );
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
if( strlen( cipher ) > 0 ) /* The goto below is used to avoid an "unused label" warning.*/
{ goto exit;
set_ciphersuite( &client.conf, cipher, forced_ciphersuite );
}
/* Server side */
if( dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
pk_alg, &server_context,
&server_queue,
&client_queue) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( psk_str->len > 0 )
{
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x,
psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x,
psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
}
#endif
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ) == 0 );
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
== 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( dtls == 0 || serialize == 0 )
{
/* Serialization works with DTLS only.
* Skip if these options are misused. */
goto exit;
}
memset( cli_buf, 'X', MSGLEN );
memset( srv_buf, 'Y', MSGLEN );
/* Make sure that writing/reading works */
TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN );
TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN );
TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
0, &context_buf_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
context_buf = mbedtls_calloc( 1, context_buf_len );
TEST_ASSERT( context_buf != NULL );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
context_buf_len,
&context_buf_len ) == 0 );
mbedtls_ssl_free( &(server.ssl) );
mbedtls_ssl_init( &(server.ssl) );
TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
mbedtls_mock_tcp_send_msg,
mbedtls_mock_tcp_recv_msg,
NULL );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
/* Retest writing/reading */
memset( cli_buf, 'X', MSGLEN );
memset( srv_buf, 'Y', MSGLEN );
TEST_ASSERT( mbedtls_ssl_write( &(client.ssl), cli_buf, MSGLEN ) == MSGLEN );
TEST_ASSERT( mbedtls_ssl_read( &(server.ssl), srv_buf, MSGLEN ) == MSGLEN );
TEST_ASSERT( memcmp( cli_buf, srv_buf, MSGLEN ) == 0 );
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
exit:
mbedtls_endpoint_free( &client, dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, dtls != 0 ? &server_context : NULL );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( dtls != 0 && serialize != 0 )
{
mbedtls_free( context_buf );
}
#endif
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
void send_application_data( int mfl, int cli_msg_len, int srv_msg_len, void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
const int expected_cli_fragments,
const int expected_srv_fragments )
{ {
enum { BUFFSIZE = 2048 }; handshake_test_options options;
mbedtls_endpoint server, client; init_handshake_options( &options );
int ret = -1;
ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA, options.cipher = cipher;
NULL, NULL, NULL ); options.dtls = dtls;
TEST_ASSERT( ret == 0 ); options.psk_str = psk_str;
options.pk_alg = pk_alg;
ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA, perform_handshake( &options );
NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /* The goto below is used to avoid an "unused label" warning.*/
ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl ); goto exit;
TEST_ASSERT( ret == 0 );
ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
TEST_ASSERT( ret == 0 );
#else
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
BUFFSIZE );
TEST_ASSERT( ret == 0 );
ret = mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
/* Start data exchanging test */
ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments,
&(server.ssl), srv_msg_len, expected_srv_fragments );
TEST_ASSERT( ret == 0 );
exit:
mbedtls_endpoint_free( &client, NULL );
mbedtls_endpoint_free( &server, NULL );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
void send_application_data_dtls( int mfl, int cli_msg_len, int srv_msg_len, void handshake_cipher( char* cipher, int pk_alg, int dtls )
const int expected_cli_fragments,
const int expected_srv_fragments )
{ {
enum { BUFFSIZE = 17000 }; test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
mbedtls_endpoint server, client;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
int ret = -1;
/* Initializing endpoints and communication */ /* The goto below is used to avoid an "unused label" warning.*/
ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA, goto exit;
&server_context, &server_queue, &client_queue );
TEST_ASSERT( ret == 0 );
ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA,
&client_context, &client_queue, &server_queue );
TEST_ASSERT( ret == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif /* MBEDTLS_TIMING_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
ret = mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) mfl );
TEST_ASSERT( ret == 0 );
ret = mbedtls_ssl_conf_max_frag_len( &(client.conf), (unsigned char) mfl );
TEST_ASSERT( ret == 0 );
#else
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket),
BUFFSIZE );
TEST_ASSERT( ret == 0 );
ret = mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
/* Start data exchanging test */
ret = mbedtls_exchange_data( &(client.ssl), cli_msg_len, expected_cli_fragments,
&(server.ssl), srv_msg_len, expected_srv_fragments );
TEST_ASSERT( ret == 0 );
exit:
mbedtls_endpoint_free( &client, &client_context );
mbedtls_endpoint_free( &server, &server_context );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_RENEGOTIATION */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void dtls_renegotiation( int legacy_option ) void app_data( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls )
{ {
enum { BUFFSIZE = 17000 }; handshake_test_options options;
#if defined(MBEDTLS_TIMING_C) init_handshake_options( &options );
mbedtls_timing_delay_context timer_client, timer_server;
#endif
mbedtls_endpoint server, client;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
int ret = -1;
/* Initializing endpoints for DTLS */ options.mfl = mfl;
ret = mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, MBEDTLS_PK_RSA, options.cli_msg_len = cli_msg_len;
&server_context, &server_queue, &client_queue ); options.srv_msg_len = srv_msg_len;
TEST_ASSERT( ret == 0 ); options.expected_cli_fragments = expected_cli_fragments;
options.expected_srv_fragments = expected_srv_fragments;
options.dtls = dtls;
ret = mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_PK_RSA, perform_handshake( &options );
&client_context, &client_queue, &server_queue ); /* The goto below is used to avoid an "unused label" warning.*/
TEST_ASSERT( ret == 0 ); goto exit;
}
#if defined(MBEDTLS_TIMING_C) /* END_CASE */
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay, /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
mbedtls_timing_get_delay ); void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server, int expected_srv_fragments )
mbedtls_timing_set_delay, {
mbedtls_timing_get_delay ); test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
#endif /* MBEDTLS_TIMING_C */ expected_srv_fragments, 0 );
/* The goto below is used to avoid an "unused label" warning.*/
/* Setup renegotiation and perform connection */ goto exit;
mbedtls_ssl_conf_renegotiation( &(server.conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED ); }
mbedtls_ssl_conf_renegotiation( &(client.conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED ); /* END_CASE */
mbedtls_ssl_conf_legacy_renegotiation( &(server.conf), legacy_option ); /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
mbedtls_ssl_conf_legacy_renegotiation( &(client.conf), legacy_option ); void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
ret = mbedtls_mock_socket_connect( &(server.socket), &(client.socket), int expected_srv_fragments )
BUFFSIZE ); {
TEST_ASSERT( ret == 0 ); test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
expected_srv_fragments, 1 );
ret = mbedtls_move_handshake_to_state( &(client.ssl), /* The goto below is used to avoid an "unused label" warning.*/
&(server.ssl), goto exit;
MBEDTLS_SSL_HANDSHAKE_OVER ); }
TEST_ASSERT( ret == 0 ); /* END_CASE */
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION */
void handshake_serialization( )
/* Start test with renegotiation */ {
TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ); handshake_test_options options;
TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ); init_handshake_options( &options );
ret = mbedtls_ssl_renegotiate( &(server.ssl) ); options.serialize = 1;
TEST_ASSERT( ret == 0 ); options.dtls = 1;
TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ); perform_handshake( &options );
TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ); /* The goto below is used to avoid an "unused label" warning.*/
goto exit;
/* After calling the above function for the server, it only sends a handshake }
* request. All renegotiation should happen during data exchanging */ /* END_CASE */
TEST_ASSERT( 0 == exchange_data( &(client.ssl), &(server.ssl) ) );
TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE ); /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */
TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE ); void renegotiation( int legacy_renegotiation )
{
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation handshake_test_options options;
* should happen inside this function. However in this test, we cannot init_handshake_options( &options );
* perform simultaneous communication between client and server so this
* function will return waiting error on the socket. The rest of options.renegotiate = 1;
* renegotiation should happen during data exchanging */ options.legacy_renegotiation = legacy_renegotiation;
ret = mbedtls_ssl_renegotiate( &(client.ssl) ); options.dtls = 1;
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ || perform_handshake( &options );
ret == MBEDTLS_ERR_SSL_WANT_WRITE ); /* The goto below is used to avoid an "unused label" warning.*/
TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE ); goto exit;
TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
ret = exchange_data( &(client.ssl), &(server.ssl) );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( server.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE );
exit:
mbedtls_endpoint_free( &client, &client_context );
mbedtls_endpoint_free( &server, &server_context );
} }
/* END_CASE */ /* END_CASE */