From 297c6089159e0a8c0195ca18777ce904b83fedcd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Jan 2024 08:15:33 +0100 Subject: [PATCH 01/10] tls13: cli: Fix setting of early data transform Fix setting of early data transform when we do not send dummy CCS for middlebox compatibility. Signed-off-by: Ronald Cron --- library/ssl_tls13_client.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a3d33a34f8..76f0f18962 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1236,10 +1236,6 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) const mbedtls_ssl_ciphersuite_t *ciphersuite_info; if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); -#endif MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1294,6 +1290,15 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) return ret; } +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); +#else + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to early data keys for outbound traffic")); + mbedtls_ssl_set_outbound_transform( + ssl, ssl->handshake->transform_earlydata); +#endif } #endif /* MBEDTLS_SSL_EARLY_DATA */ return 0; @@ -3067,19 +3072,19 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) } break; +#if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); if (ret == 0) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); -#if defined(MBEDTLS_SSL_EARLY_DATA) MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early data keys for outbound traffic")); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_earlydata); -#endif } break; +#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) From 77abfe67db1ff1bdae3ff1c93e7878e8ee0826f8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Jan 2024 11:17:31 +0100 Subject: [PATCH 02/10] ssl_helpers.c: Add ticket write/parse test functions Add ticket write/parse test functions as defined by mbedtls_ssl_ticket_write/parse_t. They are intended to be used in negative testing involving tickets. Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 10 ++++++++++ tests/src/test_helpers/ssl_helpers.c | 30 ++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index d03c62414b..1f41966d66 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -589,6 +589,16 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_test_ticket_write( + void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *ticket_lifetime); + +int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len); +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 2368a7654f..b13d7e38b9 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2419,4 +2419,34 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( return 0; } #endif /* MBEDTLS_TEST_HOOKS */ + +/* Functions for session ticket tests */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_test_ticket_write( + void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *lifetime) +{ + int ret; + ((void) p_ticket); + + if ((ret = mbedtls_ssl_session_save(session, start, end - start, + tlen)) != 0) { + return ret; + } + + /* Maximum ticket lifetime as defined in RFC 8446 */ + *lifetime = 7 * 24 * 3600; + + return 0; +} + +int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len) +{ + ((void) p_ticket); + + return mbedtls_ssl_session_load(session, buf, len); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_TLS_C */ From d903a86e52f21a65b45fa27699aabfe2d9a8cd81 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Jan 2024 15:57:17 +0100 Subject: [PATCH 03/10] tests: tls13: Add session resume with ticket unit test This aims to provide a basis for negative testing around TLS 1.3 ticket, replacing eventually the negative tests done in ssl-opt.sh using the dummy_ticket option. Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 + tests/suites/test_suite_ssl.function | 93 ++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index de998e3fff..37895f0b71 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3270,3 +3270,6 @@ ssl_ecjpake_set_password:1 Test Elliptic curves' info parsing elliptic_curve_get_properties + +TLS 1.3 resume session with ticket +tls13_resume_session_with_ticket diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8a03d1b970..9ca2058b48 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3519,3 +3519,96 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_resume_session_with_ticket() +{ + int ret = -1; + unsigned char buf[64]; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + + /* + * Test set-up + */ + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + MD_OR_USE_PSA_INIT(); + + client_options.pk_alg = MBEDTLS_PK_ECDSA; + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL, + NULL); + TEST_EQUAL(ret, 0); + + server_options.pk_alg = MBEDTLS_PK_ECDSA; + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL, + NULL); + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + /* + * Run initial handshake: ephemeral key exchange mode, certificate with + * RSA key, signed with PKCS15, verified with PKCS21. Then, get the ticket + * sent by the server at the end of its handshake sequence. + */ + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER) == 0); + + do { + ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); + } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); + + /* + * Save client session and reset the SSL context of the two endpoints. + */ + ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); + TEST_EQUAL(ret, 0); + + /* + * Set saved session on client side and handshake using the ticket + * included in that session. + */ + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_WRAPUP) == 0); + + TEST_EQUAL(server_ep.ssl.handshake->resume, 1); + TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1); + TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ From ec3408d70769163b890ac7bc0c628dde8cc9ae7a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Jan 2024 17:50:40 +0100 Subject: [PATCH 04/10] tests: ssl: Move setting of debug callback Move the setting of the debug callback to the endpoint initialization function. That way, no need to repeat it in various testing scenarios. Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 39 ++++++++++++++++------------ 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index b13d7e38b9..51957463c5 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -841,6 +841,23 @@ int mbedtls_test_ssl_endpoint_init( } #endif +#if defined(MBEDTLS_DEBUG_C) +#if defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && + options->srv_log_fun != NULL) { + mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, + options->srv_log_obj); + } +#endif +#if defined(MBEDTLS_SSL_CLI_C) + if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && + options->cli_log_fun != NULL) { + mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, + options->cli_log_obj); + } +#endif +#endif /* MBEDTLS_DEBUG_C */ + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, options->opaque_alg, options->opaque_alg2, @@ -1977,6 +1994,12 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + } +#endif + /* Client side */ if (options->dtls != 0) { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, @@ -2000,14 +2023,6 @@ void mbedtls_test_ssl_perform_handshake( set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); } -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, - options->cli_log_obj); - } -#endif - /* Server side */ if (options->dtls != 0) { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, @@ -2072,14 +2087,6 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_DEBUG_C) - if (options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, - options->srv_log_obj); - } -#endif - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), BUFFSIZE) == 0); From a8dd81b4dee78a4063f33e76702362740298813c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Jan 2024 17:50:52 +0100 Subject: [PATCH 05/10] tests: tls13: Add early data unit test This aims to provide a basis for negative testing around TLS 1.3 early data. Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 + tests/suites/test_suite_ssl.function | 157 +++++++++++++++++++++++++++ 2 files changed, 160 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 37895f0b71..c06c0a746a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3273,3 +3273,6 @@ elliptic_curve_get_properties TLS 1.3 resume session with ticket tls13_resume_session_with_ticket + +TLS 1.3 early data +tls13_early_data diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9ca2058b48..a8982495d6 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -12,6 +12,48 @@ #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \ + defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA256) && \ + defined(MBEDTLS_ECP_HAVE_SECP256R1) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \ + defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS) +/* + * The implementation of the function should be based on + * mbedtls_ssl_write_early_data() eventually. The current version aims at + * removing the dependency on mbedtls_ssl_write_early_data() for the + * development and testing of reading early data. + */ +static int write_early_data(mbedtls_ssl_context *ssl, + unsigned char *buf, size_t len) +{ + int ret = mbedtls_ssl_get_max_out_record_payload(ssl); + + TEST_ASSERT(ret > 0); + TEST_ASSERT(len <= (size_t) ret); + + ret = mbedtls_ssl_flush_output(ssl); + TEST_EQUAL(ret, 0); + TEST_EQUAL(ssl->out_left, 0); + + ssl->out_msglen = len; + ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; + if (len > 0) { + memcpy(ssl->out_msg, buf, len); + } + + ret = mbedtls_ssl_write_record(ssl, 1); + TEST_EQUAL(ret, 0); + + ret = len; + +exit: + return ret; +} +#endif + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -3612,3 +3654,118 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_early_data() +{ + int ret = -1; + unsigned char buf[64]; + const char *early_data = "This is early data."; + size_t early_data_len = strlen(early_data); + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; + + /* + * Test set-up + */ + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + MD_OR_USE_PSA_INIT(); + + client_options.pk_alg = MBEDTLS_PK_ECDSA; + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL, + NULL); + TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); + + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + server_options.srv_log_obj = &server_pattern; + server_pattern.pattern = early_data; + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL, + NULL); + TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + /* + * Run initial handshake: ephemeral key exchange mode, certificate with + * RSA key, signed with PKCS15, verified with PKCS21. Then, get the ticket + * sent by the server at the end of its handshake sequence. + */ + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER) == 0); + + do { + ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); + } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); + + /* + * Save client session and reset the SSL context of the two endpoints. + */ + ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); + TEST_EQUAL(ret, 0); + + /* + * Set saved session on client side and start handshake using the ticket + * included in that session. + */ + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + mbedtls_debug_set_threshold(3); + + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO) == 0); + + TEST_ASSERT(client_ep.ssl.early_data_status != + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + TEST_EQUAL(server_pattern.counter, 0); + + ret = write_early_data(&(client_ep.ssl), (unsigned char *) early_data, + early_data_len); + TEST_EQUAL(ret, early_data_len); + + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_CLIENT_FINISHED) == 0); + + TEST_EQUAL(server_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + TEST_EQUAL(server_pattern.counter, 1); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + mbedtls_debug_set_threshold(0); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ From f8fdbb517457c5a90d9011a68467da7e8bdf7a22 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 22 Jan 2024 09:13:41 +0100 Subject: [PATCH 06/10] tests: tls13: Run early data test only in TLS 1.3 only config Temporary workaround to not run the early data test in Windows-2013 where there is an issue with mbedtls_vsnprintf(). Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a8982495d6..234181d765 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -12,7 +12,8 @@ #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ +#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ + defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \ defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ @@ -3655,7 +3656,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_early_data() { int ret = -1; From faf026c67cf8054b8be8a42091f700a1b1417744 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 31 Jan 2024 14:32:06 +0100 Subject: [PATCH 07/10] Explain purpose of test specific write/parse ticket functions Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 51957463c5..980c192188 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2427,7 +2427,13 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( } #endif /* MBEDTLS_TEST_HOOKS */ -/* Functions for session ticket tests */ +/* + * Functions for tests based on tickets. Implementations of the + * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. + * Basically same implementations as in ticket.c without the encryption. That + * way we can tweak easily tickets characteristics to simulate misbehaving + * peers. + */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) int mbedtls_test_ticket_write( void *p_ticket, const mbedtls_ssl_session *session, From 095a3a5a299d5e7a2adab71bc2aa25d5f44606a0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 31 Jan 2024 14:34:22 +0100 Subject: [PATCH 08/10] Fix PSA init and done macros in TLS unit tests Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 234181d765..65fed181b3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3582,7 +3582,7 @@ void tls13_resume_session_with_ticket() mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); - MD_OR_USE_PSA_INIT(); + PSA_INIT(); client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, @@ -3652,7 +3652,7 @@ exit: mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -3678,7 +3678,7 @@ void tls13_early_data() mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); - MD_OR_USE_PSA_INIT(); + PSA_INIT(); client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, @@ -3767,6 +3767,6 @@ exit: mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); mbedtls_debug_set_threshold(0); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ From 5de9c6f295fcc4328c6c94af0aa217a1a43ae2d7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 31 Jan 2024 14:45:16 +0100 Subject: [PATCH 09/10] Fix and add comments in ticket and early data test function Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 65fed181b3..9b282dc538 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3606,8 +3606,9 @@ void tls13_resume_session_with_ticket() /* * Run initial handshake: ephemeral key exchange mode, certificate with - * RSA key, signed with PKCS15, verified with PKCS21. Then, get the ticket - * sent by the server at the end of its handshake sequence. + * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature + * algorithm. Then, get the ticket sent by the server at the end of its + * handshake sequence. */ TEST_ASSERT(mbedtls_test_move_handshake_to_state( &(server_ep.ssl), &(client_ep.ssl), @@ -3637,6 +3638,11 @@ void tls13_resume_session_with_ticket() ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); TEST_EQUAL(ret, 0); + /* + * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not + * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks + * below. + */ TEST_ASSERT(mbedtls_test_move_handshake_to_state( &(server_ep.ssl), &(client_ep.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP) == 0); @@ -3656,6 +3662,11 @@ exit: } /* END_CASE */ +/* + * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is + * a temporary workaround to not run the test in Windows-2013 where there is + * an issue with mbedtls_vsnprintf(). + */ /* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_early_data() { @@ -3707,8 +3718,9 @@ void tls13_early_data() /* * Run initial handshake: ephemeral key exchange mode, certificate with - * RSA key, signed with PKCS15, verified with PKCS21. Then, get the ticket - * sent by the server at the end of its handshake sequence. + * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature + * algorithm. Then, get the ticket sent by the server at the end of its + * handshake sequence. */ TEST_ASSERT(mbedtls_test_move_handshake_to_state( &(server_ep.ssl), &(client_ep.ssl), From eb84534ee3e77dede536f13744d19a4b392831db Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 31 Jan 2024 14:48:23 +0100 Subject: [PATCH 10/10] Use TEST_EQUAL instead of TEST_ASSERT where possible Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 30 ++++++++++++++-------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9b282dc538..d26407e2de 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3610,9 +3610,9 @@ void tls13_resume_session_with_ticket() * algorithm. Then, get the ticket sent by the server at the end of its * handshake sequence. */ - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); do { ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); @@ -3643,9 +3643,9 @@ void tls13_resume_session_with_ticket() * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks * below. */ - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0); TEST_EQUAL(server_ep.ssl.handshake->resume, 1); TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1); @@ -3722,9 +3722,9 @@ void tls13_early_data() * algorithm. Then, get the ticket sent by the server at the end of its * handshake sequence. */ - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); do { ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); @@ -3752,9 +3752,9 @@ void tls13_early_data() mbedtls_debug_set_threshold(3); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO), 0); TEST_ASSERT(client_ep.ssl.early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); @@ -3764,9 +3764,9 @@ void tls13_early_data() early_data_len); TEST_EQUAL(ret, early_data_len); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_CLIENT_FINISHED) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_CLIENT_FINISHED), 0); TEST_EQUAL(server_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED);