mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tests: early data status: Add HRR scenario

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-01-24 13:38:31 +01:00
parent d6dba675b8
commit 2261ab298f
2 changed files with 63 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tests/suites/test_suite_ssl.data
View File

@ -3281,7 +3281,7 @@ TLS 1.3 early data, server rejects early data
tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS
TLS 1.3 early data, discard after HRR TLS 1.3 early data, discard after HRR
tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR tls13_early_data:TEST_EARLY_DATA_HRR
TLS 1.3 cli, early data status, early data accepted TLS 1.3 cli, early data status, early data accepted
tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED
@ -3291,3 +3291,6 @@ tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT
TLS 1.3 cli, early data status, server rejects early data TLS 1.3 cli, early data status, server rejects early data
tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS
TLS 1.3 cli, early data status, hello retry request
tls13_cli_early_data_status:TEST_EARLY_DATA_HRR

68
tests/suites/test_suite_ssl.function
View File

@ -16,7 +16,7 @@
#define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_ACCEPTED 0
#define TEST_EARLY_DATA_NO_INDICATION_SENT 1 #define TEST_EARLY_DATA_NO_INDICATION_SENT 1
#define TEST_EARLY_DATA_SERVER_REJECTS 2 #define TEST_EARLY_DATA_SERVER_REJECTS 2
#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 #define TEST_EARLY_DATA_HRR 3
#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
@ -3706,7 +3706,7 @@ void tls13_early_data(int scenario)
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break; break;
case TEST_EARLY_DATA_DISCARD_AFTER_HRR: case TEST_EARLY_DATA_HRR:
mbedtls_debug_set_threshold(3); mbedtls_debug_set_threshold(3);
server_pattern.pattern = server_pattern.pattern =
"EarlyData: Ignore application message before 2nd ClientHello"; "EarlyData: Ignore application message before 2nd ClientHello";
@ -3767,7 +3767,7 @@ void tls13_early_data(int scenario)
break; break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_DISCARD_AFTER_HRR: case TEST_EARLY_DATA_HRR:
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0);
TEST_EQUAL(server_pattern.counter, 1); TEST_EQUAL(server_pattern.counter, 1);
@ -3797,6 +3797,11 @@ void tls13_cli_early_data_status(int scenario)
mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options; mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session; mbedtls_ssl_session saved_session;
uint16_t group_list[3] = {
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
@ -3813,6 +3818,10 @@ void tls13_cli_early_data_status(int scenario)
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
if (scenario == TEST_EARLY_DATA_HRR) {
client_options.group_list = group_list;
server_options.group_list = group_list;
}
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
&saved_session); &saved_session);
@ -3833,6 +3842,10 @@ void tls13_cli_early_data_status(int scenario)
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break; break;
case TEST_EARLY_DATA_HRR:
server_options.group_list = group_list + 1;
break;
default: default:
TEST_FAIL("Unknown scenario."); TEST_FAIL("Unknown scenario.");
} }
@ -3888,6 +3901,16 @@ void tls13_cli_early_data_status(int scenario)
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
break; break;
case TEST_EARLY_DATA_HRR:
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
} else {
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
}
break;
} }
break; break;
@ -3903,6 +3926,16 @@ void tls13_cli_early_data_status(int scenario)
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_HRR:
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
} else {
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
}
break;
} }
break; break;
@ -3918,6 +3951,11 @@ void tls13_cli_early_data_status(int scenario)
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;
} }
break; break;
@ -3933,7 +3971,8 @@ void tls13_cli_early_data_status(int scenario)
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break; break;
@ -3958,7 +3997,8 @@ void tls13_cli_early_data_status(int scenario)
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break; break;
@ -3977,7 +4017,8 @@ void tls13_cli_early_data_status(int scenario)
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break; break;
@ -3989,13 +4030,20 @@ void tls13_cli_early_data_status(int scenario)
TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT);
switch (scenario) { switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_SENT);
break; break;
} }
break; break;
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR);
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break;
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED); TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
switch (scenario) { switch (scenario) {
@ -4004,7 +4052,8 @@ void tls13_cli_early_data_status(int scenario)
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break; break;
@ -4026,7 +4075,8 @@ void tls13_cli_early_data_status(int scenario)
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
break; break;
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.early_data_status, TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
break; break;