tests: ssl: Improve tls13_srv_max_early_data_size()

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

tests/suites/test_suite_ssl.data

@@ -3310,38 +3310,38 @@ tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS
 TLS 1.3 write early data, hello retry request
 tls13_write_early_data:TEST_EARLY_DATA_HRR
 
-TLS 1.3 srv, max early data size, default
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:0
+TLS 1.3 srv, max early data size, dflt, wsz=96
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:96
 
-TLS 1.3 srv, max early data size, default, reach max
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:1
+TLS 1.3 srv, max early data size, dflt, wsz=128
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:128
 
-TLS 1.3 srv, max early data size, max=3 (small but !0)
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:0
+TLS 1.3 srv, max early data size, 3, wsz=2
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:2
 
-TLS 1.3 srv, max early data size, max=3 (small but !0), reach max
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:1
+TLS 1.3 srv, max early data size, 3, wsz=3
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:3
 
-TLS 1.3 srv, max early data size, max=97
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:97:0
+TLS 1.3 srv, max early data size, 98, wsz=23
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:23
 
-TLS 1.3 srv, max early data size, max=97, reach max
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:97:1
+TLS 1.3 srv, max early data size, 98, wsz=49
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:49
 
-TLS 1.3 srv, max early data size, server rejects, default
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1:0
+TLS 1.3 srv, max early data size, server rejects, dflt, wsz=128
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1:128
 
-TLS 1.3 srv, max early data size, server rejects, max=3 (very small)
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3:0
+TLS 1.3 srv, max early data size, server rejects, 3, wsz=3
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3:3
 
-TLS 1.3 srv, max early data size, server rejects, max=97
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:97:0
+TLS 1.3 srv, max early data size, server rejects, 98, wsz=49
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:98:49
 
-TLS 1.3 srv, max early data size, HRR, default
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1:0
+TLS 1.3 srv, max early data size, HRR, dflt, wsz=128
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1:128
 
-TLS 1.3 srv, max early data size, HRR, max=3 (very small)
-tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:0
+TLS 1.3 srv, max early data size, HRR, 3, wsz=3
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3
 
-TLS 1.3 srv, max early data size, HRR, max=97
+TLS 1.3 srv, max early data size, HRR, 98, wsz=49
 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0

tests/suites/test_suite_ssl.function

@@ -4455,7 +4455,7 @@ exit:
  * an issue with mbedtls_vsnprintf().
  */
 /* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
-void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int reach_max)
+void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int write_size_arg)
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
@@ -4469,11 +4469,12 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in
         MBEDTLS_SSL_IANA_TLS_GROUP_NONE
     };
     char pattern[128];
-    unsigned char buf_write[64];
-    size_t early_data_len;
+    unsigned char *buf_write = NULL;
+    uint32_t write_size = (uint32_t) write_size_arg;
+    unsigned char *buf_read = NULL;
+    uint32_t read_size;
     uint32_t expended_early_data_len = 0;
     uint32_t written_early_data_size = 0;
-    int write_early_data_flag = 1;
     uint32_t max_early_data_size;
 
     mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
@@ -4481,16 +4482,16 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
-
-    PSA_INIT();
+    TEST_CALLOC(buf_write, write_size);
 
     /*
-     * Reach maximum early data size exactly option only available in case of
-     * TEST_EARLY_DATA_ACCEPTED scenario.
+     * Allocate a smaller buffer for early data reading to exercise the reading
+     * of data in one record in multiple calls.
      */
-    if (reach_max) {
-        TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED);
-    }
+    read_size = (write_size / 2) + 1;
+    TEST_CALLOC(buf_read, read_size);
+
+    PSA_INIT();
 
     /*
      * Run first handshake to get a ticket from the server.
@@ -4579,49 +4580,45 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in
     ret = mbedtls_ssl_handshake(&(server_ep.ssl));
     TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
 
-    while (write_early_data_flag) {
-        unsigned char buf_read[23];
+    /*
+     * Write and if possible read as much as possible chunks of write_size
+     * bytes data without getting over the max_early_data_size limit.
+     */
+    do {
         uint32_t read_early_data_size = 0;
-        uint32_t remaining = max_early_data_size -
-                             server_ep.ssl.total_early_data_size;
 
-        early_data_len = sizeof(buf_write);
-        /*
-         * Adjust the length of next data to write depending on the remaining
-         * number of early data bytes we are allowed to write and if we want
-         * to reach the maximum exactly or not.
-         */
-        if (early_data_len >= remaining) {
-            if (reach_max) {
-                early_data_len = remaining;
-                write_early_data_flag = 0;
-            } else {
-                if (early_data_len == remaining) {
-                    early_data_len /= 2;
-                } else {
-                    early_data_len = remaining + 1;
-                    break;
-                }
-            }
+        if ((written_early_data_size + write_size) > max_early_data_size) {
+            break;
         }
 
-        for (size_t i = 0; i < early_data_len; i++) {
+        /*
+         * If the server rejected early data, base the determination of when
+         * to stop the loop on the expended size (padding and encryption
+         * expansion) of early data on server side and the number of early data
+         * received so far by the server (multiple of the expended size).
+         */
+        if ((expended_early_data_len != 0) &&
+            ((server_ep.ssl.total_early_data_size +
+              expended_early_data_len) > max_early_data_size)) {
+            break;
+        }
+
+        for (size_t i = 0; i < write_size; i++) {
             buf_write[i] = (unsigned char) (written_early_data_size + i);
         }
 
-        ret = write_early_data(&(client_ep.ssl), buf_write, early_data_len);
-        TEST_EQUAL(ret, early_data_len);
-        written_early_data_size += early_data_len;
+        ret = write_early_data(&(client_ep.ssl), buf_write, write_size);
+        TEST_EQUAL(ret, write_size);
+        written_early_data_size += write_size;
 
         switch (scenario) {
             case TEST_EARLY_DATA_ACCEPTED:
-                while (read_early_data_size < early_data_len) {
+                while (read_early_data_size < write_size) {
                     ret = mbedtls_ssl_handshake(&(server_ep.ssl));
                     TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);
 
                     ret = mbedtls_ssl_read_early_data(&(server_ep.ssl),
-                                                      buf_read,
-                                                      sizeof(buf_read));
+                                                      buf_read, read_size);
                     TEST_ASSERT(ret > 0);
 
                     TEST_MEMORY_COMPARE(buf_read, ret,
@@ -4653,24 +4650,14 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in
                 if (expended_early_data_len == 0) {
                     expended_early_data_len = server_ep.ssl.total_early_data_size;
                 }
-                remaining = max_early_data_size - server_ep.ssl.total_early_data_size;
-
-                if (expended_early_data_len > remaining) {
-                    write_early_data_flag = 0;
-                }
                 break;
         }
         TEST_ASSERT(server_ep.ssl.total_early_data_size <= max_early_data_size);
-    }
+    } while (1);
 
     mbedtls_debug_set_threshold(3);
-
-    if (reach_max) {
-        TEST_EQUAL(server_ep.ssl.total_early_data_size, max_early_data_size);
-    }
-
-    ret = write_early_data(&(client_ep.ssl), buf_write, early_data_len);
-    TEST_EQUAL(ret, early_data_len);
+    ret = write_early_data(&(client_ep.ssl), buf_write, write_size);
+    TEST_EQUAL(ret, write_size);
 
     ret = mbedtls_snprintf(pattern, sizeof(pattern),
                            "EarlyData: Too much early data received");