tls: Simplify the logic of the config version check and test it

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-03-30 16:45:51 +02:00
parent 3cffc5ccb1
commit 37bdaab64f
3 changed files with 156 additions and 7 deletions

View File

@ -882,13 +882,6 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
const mbedtls_ssl_config *conf = ssl->conf;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_enabled( conf ) &&
( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
if( mbedtls_ssl_conf_is_tls13_only( conf ) )
{
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
@ -896,6 +889,13 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
return( 0 );
}
@ -917,6 +917,13 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
return( 0 );
}

View File

@ -3212,5 +3212,123 @@ conf_curve:
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group:
Version config: valid client TLS 1.2 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:0
Version config: valid client DTLS 1.2 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:0
Version config: valid server TLS 1.2 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:0
Version config: valid server DTLS 1.2 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:0
Version config: invalid client TLS 1.2 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid client DTLS 1.2 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid server TLS 1.2 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid server DTLS 1.2 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: valid client TLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:0
Version config: unsupported client DTLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Version config: unsupported server TLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Version config: unsupported server DTLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Version config: invalid client TLS 1.3 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid client DTLS 1.3 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid server TLS 1.3 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid server DTLS 1.3 only
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: valid client hybrid TLS 1.2/3
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:0
Version config: unsupported client hybrid DTLS 1.2/3
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Version config: unsupported server hybrid TLS 1.2/3
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Version config: unsupported server hybrid DTLS 1.2/3
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Version config: valid client hybrid TLS 1.2/3, no TLS 1.2
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.2
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.2
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: valid client hybrid TLS 1.2/3, no TLS 1.3
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.3
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.3
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid minimum version
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:2:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
Version config: invalid maximum version
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:5:MBEDTLS_ERR_SSL_BAD_CONFIG
Test accessor into timing_delay_context
timing_final_delay_accessor

View File

@ -5369,6 +5369,30 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void conf_version( int endpoint, int transport,
int min_version_major, int min_version_minor,
int max_version_major, int max_version_minor,
int expected_ssl_setup_result )
{
mbedtls_ssl_config conf;
mbedtls_ssl_context ssl;
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_conf_endpoint( &conf, endpoint );
mbedtls_ssl_conf_transport( &conf, transport );
mbedtls_ssl_conf_min_version( &conf, min_version_major, min_version_minor );
mbedtls_ssl_conf_max_version( &conf, max_version_major, max_version_minor );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
void conf_curve()
{