Fix format issue and enhance test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-01-26 12:35:20 +00:00 · 2021-10-13 22:01:04 +08:00 · 2021-10-13 22:01:04 +08:00 · 745bb616a4
commit 745bb616a4
parent 193f0e7449
2 changed files with 35 additions and 25 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -926,6 +926,11 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
    return( SSL_SERVER_HELLO_COORDINATE_HELLO );
 }

+/* Fetch and preprocess
+ * Returns a negative value on failure, and otherwise
+ * - SSL_SERVER_HELLO_COORDINATE_HELLO or
+ * - SSL_SERVER_HELLO_COORDINATE_HRR
+ */
 static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
                                              unsigned char **buf,
                                              size_t *buf_len )
@ -950,12 +955,12 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
    ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
    switch( ret )
    {
-    case SSL_SERVER_HELLO_COORDINATE_HELLO:
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
-        break;
-    case SSL_SERVER_HELLO_COORDINATE_HRR:
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
-        break;
+        case SSL_SERVER_HELLO_COORDINATE_HELLO:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
+            break;
+        case SSL_SERVER_HELLO_COORDINATE_HRR:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
+            break;
    }

 cleanup:
@ -1248,26 +1253,26 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
    switch( handshake->extensions_present &
            ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
    {
-    /* Only the pre_shared_key extension was received */
-    case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
-        break;
+        /* Only the pre_shared_key extension was received */
+        case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+            break;

-    /* Only the key_share extension was received */
-    case MBEDTLS_SSL_EXT_KEY_SHARE:
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
-        break;
+        /* Only the key_share extension was received */
+        case MBEDTLS_SSL_EXT_KEY_SHARE:
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+            break;

-    /* Both the pre_shared_key and key_share extensions were received */
-    case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-        break;
+        /* Both the pre_shared_key and key_share extensions were received */
+        case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+            break;

-    /* Neither pre_shared_key nor key_share extension was received */
-    default:
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
-        ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
-        goto cleanup;
+        /* Neither pre_shared_key nor key_share extension was received */
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
+            ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+            goto cleanup;
    }

    /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -8678,7 +8678,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - openssl" \
            "$O_NEXT_SRV -tls1_3 -msg" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
            1 \
            -c "SSL - The requested feature is not available" \
            -s "ServerHello"                \
@ -8695,6 +8695,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
            -c "tls1_3 client state: 14"    \
            -c "tls1_3 client state: 15"    \
            -c "<= ssl_tls1_3_process_server_hello" \
+            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "ECDH curve: x25519"         \
            -c "=> ssl_tls1_3_process_server_hello"

 requires_gnutls_tls1_3
@ -8702,7 +8704,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
            1 \
            -c "SSL - The requested feature is not available" \
            -s "SERVER HELLO was queued"    \
@ -8719,8 +8721,11 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
            -c "tls1_3 client state: 14"    \
            -c "tls1_3 client state: 15"    \
            -c "<= ssl_tls1_3_process_server_hello" \
+            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "ECDH curve: x25519"         \
            -c "=> ssl_tls1_3_process_server_hello"

+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG
 requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C