mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-27 06:35:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

test_suite_ssl refactoring: provide default options structure for tests

Browse Source 
Create and provide a structure with default options so that the caller won't have
to pass all of the parameters each time the handshake is called. In the future
this can be improved so that the options are passed as a string, just like in
ssl-opt.sh.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-02-26 09:10:14 -05:00
parent 316da1f86e
commit 8a6ff15079
No known key found for this signature in database
GPG Key ID: 89A90840DC388527
2 changed files with 463 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
tests/suites/test_suite_ssl.data
View File

@ -202,172 +202,165 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TIC
# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code. # Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, SSL3 Handshake, SSL3
depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:0:0:0:0:0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0
# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code. # Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, tls1 Handshake, tls1
depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
handshake:"":MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:0:0:0:0:0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0
Handshake, tls1_1 Handshake, tls1_1
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0
Handshake, tls1_2 Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_PROTO_TLS1_2
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
Handshake, RSA-WITH-AES-128-CCM Handshake, RSA-WITH-AES-128-CCM
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_1 DTLS Handshake, tls1_1
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1
DTLS Handshake, tls1_2 DTLS Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, RSA-WITH-AES-128-CCM DTLS Handshake, RSA-WITH-AES-128-CCM
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2 DTLS Handshake with serialization, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:1:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0 handshake_serialization
Sending app data via TLS, MFL=512 without fragmentation Sending app data via TLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via TLS, MFL=512 with fragmentation Sending app data via TLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
Sending app data via TLS, MFL=1024 without fragmentation Sending app data via TLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via TLS, MFL=1024 with fragmentation Sending app data via TLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
Sending app data via TLS, MFL=2048 without fragmentation Sending app data via TLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via TLS, MFL=2048 with fragmentation Sending app data via TLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
Sending app data via TLS, MFL=4096 without fragmentation Sending app data via TLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via TLS, MFL=4096 with fragmentation Sending app data via TLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3:0:0 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
Sending app data via TLS without MFL and without fragmentation Sending app data via TLS without MFL and without fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1:0:0
Sending app data via TLS without MFL and with fragmentation Sending app data via TLS without MFL and with fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7:0:0
Sending app data via DTLS, MFL=512 without fragmentation Sending app data via DTLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via DTLS, MFL=512 with fragmentation Sending app data via DTLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0
Sending app data via DTLS, MFL=1024 without fragmentation Sending app data via DTLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via DTLS, MFL=1024 with fragmentation Sending app data via DTLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0
Sending app data via DTLS, MFL=2048 without fragmentation Sending app data via DTLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via DTLS, MFL=2048 with fragmentation Sending app data via DTLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0
Sending app data via DTLS, MFL=4096 without fragmentation Sending app data via DTLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via DTLS, MFL=4096 with fragmentation Sending app data via DTLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0:0:0 app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0
Sending app data via DTLS, without MFL and without fragmentation Sending app data via DTLS, without MFL and without fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1:0:0
Sending app data via DTLS, without MFL and with fragmentation Sending app data via DTLS, without MFL and with fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0:0:0
DTLS renegotiation: no legacy renegotiation DTLS renegotiation: no legacy renegotiation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:1:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS renegotiation: legacy renegotiation DTLS renegotiation: legacy renegotiation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:1:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS renegotiation: legacy break handshake DTLS renegotiation: legacy break handshake
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:1:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
SSL DTLS replay: initial state, seqnum 0 SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0 ssl_dtls_replay:"":"000000000000":0

622
tests/suites/test_suite_ssl.function
View File

@ -6,6 +6,39 @@
#include <mbedtls/certs.h> #include <mbedtls/certs.h>
#include <mbedtls/timing.h> #include <mbedtls/timing.h>
typedef struct handshake_test_options
{
const char *cipher;
int version;
int pk_alg;
data_t *psk_str;
int dtls;
int serialize;
int mfl;
int cli_msg_len;
int srv_msg_len;
int expected_cli_fragments;
int expected_srv_fragments;
int renegotiate;
int legacy_renegotiation;
} handshake_test_options;
void init_handshake_options( handshake_test_options *opts )
{
opts->cipher = "";
opts->version = MBEDTLS_SSL_MINOR_VERSION_3;
opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL;
opts->dtls = 0;
opts->serialize = 0;
opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
opts->cli_msg_len = 100;
opts->srv_msg_len = 100;
opts->expected_cli_fragments = 1;
opts->expected_srv_fragments = 1;
opts->renegotiate = 0;
opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
}
/* /*
* Buffer structure for custom I/O callbacks. * Buffer structure for custom I/O callbacks.
*/ */
@ -1556,6 +1589,241 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
ssl_2, 256, 1 ); ssl_2, 256, 1 );
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void perform_handshake( handshake_test_options* options )
{
/* forced_ciphersuite needs to last until the end of the handshake */
int forced_ciphersuite[2];
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const char *psk_identity = "foo";
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
unsigned char *context_buf = NULL;
size_t context_buf_len;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int ret = -1;
#endif
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
/* Client side */
if( options->dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, &client_context,
&client_queue,
&server_queue ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, NULL, NULL,
NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
if( strlen( options->cipher ) > 0 )
{
set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
}
/* Server side */
if( options->dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, &server_context,
&server_queue,
&client_queue) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
(unsigned char) options->mfl ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
(unsigned char) options->mfl ) == 0 );
#else
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( options->psk_str != NULL && options->psk_str->len > 0 )
{
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
options->psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
options->psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
mbedtls_ssl_conf_renegotiation( &(server.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_renegotiation( &(client.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
options->legacy_renegotiation );
mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
options->legacy_renegotiation );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ) == 0 );
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
== 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
/* Start data exchanging test */
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
options->expected_cli_fragments,
&(server.ssl), options->srv_msg_len,
options->expected_srv_fragments )
== 0 );
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( options->serialize == 1 )
{
TEST_ASSERT( options->dtls == 1 );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
0, &context_buf_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
context_buf = mbedtls_calloc( 1, context_buf_len );
TEST_ASSERT( context_buf != NULL );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
context_buf_len,
&context_buf_len ) == 0 );
mbedtls_ssl_free( &(server.ssl) );
mbedtls_ssl_init( &(server.ssl) );
TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
mbedtls_mock_tcp_send_msg,
mbedtls_mock_tcp_recv_msg,
NULL );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
/* Retest writing/reading */
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
options->cli_msg_len,
options->expected_cli_fragments,
&(server.ssl),
options->srv_msg_len,
options->expected_srv_fragments )
== 0 );
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
/* Start test with renegotiation */
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
/* After calling this function for the server, it only sends a handshake
* request. All renegotiation should happen during data exchanging */
TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_PENDING );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
* perform simultaneous communication betwen client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
exit:
mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( context_buf != NULL )
mbedtls_free( context_buf );
#endif
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
@ -3300,245 +3568,129 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void handshake( const char *cipher, int version, int pk_alg, void handshake_version( int version, int dtls )
data_t *psk_str, int dtls, int serialize, int mfl,
int cli_msg_len, int srv_msg_len,
const int expected_cli_fragments,
const int expected_srv_fragments, const int renegotiate,
const int legacy_renegotiation )
{ {
/* forced_ciphersuite needs to last until the end of the handshake */ handshake_test_options options;
int forced_ciphersuite[2]; init_handshake_options( &options );
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const char *psk_identity = "foo";
#else
(void) psk_str;
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
unsigned char *context_buf = NULL;
size_t context_buf_len;
#else
(void) serialize;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int ret = -1;
#else
(void) renegotiate;
(void) legacy_renegotiation;
#endif
mbedtls_test_message_queue server_queue, client_queue; options.version = version;
mbedtls_test_message_socket_context server_context, client_context; options.dtls = dtls;
/* Note - the case below will have to updated, since the test sends no data
/* Client side */ * due to a 1n-1 split against BEAST, that was not expected when preparing
if( dtls != 0 ) * the fragment counting code. */
if( version == MBEDTLS_SSL_MINOR_VERSION_0 ||
version == MBEDTLS_SSL_MINOR_VERSION_1 )
{ {
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, options.cli_msg_len = 0;
pk_alg, &client_context, options.srv_msg_len = 0;
&client_queue,
&server_queue ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
} }
else perform_handshake( &options );
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
if( strlen( cipher ) > 0 ) /* The goto below is used to avoid an "unused label" warning.*/
{ goto exit;
set_ciphersuite( &client.conf, cipher, forced_ciphersuite ); }
} /* END_CASE */
/* Server side */
if( dtls != 0 ) /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
{ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, {
pk_alg, &server_context, handshake_test_options options;
&server_queue, init_handshake_options( &options );
&client_queue) == 0 );
#if defined(MBEDTLS_TIMING_C) options.cipher = cipher;
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server, options.dtls = dtls;
mbedtls_timing_set_delay, options.psk_str = psk_str;
mbedtls_timing_get_delay ); options.pk_alg = pk_alg;
#endif
} perform_handshake( &options );
else
{ /* The goto below is used to avoid an "unused label" warning.*/
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, goto exit;
pk_alg, NULL, NULL, NULL ) == 0 ); }
} /* END_CASE */
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version ); /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) void handshake_cipher( char* cipher, int pk_alg, int dtls )
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf), {
(unsigned char) mfl ) == 0 ); test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
(unsigned char) mfl ) == 0 ); /* The goto below is used to avoid an "unused label" warning.*/
#else goto exit;
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl ); }
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ /* END_CASE */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
if( psk_str->len > 0 ) void app_data( int mfl, int cli_msg_len, int srv_msg_len,
{ int expected_cli_fragments,
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x, int expected_srv_fragments, int dtls )
psk_str->len, {
(const unsigned char *) psk_identity, handshake_test_options options;
strlen( psk_identity ) ) == 0 ); init_handshake_options( &options );
TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x, options.mfl = mfl;
psk_str->len, options.cli_msg_len = cli_msg_len;
(const unsigned char *) psk_identity, options.srv_msg_len = srv_msg_len;
strlen( psk_identity ) ) == 0 ); options.expected_cli_fragments = expected_cli_fragments;
options.expected_srv_fragments = expected_srv_fragments;
mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL ); options.dtls = dtls;
}
#endif perform_handshake( &options );
#if defined(MBEDTLS_SSL_RENEGOTIATION) /* The goto below is used to avoid an "unused label" warning.*/
if( renegotiate ) goto exit;
{ }
mbedtls_ssl_conf_renegotiation( &(server.conf), /* END_CASE */
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_renegotiation( &(client.conf), /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
MBEDTLS_SSL_RENEGOTIATION_ENABLED ); void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
mbedtls_ssl_conf_legacy_renegotiation( &(server.conf), int expected_srv_fragments )
legacy_renegotiation ); {
mbedtls_ssl_conf_legacy_renegotiation( &(client.conf), test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
legacy_renegotiation ); expected_srv_fragments, 0 );
} /* The goto below is used to avoid an "unused label" warning.*/
#endif /* MBEDTLS_SSL_RENEGOTIATION */ goto exit;
}
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket), /* END_CASE */
&(server.socket),
BUFFSIZE ) == 0 ); /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl), int expected_cli_fragments,
&(server.ssl), int expected_srv_fragments )
MBEDTLS_SSL_HANDSHAKE_OVER ) {
== 0 ); test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); expected_srv_fragments, 1 );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); /* The goto below is used to avoid an "unused label" warning.*/
goto exit;
if( cli_msg_len != 0 || srv_msg_len != 0 ) }
{ /* END_CASE */
/* Start data exchanging test */
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), cli_msg_len, /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION */
expected_cli_fragments, void handshake_serialization( )
&(server.ssl), srv_msg_len, {
expected_srv_fragments ) == 0 ); handshake_test_options options;
} init_handshake_options( &options );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( serialize == 1 ) options.serialize = 1;
{ options.dtls = 1;
TEST_ASSERT( dtls == 1 ); perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL, goto exit;
0, &context_buf_len ) }
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); /* END_CASE */
context_buf = mbedtls_calloc( 1, context_buf_len ); /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */
TEST_ASSERT( context_buf != NULL ); void renegotiation( int legacy_renegotiation )
{
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf, handshake_test_options options;
context_buf_len, init_handshake_options( &options );
&context_buf_len ) == 0 );
options.renegotiate = 1;
mbedtls_ssl_free( &(server.ssl) ); options.legacy_renegotiation = legacy_renegotiation;
mbedtls_ssl_init( &(server.ssl) ); options.dtls = 1;
TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 ); perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
mbedtls_ssl_set_bio( &( server.ssl ), &server_context, goto exit;
mbedtls_mock_tcp_send_msg,
mbedtls_mock_tcp_recv_msg,
NULL );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
/* Retest writing/reading */
if( cli_msg_len != 0 || srv_msg_len != 0 )
{
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), cli_msg_len,
expected_cli_fragments,
&(server.ssl), srv_msg_len,
expected_srv_fragments ) == 0 );
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( renegotiate )
{
/* Start test with renegotiation */
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
/* After calling this function for the server, it only sends a handshake
* request. All renegotiation should happen during data exchanging */
TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_PENDING );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
* perform simultaneous communication betwen client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
exit:
mbedtls_endpoint_free( &client, dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, dtls != 0 ? &server_context : NULL );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( dtls != 0 && serialize != 0 )
{
mbedtls_free( context_buf );
}
#endif
} }
/* END_CASE */ /* END_CASE */