mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-15 23:42:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tests: ssl: Add early data status unit test

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-01-24 09:40:46 +01:00
parent 90e223364c
commit a7f94e49a8
2 changed files with 146 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tests/suites/test_suite_ssl.data
View File

@ -3282,3 +3282,6 @@ tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD
TLS 1.3 early data, discard after HRR
tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR
TLS 1.3 cli, early data status
tls13_cli_early_data_status

143
tests/suites/test_suite_ssl.function
View File

@ -3787,3 +3787,146 @@ exit:
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
void tls13_cli_early_data_status()
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
PSA_INIT();
/*
* Run first handshake to get a ticket from the server.
*/
client_options.pk_alg = MBEDTLS_PK_ECDSA;
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
&saved_session);
TEST_EQUAL(ret, 0);
/*
* Prepare for handshake with the ticket.
*/
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write,
mbedtls_test_ticket_parse,
NULL);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
&(server_ep.socket), 1024);
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
/*
* Go through the handshake sequence, state by state, checking the early
* data status each time.
*/
do {
int state = client_ep.ssl.state;
/* Progress the handshake from at least one state */
while (client_ep.ssl.state == state) {
ret = mbedtls_ssl_handshake_step(&(client_ep.ssl));
TEST_ASSERT((ret == 0) ||
(ret == MBEDTLS_ERR_SSL_WANT_READ) ||
(ret == MBEDTLS_ERR_SSL_WANT_WRITE));
if (client_ep.ssl.state != state) {
break;
}
ret = mbedtls_ssl_handshake_step(&(server_ep.ssl));
TEST_ASSERT((ret == 0) ||
(ret == MBEDTLS_ERR_SSL_WANT_READ) ||
(ret == MBEDTLS_ERR_SSL_WANT_WRITE));
}
switch (client_ep.ssl.state) {
case MBEDTLS_SSL_CLIENT_HELLO:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
break;
case MBEDTLS_SSL_SERVER_HELLO:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
break;
case MBEDTLS_SSL_SERVER_FINISHED:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED);
break;
case MBEDTLS_SSL_END_OF_EARLY_DATA:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
break;
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SENT);
break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */
case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */
case MBEDTLS_SSL_HANDSHAKE_OVER:
TEST_EQUAL(client_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
break;
default:
TEST_FAIL("Unexpected state.");
}
} while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER);
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
TEST_EQUAL(client_ep.ssl.handshake->ccs_count, 1);
#endif
exit:
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
PSA_DONE();
}
/* END_CASE */