mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tests: write early data: Add HRR scenario

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-01-26 11:54:06 +01:00
parent 05600e26f4
commit b3d42fddae
2 changed files with 79 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tests/suites/test_suite_ssl.data
View File

@ -3303,3 +3303,6 @@ tls13_write_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT
TLS 1.3 write early data, server rejects early data TLS 1.3 write early data, server rejects early data
tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS
TLS 1.3 write early data, hello retry request
tls13_write_early_data:TEST_EARLY_DATA_HRR

83
tests/suites/test_suite_ssl.function
View File

@ -4110,7 +4110,12 @@ void tls13_write_early_data(int scenario)
mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options; mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session; mbedtls_ssl_session saved_session;
int client_state, previous_client_state; uint16_t group_list[3] = {
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
int client_state, previous_client_state, beyond_first_hello = 0;
const char *early_data_string = "This is early data."; const char *early_data_string = "This is early data.";
const unsigned char *early_data = (const unsigned char *) early_data_string; const unsigned char *early_data = (const unsigned char *) early_data_string;
size_t early_data_len = strlen(early_data_string); size_t early_data_len = strlen(early_data_string);
@ -4131,12 +4136,15 @@ void tls13_write_early_data(int scenario)
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
if (scenario == TEST_EARLY_DATA_HRR) {
client_options.group_list = group_list;
server_options.group_list = group_list;
}
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
&saved_session); &saved_session);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
/* /*
* Prepare for handshake with the ticket. * Prepare for handshake with the ticket.
*/ */
@ -4152,6 +4160,10 @@ void tls13_write_early_data(int scenario)
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break; break;
case TEST_EARLY_DATA_HRR:
server_options.group_list = group_list + 1;
break;
default: default:
TEST_FAIL("Unknown scenario."); TEST_FAIL("Unknown scenario.");
} }
@ -4184,6 +4196,19 @@ void tls13_write_early_data(int scenario)
client_state = MBEDTLS_SSL_HELLO_REQUEST; client_state = MBEDTLS_SSL_HELLO_REQUEST;
while (client_state != MBEDTLS_SSL_HANDSHAKE_OVER) { while (client_state != MBEDTLS_SSL_HANDSHAKE_OVER) {
/* In case of HRR scenario, once we have been through it, move over
* the first ClientHello and ServerHello otherwise we just keep playing
* this first part of the handshake with HRR.
*/
if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) {
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
&(client_ep.ssl), &(server_ep.ssl),
MBEDTLS_SSL_SERVER_HELLO) == 0);
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
&(client_ep.ssl), &(server_ep.ssl),
MBEDTLS_SSL_CLIENT_HELLO) == 0);
}
TEST_EQUAL(mbedtls_test_move_handshake_to_state( TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(client_ep.ssl), &(server_ep.ssl), &(client_ep.ssl), &(server_ep.ssl),
previous_client_state), 0); previous_client_state), 0);
@ -4221,6 +4246,18 @@ void tls13_write_early_data(int scenario)
TEST_EQUAL(write_early_data_ret, early_data_len); TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
break; break;
case TEST_EARLY_DATA_HRR:
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
} else {
beyond_first_hello = 1;
TEST_EQUAL(write_early_data_ret,
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO);
}
break;
} }
break; break;
@ -4231,6 +4268,17 @@ void tls13_write_early_data(int scenario)
TEST_EQUAL(write_early_data_ret, early_data_len); TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
break; break;
case TEST_EARLY_DATA_HRR:
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
} else {
TEST_EQUAL(write_early_data_ret,
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
}
break;
} }
break; break;
@ -4241,6 +4289,11 @@ void tls13_write_early_data(int scenario)
TEST_EQUAL(write_early_data_ret, early_data_len); TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
break; break;
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
break;
} }
break; break;
@ -4255,6 +4308,11 @@ void tls13_write_early_data(int scenario)
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
break; break;
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
break;
} }
break; break;
@ -4268,19 +4326,29 @@ void tls13_write_early_data(int scenario)
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
switch (scenario) { switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(write_early_data_ret, early_data_len); TEST_EQUAL(write_early_data_ret, early_data_len);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
break; break;
} }
break; break;
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR);
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO);
break;
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED); TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
switch (scenario) { switch (scenario) {
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); case TEST_EARLY_DATA_HRR:
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED); TEST_EQUAL(write_early_data_ret,
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state,
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
break; break;
} }
break; break;
@ -4293,7 +4361,8 @@ void tls13_write_early_data(int scenario)
case MBEDTLS_SSL_HANDSHAKE_OVER: case MBEDTLS_SSL_HANDSHAKE_OVER:
switch (scenario) { switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS: case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, client_state); TEST_EQUAL(client_ep.ssl.state, client_state);
break; break;