mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-17 12:40:01 +00:00
tests: tls13: Add session resume with ticket unit test
This aims to provide a basis for negative testing around TLS 1.3 ticket, replacing eventually the negative tests done in ssl-opt.sh using the dummy_ticket option. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
77abfe67db
commit
d903a86e52
tests/suites
@ -3270,3 +3270,6 @@ ssl_ecjpake_set_password:1
|
||||
|
||||
Test Elliptic curves' info parsing
|
||||
elliptic_curve_get_properties
|
||||
|
||||
TLS 1.3 resume session with ticket
|
||||
tls13_resume_session_with_ticket
|
||||
|
@ -3519,3 +3519,96 @@ exit:
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
|
||||
void tls13_resume_session_with_ticket()
|
||||
{
|
||||
int ret = -1;
|
||||
unsigned char buf[64];
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
mbedtls_test_handshake_test_options client_options;
|
||||
mbedtls_test_handshake_test_options server_options;
|
||||
mbedtls_ssl_session saved_session;
|
||||
|
||||
/*
|
||||
* Test set-up
|
||||
*/
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
mbedtls_test_init_handshake_options(&server_options);
|
||||
mbedtls_ssl_session_init(&saved_session);
|
||||
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL,
|
||||
NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL,
|
||||
NULL);
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
|
||||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Run initial handshake: ephemeral key exchange mode, certificate with
|
||||
* RSA key, signed with PKCS15, verified with PKCS21. Then, get the ticket
|
||||
* sent by the server at the end of its handshake sequence.
|
||||
*/
|
||||
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER) == 0);
|
||||
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
|
||||
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
|
||||
|
||||
/*
|
||||
* Save client session and reset the SSL context of the two endpoints.
|
||||
*/
|
||||
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Set saved session on client side and handshake using the ticket
|
||||
* included in that session.
|
||||
*/
|
||||
|
||||
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_WRAPUP) == 0);
|
||||
|
||||
TEST_EQUAL(server_ep.ssl.handshake->resume, 1);
|
||||
TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1);
|
||||
TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode,
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
|
||||
|
||||
exit:
|
||||
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
|
||||
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
|
||||
mbedtls_test_free_handshake_options(&client_options);
|
||||
mbedtls_test_free_handshake_options(&server_options);
|
||||
mbedtls_ssl_session_free(&saved_session);
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
Loading…
x
Reference in New Issue
Block a user