yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-22 04:21:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

test_suite_ssl refactoring: provide default options structure for tests

Browse source 
Create and provide a structure with default options so that the caller won't have
to pass all of the parameters each time the handshake is called. In the future
this can be improved so that the options are passed as a string, just like in
ssl-opt.sh.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-02-26 09:10:14 -05:00
parent 316da1f86e
commit 8a6ff15079
No known key found for this signature in database
GPG key ID: 89A90840DC388527
2 changed files with 463 additions and 318 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

159
tests/suites/test_suite_ssl.data
View file

@ -202,172 +202,165 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TIC
# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, SSL3
depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:0:0:0:0:0:0
handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0
# Note - the case below will have to updated, since the test sends no data due to a 1n-1 split against BEAST, that was not expected when preparing the fragment counting code.
Handshake, tls1
depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC
handshake:"":MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:0:0:0:0:0:0
depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0
Handshake, tls1_1
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC
handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0
Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
Handshake, RSA-WITH-AES-128-CCM
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_1
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1
DTLS Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SHA512_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, RSA-WITH-AES-128-CCM
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_ECDSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_SHA512_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"abc123":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:1:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:0:0
depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_serialization
Sending app data via TLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via TLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
Sending app data via TLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via TLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
Sending app data via TLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via TLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
Sending app data via TLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via TLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
Sending app data via TLS without MFL and without fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1:0:0
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
Sending app data via TLS without MFL and with fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":0:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7:0:0
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
Sending app data via DTLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
Sending app data via DTLS, MFL=512 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0
Sending app data via DTLS, MFL=1024 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
Sending app data via DTLS, MFL=1024 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0
Sending app data via DTLS, MFL=2048 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
Sending app data via DTLS, MFL=2048 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0
Sending app data via DTLS, MFL=4096 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
Sending app data via DTLS, MFL=4096 with fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0:0:0
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0
Sending app data via DTLS, without MFL and without fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1:0:0
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
Sending app data via DTLS, without MFL and with fragmentation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0:0:0
app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0
DTLS renegotiation: no legacy renegotiation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:1:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS renegotiation: legacy renegotiation
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:1:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS renegotiation: legacy break handshake
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION
handshake:"":MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_PK_RSA:"":1:0:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:100:100:1:1:1:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0

622
tests/suites/test_suite_ssl.function
View file

@ -6,6 +6,39 @@
#include <mbedtls/certs.h>
#include <mbedtls/timing.h>
typedef struct handshake_test_options
{
const char *cipher;
int version;
int pk_alg;
data_t *psk_str;
int dtls;
int serialize;
int mfl;
int cli_msg_len;
int srv_msg_len;
int expected_cli_fragments;
int expected_srv_fragments;
int renegotiate;
int legacy_renegotiation;
} handshake_test_options;
void init_handshake_options( handshake_test_options *opts )
{
opts->cipher = "";
opts->version = MBEDTLS_SSL_MINOR_VERSION_3;
opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL;
opts->dtls = 0;
opts->serialize = 0;
opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
opts->cli_msg_len = 100;
opts->srv_msg_len = 100;
opts->expected_cli_fragments = 1;
opts->expected_srv_fragments = 1;
opts->renegotiate = 0;
opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
}
/*
* Buffer structure for custom I/O callbacks.
*/
@ -1556,6 +1589,241 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
ssl_2, 256, 1 );
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void perform_handshake( handshake_test_options* options )
{
/* forced_ciphersuite needs to last until the end of the handshake */
int forced_ciphersuite[2];
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const char *psk_identity = "foo";
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
unsigned char *context_buf = NULL;
size_t context_buf_len;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int ret = -1;
#endif
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
/* Client side */
if( options->dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, &client_context,
&client_queue,
&server_queue ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, NULL, NULL,
NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
if( strlen( options->cipher ) > 0 )
{
set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
}
/* Server side */
if( options->dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, &server_context,
&server_queue,
&client_queue) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
(unsigned char) options->mfl ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
(unsigned char) options->mfl ) == 0 );
#else
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( options->psk_str != NULL && options->psk_str->len > 0 )
{
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
options->psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, options->psk_str->x,
options->psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
mbedtls_ssl_conf_renegotiation( &(server.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_renegotiation( &(client.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
options->legacy_renegotiation );
mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
options->legacy_renegotiation );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ) == 0 );
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
== 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
/* Start data exchanging test */
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), options->cli_msg_len,
options->expected_cli_fragments,
&(server.ssl), options->srv_msg_len,
options->expected_srv_fragments )
== 0 );
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( options->serialize == 1 )
{
TEST_ASSERT( options->dtls == 1 );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
0, &context_buf_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
context_buf = mbedtls_calloc( 1, context_buf_len );
TEST_ASSERT( context_buf != NULL );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
context_buf_len,
&context_buf_len ) == 0 );
mbedtls_ssl_free( &(server.ssl) );
mbedtls_ssl_init( &(server.ssl) );
TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
mbedtls_mock_tcp_send_msg,
mbedtls_mock_tcp_recv_msg,
NULL );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
/* Retest writing/reading */
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl),
options->cli_msg_len,
options->expected_cli_fragments,
&(server.ssl),
options->srv_msg_len,
options->expected_srv_fragments )
== 0 );
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
/* Start test with renegotiation */
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
/* After calling this function for the server, it only sends a handshake
* request. All renegotiation should happen during data exchanging */
TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_PENDING );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
* perform simultaneous communication betwen client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
exit:
mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( context_buf != NULL )
mbedtls_free( context_buf );
#endif
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -3300,245 +3568,129 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
void handshake( const char *cipher, int version, int pk_alg,
data_t *psk_str, int dtls, int serialize, int mfl,
int cli_msg_len, int srv_msg_len,
const int expected_cli_fragments,
const int expected_srv_fragments, const int renegotiate,
const int legacy_renegotiation )
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void handshake_version( int version, int dtls )
{
/* forced_ciphersuite needs to last until the end of the handshake */
int forced_ciphersuite[2];
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const char *psk_identity = "foo";
#else
(void) psk_str;
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer_client, timer_server;
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
unsigned char *context_buf = NULL;
size_t context_buf_len;
#else
(void) serialize;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int ret = -1;
#else
(void) renegotiate;
(void) legacy_renegotiation;
#endif
handshake_test_options options;
init_handshake_options( &options );
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
/* Client side */
if( dtls != 0 )
options.version = version;
options.dtls = dtls;
/* Note - the case below will have to updated, since the test sends no data
* due to a 1n-1 split against BEAST, that was not expected when preparing
* the fragment counting code. */
if( version == MBEDTLS_SSL_MINOR_VERSION_0 ||
version == MBEDTLS_SSL_MINOR_VERSION_1 )
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
pk_alg, &client_context,
&client_queue,
&server_queue ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
options.cli_msg_len = 0;
options.srv_msg_len = 0;
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
perform_handshake( &options );
if( strlen( cipher ) > 0 )
{
set_ciphersuite( &client.conf, cipher, forced_ciphersuite );
}
/* Server side */
if( dtls != 0 )
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
pk_alg, &server_context,
&server_queue,
&client_queue) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
}
else
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
version );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
(unsigned char) mfl ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(client.conf),
(unsigned char) mfl ) == 0 );
#else
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( psk_str->len > 0 )
{
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, psk_str->x,
psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
TEST_ASSERT( mbedtls_ssl_conf_psk( &server.conf, psk_str->x,
psk_str->len,
(const unsigned char *) psk_identity,
strlen( psk_identity ) ) == 0 );
mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL );
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( renegotiate )
{
mbedtls_ssl_conf_renegotiation( &(server.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_renegotiation( &(client.conf),
MBEDTLS_SSL_RENEGOTIATION_ENABLED );
mbedtls_ssl_conf_legacy_renegotiation( &(server.conf),
legacy_renegotiation );
mbedtls_ssl_conf_legacy_renegotiation( &(client.conf),
legacy_renegotiation );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ) == 0 );
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
== 0 );
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
if( cli_msg_len != 0 || srv_msg_len != 0 )
{
/* Start data exchanging test */
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), cli_msg_len,
expected_cli_fragments,
&(server.ssl), srv_msg_len,
expected_srv_fragments ) == 0 );
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( serialize == 1 )
{
TEST_ASSERT( dtls == 1 );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), NULL,
0, &context_buf_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
context_buf = mbedtls_calloc( 1, context_buf_len );
TEST_ASSERT( context_buf != NULL );
TEST_ASSERT( mbedtls_ssl_context_save( &(server.ssl), context_buf,
context_buf_len,
&context_buf_len ) == 0 );
mbedtls_ssl_free( &(server.ssl) );
mbedtls_ssl_init( &(server.ssl) );
TEST_ASSERT( mbedtls_ssl_setup( &(server.ssl), &(server.conf) ) == 0 );
mbedtls_ssl_set_bio( &( server.ssl ), &server_context,
mbedtls_mock_tcp_send_msg,
mbedtls_mock_tcp_recv_msg,
NULL );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
/* Retest writing/reading */
if( cli_msg_len != 0 || srv_msg_len != 0 )
{
TEST_ASSERT( mbedtls_exchange_data( &(client.ssl), cli_msg_len,
expected_cli_fragments,
&(server.ssl), srv_msg_len,
expected_srv_fragments ) == 0 );
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( renegotiate )
{
/* Start test with renegotiation */
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
/* After calling this function for the server, it only sends a handshake
* request. All renegotiation should happen during data exchanging */
TEST_ASSERT( mbedtls_ssl_renegotiate( &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_PENDING );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_INITIAL_HANDSHAKE );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
* perform simultaneous communication betwen client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS );
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( server.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
exit:
mbedtls_endpoint_free( &client, dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, dtls != 0 ? &server_context : NULL );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( dtls != 0 && serialize != 0 )
{
mbedtls_free( context_buf );
}
#endif
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
{
handshake_test_options options;
init_handshake_options( &options );
options.cipher = cipher;
options.dtls = dtls;
options.psk_str = psk_str;
options.pk_alg = pk_alg;
perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */
void handshake_cipher( char* cipher, int pk_alg, int dtls )
{
test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls )
{
handshake_test_options options;
init_handshake_options( &options );
options.mfl = mfl;
options.cli_msg_len = cli_msg_len;
options.srv_msg_len = srv_msg_len;
options.expected_cli_fragments = expected_cli_fragments;
options.expected_srv_fragments = expected_srv_fragments;
options.dtls = dtls;
perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
{
test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
expected_srv_fragments, 0 );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
{
test_app_data( mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
expected_srv_fragments, 1 );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION */
void handshake_serialization( )
{
handshake_test_options options;
init_handshake_options( &options );
options.serialize = 1;
options.dtls = 1;
perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */
void renegotiation( int legacy_renegotiation )
{
handshake_test_options options;
init_handshake_options( &options );
options.renegotiate = 1;
options.legacy_renegotiation = legacy_renegotiation;
options.dtls = 1;
perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */