tests: write early data: Add "server rejects" scenario

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-26 10:23:31 +01:00 · 2024-01-26 10:23:31 +01:00 · 05600e26f4
commit 05600e26f4
parent 8fe2b01b52
2 changed files with 31 additions and 6 deletions
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@ -3300,3 +3300,6 @@ tls13_write_early_data:TEST_EARLY_DATA_ACCEPTED

 TLS 1.3 write early data, no early data indication
 tls13_write_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT
+
+TLS 1.3 write early data, server rejects early data
+tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -4110,7 +4110,6 @@ void tls13_write_early_data(int scenario)
    mbedtls_test_handshake_test_options client_options;
    mbedtls_test_handshake_test_options server_options;
    mbedtls_ssl_session saved_session;
-
    int client_state, previous_client_state;
    const char *early_data_string = "This is early data.";
    const unsigned char *early_data = (const unsigned char *) early_data_string;
@ -4149,6 +4148,10 @@ void tls13_write_early_data(int scenario)
            client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
            break;

+        case TEST_EARLY_DATA_SERVER_REJECTS:
+            server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+            break;
+
        default:
            TEST_FAIL("Unknown scenario.");
    }
@ -4213,7 +4216,8 @@ void tls13_write_early_data(int scenario)
        switch (client_state) {
            case MBEDTLS_SSL_CLIENT_HELLO:
                switch (scenario) {
-                    case TEST_EARLY_DATA_ACCEPTED:
+                    case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
                        TEST_EQUAL(write_early_data_ret, early_data_len);
                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
                        break;
@ -4222,7 +4226,8 @@ void tls13_write_early_data(int scenario)

            case MBEDTLS_SSL_SERVER_HELLO:
                switch (scenario) {
-                    case TEST_EARLY_DATA_ACCEPTED:
+                    case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
                        TEST_EQUAL(write_early_data_ret, early_data_len);
                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
                        break;
@ -4231,7 +4236,8 @@ void tls13_write_early_data(int scenario)

            case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
                switch (scenario) {
-                    case TEST_EARLY_DATA_ACCEPTED:
+                    case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
                        TEST_EQUAL(write_early_data_ret, early_data_len);
                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
                        break;
@ -4244,6 +4250,11 @@ void tls13_write_early_data(int scenario)
                        TEST_EQUAL(write_early_data_ret, early_data_len);
                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
                        break;
+
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
+                        TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
+                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
+                        break;
                }
                break;

@ -4256,13 +4267,23 @@ void tls13_write_early_data(int scenario)
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
            case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
                switch (scenario) {
-                    case TEST_EARLY_DATA_ACCEPTED:
+                    case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
                        TEST_EQUAL(write_early_data_ret, early_data_len);
                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
                        break;
                }
                break;

+            case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
+                TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
+                switch (scenario) {
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
+                        TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
+                        TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
+                        break;
+                }
+                break;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

            case MBEDTLS_SSL_CLIENT_CERTIFICATE: /* Intentional fallthrough */
@ -4271,7 +4292,8 @@ void tls13_write_early_data(int scenario)
            case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */
            case MBEDTLS_SSL_HANDSHAKE_OVER:
                switch (scenario) {
-                    case TEST_EARLY_DATA_ACCEPTED:
+                    case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
+                    case TEST_EARLY_DATA_SERVER_REJECTS:
                        TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
                        TEST_EQUAL(client_ep.ssl.state, client_state);
                        break;