yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test

Browse source 
Add TLS 1.3 ticket and early data unit tests
This commit is contained in:
Ronald Cron 2024-02-01 13:15:55 +00:00 committed by GitHub
commit 11cc41265b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 349 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
library/ssl_tls13_client.c
View file

@ -1236,10 +1236,6 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
mbedtls_ssl_handshake_set_state(
ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO);
#endif
MBEDTLS_SSL_DEBUG_MSG(
1, ("Set hs psk for early data when writing the first psk"));
@ -1294,6 +1290,15 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
return ret;
}
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
mbedtls_ssl_handshake_set_state(
ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO);
#else
MBEDTLS_SSL_DEBUG_MSG(
1, ("Switch to early data keys for outbound traffic"));
mbedtls_ssl_set_outbound_transform(
ssl, ssl->handshake->transform_earlydata);
#endif
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
return 0;
@ -3067,19 +3072,19 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
}
break;
#if defined(MBEDTLS_SSL_EARLY_DATA)
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
if (ret == 0) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
#if defined(MBEDTLS_SSL_EARLY_DATA)
MBEDTLS_SSL_DEBUG_MSG(
1, ("Switch to early data keys for outbound traffic"));
mbedtls_ssl_set_outbound_transform(
ssl, ssl->handshake->transform_earlydata);
#endif
}
break;
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)

10
tests/include/test/ssl_helpers.h
View file

@ -589,6 +589,16 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args);
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int mbedtls_test_ticket_write(
void *p_ticket, const mbedtls_ssl_session *session,
unsigned char *start, const unsigned char *end,
size_t *tlen, uint32_t *ticket_lifetime);
int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
unsigned char *buf, size_t len);
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#define ECJPAKE_TEST_PWD "bla"
#if defined(MBEDTLS_USE_PSA_CRYPTO)

75
tests/src/test_helpers/ssl_helpers.c
View file

@ -841,6 +841,23 @@ int mbedtls_test_ssl_endpoint_init(
}
#endif
#if defined(MBEDTLS_DEBUG_C)
#if defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER &&
options->srv_log_fun != NULL) {
mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun,
options->srv_log_obj);
}
#endif
#if defined(MBEDTLS_SSL_CLI_C)
if (endpoint_type == MBEDTLS_SSL_IS_CLIENT &&
options->cli_log_fun != NULL) {
mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun,
options->cli_log_obj);
}
#endif
#endif /* MBEDTLS_DEBUG_C */
ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg,
options->opaque_alg,
options->opaque_alg2,
@ -1977,6 +1994,12 @@ void mbedtls_test_ssl_perform_handshake(
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
#if defined(MBEDTLS_DEBUG_C)
if (options->cli_log_fun || options->srv_log_fun) {
mbedtls_debug_set_threshold(4);
}
#endif
/* Client side */
if (options->dtls != 0) {
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
@ -2000,14 +2023,6 @@ void mbedtls_test_ssl_perform_handshake(
set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
}
#if defined(MBEDTLS_DEBUG_C)
if (options->cli_log_fun) {
mbedtls_debug_set_threshold(4);
mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
options->cli_log_obj);
}
#endif
/* Server side */
if (options->dtls != 0) {
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
@ -2072,14 +2087,6 @@ void mbedtls_test_ssl_perform_handshake(
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_DEBUG_C)
if (options->srv_log_fun) {
mbedtls_debug_set_threshold(4);
mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
options->srv_log_obj);
}
#endif
TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
&(server.socket),
BUFFSIZE) == 0);
@ -2419,4 +2426,40 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
return 0;
}
#endif /* MBEDTLS_TEST_HOOKS */
/*
* Functions for tests based on tickets. Implementations of the
* write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t.
* Basically same implementations as in ticket.c without the encryption. That
* way we can tweak easily tickets characteristics to simulate misbehaving
* peers.
*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int mbedtls_test_ticket_write(
void *p_ticket, const mbedtls_ssl_session *session,
unsigned char *start, const unsigned char *end,
size_t *tlen, uint32_t *lifetime)
{
int ret;
((void) p_ticket);
if ((ret = mbedtls_ssl_session_save(session, start, end - start,
tlen)) != 0) {
return ret;
}
/* Maximum ticket lifetime as defined in RFC 8446 */
*lifetime = 7 * 24 * 3600;
return 0;
}
int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
unsigned char *buf, size_t len)
{
((void) p_ticket);
return mbedtls_ssl_session_load(session, buf, len);
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#endif /* MBEDTLS_SSL_TLS_C */

6
tests/suites/test_suite_ssl.data
View file

@ -3270,3 +3270,9 @@ ssl_ecjpake_set_password:1
Test Elliptic curves' info parsing
elliptic_curve_get_properties
TLS 1.3 resume session with ticket
tls13_resume_session_with_ticket
TLS 1.3 early data
tls13_early_data

263
tests/suites/test_suite_ssl.function
View file

@ -12,6 +12,49 @@
#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 }
#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \
defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_ECP_HAVE_SECP256R1) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \
defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS)
/*
* The implementation of the function should be based on
* mbedtls_ssl_write_early_data() eventually. The current version aims at
* removing the dependency on mbedtls_ssl_write_early_data() for the
* development and testing of reading early data.
*/
static int write_early_data(mbedtls_ssl_context *ssl,
unsigned char *buf, size_t len)
{
int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
TEST_ASSERT(ret > 0);
TEST_ASSERT(len <= (size_t) ret);
ret = mbedtls_ssl_flush_output(ssl);
TEST_EQUAL(ret, 0);
TEST_EQUAL(ssl->out_left, 0);
ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
if (len > 0) {
memcpy(ssl->out_msg, buf, len);
}
ret = mbedtls_ssl_write_record(ssl, 1);
TEST_EQUAL(ret, 0);
ret = len;
exit:
return ret;
}
#endif
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -3519,3 +3562,223 @@ exit:
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
void tls13_resume_session_with_ticket()
{
int ret = -1;
unsigned char buf[64];
mbedtls_test_ssl_endpoint client_ep, server_ep;
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
/*
* Test set-up
*/
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
PSA_INIT();
client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL,
NULL);
TEST_EQUAL(ret, 0);
server_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL,
NULL);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write,
mbedtls_test_ticket_parse,
NULL);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
&(server_ep.socket), 1024);
TEST_EQUAL(ret, 0);
/*
* Run initial handshake: ephemeral key exchange mode, certificate with
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
* algorithm. Then, get the ticket sent by the server at the end of its
* handshake sequence.
*/
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
do {
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
/*
* Save client session and reset the SSL context of the two endpoints.
*/
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
TEST_EQUAL(ret, 0);
/*
* Set saved session on client side and handshake using the ticket
* included in that session.
*/
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
/*
* Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not
* MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks
* below.
*/
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0);
TEST_EQUAL(server_ep.ssl.handshake->resume, 1);
TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1);
TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
exit:
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
PSA_DONE();
}
/* END_CASE */
/*
* The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is
* a temporary workaround to not run the test in Windows-2013 where there is
* an issue with mbedtls_vsnprintf().
*/
/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
void tls13_early_data()
{
int ret = -1;
unsigned char buf[64];
const char *early_data = "This is early data.";
size_t early_data_len = strlen(early_data);
mbedtls_test_ssl_endpoint client_ep, server_ep;
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 };
/*
* Test set-up
*/
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
PSA_INIT();
client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL,
NULL);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
server_options.srv_log_obj = &server_pattern;
server_pattern.pattern = early_data;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL,
NULL);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write,
mbedtls_test_ticket_parse,
NULL);
mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
&(server_ep.socket), 1024);
TEST_EQUAL(ret, 0);
/*
* Run initial handshake: ephemeral key exchange mode, certificate with
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
* algorithm. Then, get the ticket sent by the server at the end of its
* handshake sequence.
*/
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
do {
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
/*
* Save client session and reset the SSL context of the two endpoints.
*/
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
TEST_EQUAL(ret, 0);
/*
* Set saved session on client side and start handshake using the ticket
* included in that session.
*/
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
mbedtls_debug_set_threshold(3);
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(client_ep.ssl), &(server_ep.ssl),
MBEDTLS_SSL_SERVER_HELLO), 0);
TEST_ASSERT(client_ep.ssl.early_data_status !=
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
TEST_EQUAL(server_pattern.counter, 0);
ret = write_early_data(&(client_ep.ssl), (unsigned char *) early_data,
early_data_len);
TEST_EQUAL(ret, early_data_len);
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_CLIENT_FINISHED), 0);
TEST_EQUAL(server_ep.ssl.early_data_status,
MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED);
TEST_EQUAL(server_pattern.counter, 1);
exit:
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
mbedtls_debug_set_threshold(0);
PSA_DONE();
}
/* END_CASE */