tests: ssl: Add helper function to get a TLS 1.3 ticket
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
ced99be007
commit
1f6e4e4a49
3 changed files with 83 additions and 36 deletions
|
@ -600,6 +600,17 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||
unsigned char *buf, size_t len);
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
int mbedtls_test_get_tls13_ticket(
|
||||
mbedtls_test_handshake_test_options *client_options,
|
||||
mbedtls_test_handshake_test_options *server_options,
|
||||
mbedtls_ssl_session *session);
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#define ECJPAKE_TEST_PWD "bla"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -2455,4 +2455,60 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||
return mbedtls_ssl_session_load(session, buf, len);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
int mbedtls_test_get_tls13_ticket(
|
||||
mbedtls_test_handshake_test_options *client_options,
|
||||
mbedtls_test_handshake_test_options *server_options,
|
||||
mbedtls_ssl_session *session)
|
||||
{
|
||||
int ret = -1;
|
||||
unsigned char buf[64];
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
NULL);
|
||||
|
||||
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
|
||||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
|
||||
|
||||
TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0);
|
||||
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
|
||||
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
|
||||
|
||||
ret = mbedtls_ssl_get_session(&(client_ep.ssl), session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
exit:
|
||||
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
|
||||
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
|
|
@ -3572,15 +3572,11 @@ exit:
|
|||
void tls13_resume_session_with_ticket()
|
||||
{
|
||||
int ret = -1;
|
||||
unsigned char buf[64];
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
mbedtls_test_handshake_test_options client_options;
|
||||
mbedtls_test_handshake_test_options server_options;
|
||||
mbedtls_ssl_session saved_session;
|
||||
|
||||
/*
|
||||
* Test set-up
|
||||
*/
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
|
@ -3589,14 +3585,27 @@ void tls13_resume_session_with_ticket()
|
|||
|
||||
PSA_INIT();
|
||||
|
||||
/*
|
||||
* Run first handshake to get a ticket from the server.
|
||||
*/
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
|
||||
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
|
||||
&saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Prepare for handshake with the ticket.
|
||||
*/
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
|
@ -3607,41 +3616,12 @@ void tls13_resume_session_with_ticket()
|
|||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Run initial handshake: ephemeral key exchange mode, certificate with
|
||||
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
|
||||
* algorithm. Then, get the ticket sent by the server at the end of its
|
||||
* handshake sequence.
|
||||
*/
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
|
||||
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
|
||||
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
|
||||
|
||||
/*
|
||||
* Save client session and reset the SSL context of the two endpoints.
|
||||
*/
|
||||
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Set saved session on client side and handshake using the ticket
|
||||
* included in that session.
|
||||
*/
|
||||
|
||||
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Handshake with ticket.
|
||||
*
|
||||
* Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not
|
||||
* MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks
|
||||
* below.
|
||||
|
|
Loading…
Reference in a new issue