yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #3074 from AndrzejKurek/dtls-handshake-fragmentation

Browse source 
Add a DTLS handshake fragmentation test
This commit is contained in:
Jaeden Amero 2020-02-28 13:25:53 +04:00 committed by GitHub
commit 335fcede35
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 107 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tests/suites/test_suite_ssl.data
View file

@ -277,6 +277,12 @@ DTLS Handshake with serialization, tls1_2
depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_serialization
DTLS Handshake fragmentation, MFL=512
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1
DTLS Handshake fragmentation, MFL=1024
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Sending app data via TLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1

101
tests/suites/test_suite_ssl.function
View file

@ -5,6 +5,35 @@
#include <mbedtls/entropy.h>
#include <mbedtls/certs.h>
#include <mbedtls/timing.h>
#include <mbedtls/debug.h>
typedef struct log_pattern
{
const char *pattern;
size_t counter;
} log_pattern;
/* This function can be passed to mbedtls to receive output logs from it. In
* this case, it will count the instances of a log_pattern in the received
* logged messages.
*/
void log_analyzer( void *ctx, int level,
const char *file, int line,
const char *str )
{
log_pattern *p = (log_pattern *) ctx;
(void) level;
(void) line;
(void) file;
if( NULL != p &&
NULL != p->pattern &&
NULL != strstr( str, p->pattern ) )
{
p->counter++;
}
}
typedef struct handshake_test_options
{
@ -13,6 +42,7 @@ typedef struct handshake_test_options
int pk_alg;
data_t *psk_str;
int dtls;
int srv_auth_mode;
int serialize;
int mfl;
int cli_msg_len;
@ -21,6 +51,10 @@ typedef struct handshake_test_options
int expected_srv_fragments;
int renegotiate;
int legacy_renegotiation;
void *srv_log_obj;
void *cli_log_obj;
void (*srv_log_fun)(void *, int, const char *, int, const char *);
void (*cli_log_fun)(void *, int, const char *, int, const char *);
} handshake_test_options;
void init_handshake_options( handshake_test_options *opts )
@ -30,6 +64,7 @@ void init_handshake_options( handshake_test_options *opts )
opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL;
opts->dtls = 0;
opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
opts->serialize = 0;
opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
opts->cli_msg_len = 100;
@ -38,6 +73,10 @@ void init_handshake_options( handshake_test_options *opts )
opts->expected_srv_fragments = 1;
opts->renegotiate = 0;
opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
opts->srv_log_obj = NULL;
opts->srv_log_obj = NULL;
opts->srv_log_fun = NULL;
opts->cli_log_fun = NULL;
}
/*
* Buffer structure for custom I/O callbacks.
@ -1642,6 +1681,16 @@ void perform_handshake( handshake_test_options* options )
{
set_ciphersuite( &client.conf, options->cipher, forced_ciphersuite );
}
#if defined (MBEDTLS_DEBUG_C)
if( options->cli_log_fun )
{
mbedtls_debug_set_threshold( 4 );
mbedtls_ssl_conf_dbg( &client.conf, options->cli_log_fun,
options->cli_log_obj );
}
#endif
/* Server side */
if( options->dtls != 0 )
{
@ -1660,6 +1709,9 @@ void perform_handshake( handshake_test_options* options )
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, NULL, NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
options->version );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -1702,6 +1754,15 @@ void perform_handshake( handshake_test_options* options )
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined (MBEDTLS_DEBUG_C)
if( options->srv_log_fun )
{
mbedtls_debug_set_threshold( 4 );
mbedtls_ssl_conf_dbg( &server.conf, options->srv_log_fun,
options->srv_log_obj );
}
#endif
TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ) == 0 );
@ -1817,6 +1878,12 @@ void perform_handshake( handshake_test_options* options )
exit:
mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
#if defined (MBEDTLS_DEBUG_C)
if( options->cli_log_fun || options->srv_log_fun )
{
mbedtls_debug_set_threshold( 0 );
}
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( context_buf != NULL )
mbedtls_free( context_buf );
@ -3679,6 +3746,40 @@ void handshake_serialization( )
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
{
handshake_test_options options;
log_pattern srv_pattern, cli_pattern;
srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
srv_pattern.counter = 0;
cli_pattern.counter = 0;
init_handshake_options( &options );
options.dtls = 1;
options.mfl = mfl;
options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
options.srv_log_obj = &srv_pattern;
options.cli_log_obj = &cli_pattern;
options.srv_log_fun = log_analyzer;
options.cli_log_fun = log_analyzer;
perform_handshake( &options );
/* Test if the server received a fragmented handshake */
if( expected_srv_hs_fragmentation )
{
TEST_ASSERT( srv_pattern.counter >= 1 );
}
/* Test if the client received a fragmented handshake */
if( expected_cli_hs_fragmentation )
{
TEST_ASSERT( cli_pattern.counter >= 1 );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */
void renegotiation( int legacy_renegotiation )
{