Add serialize_version_check for tls13
Add population session also Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
438ddd835b
commit
534ff400d4
2 changed files with 102 additions and 11 deletions
|
@ -796,19 +796,51 @@ ssl_set_hostname_twice:"server0":"server1"
|
||||||
|
|
||||||
SSL session serialization: Wrong major version
|
SSL session serialization: Wrong major version
|
||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
ssl_session_serialize_version_check:1:0:0:0
|
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2
|
||||||
|
|
||||||
SSL session serialization: Wrong minor version
|
SSL session serialization: Wrong minor version
|
||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
ssl_session_serialize_version_check:0:1:0:0
|
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2
|
||||||
|
|
||||||
SSL session serialization: Wrong patch version
|
SSL session serialization: Wrong patch version
|
||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
ssl_session_serialize_version_check:0:0:1:0
|
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2
|
||||||
|
|
||||||
SSL session serialization: Wrong config
|
SSL session serialization: Wrong config
|
||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
ssl_session_serialize_version_check:0:0:0:1
|
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2
|
||||||
|
|
||||||
|
TLS 1.3: CLI: session serialization: Wrong major version
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
|
||||||
|
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: CLI: session serialization: Wrong minor version
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
|
||||||
|
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: CLI: session serialization: Wrong patch version
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
|
||||||
|
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: CLI: session serialization: Wrong config
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
|
||||||
|
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: SRV: session serialization: Wrong major version
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
|
||||||
|
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: SRV: session serialization: Wrong minor version
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
|
||||||
|
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: SRV: session serialization: Wrong patch version
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
|
||||||
|
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
|
TLS 1.3: SRV: session serialization: Wrong config
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
|
||||||
|
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, 1.2, SHA-384
|
Record crypt, AES-128-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
|
||||||
|
|
|
@ -1724,7 +1724,7 @@ cleanup:
|
||||||
* Populate a session structure for serialization tests.
|
* Populate a session structure for serialization tests.
|
||||||
* Choose dummy values, mostly non-0 to distinguish from the init default.
|
* Choose dummy values, mostly non-0 to distinguish from the init default.
|
||||||
*/
|
*/
|
||||||
static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
|
static int ssl_tls12_populate_session( mbedtls_ssl_session *session,
|
||||||
int ticket_len,
|
int ticket_len,
|
||||||
const char *crt_file )
|
const char *crt_file )
|
||||||
{
|
{
|
||||||
|
@ -1805,6 +1805,52 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
static int ssl_tls13_populate_session( mbedtls_ssl_session *session,
|
||||||
|
int ticket_len,
|
||||||
|
int endpoint_type )
|
||||||
|
{
|
||||||
|
((void) ticket_len);
|
||||||
|
session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||||
|
session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ?
|
||||||
|
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER;
|
||||||
|
session->ciphersuite = 0xabcd;
|
||||||
|
session->ticket_age_add = 0x87654321;
|
||||||
|
session->ticket_flags = 0x7;
|
||||||
|
|
||||||
|
session->key_len = 32;
|
||||||
|
memset( session->key, 0x99, sizeof( session->key ) );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
|
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
|
{
|
||||||
|
session->start = mbedtls_time( NULL ) - 42;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
|
session->ticket_received = mbedtls_time( NULL ) - 40;
|
||||||
|
#endif
|
||||||
|
session->ticket_lifetime = 0xfedcba98;
|
||||||
|
|
||||||
|
session->ticket_len = ticket_len;
|
||||||
|
if( ticket_len != 0 )
|
||||||
|
{
|
||||||
|
session->ticket = mbedtls_calloc( 1, ticket_len );
|
||||||
|
if( session->ticket == NULL )
|
||||||
|
return( -1 );
|
||||||
|
memset( session->ticket, 33, ticket_len );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
|
* Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
|
||||||
* message was sent in the correct number of fragments.
|
* message was sent in the correct number of fragments.
|
||||||
|
@ -4638,7 +4684,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
|
||||||
mbedtls_ssl_session_init( &restored );
|
mbedtls_ssl_session_init( &restored );
|
||||||
|
|
||||||
/* Prepare a dummy session to work on */
|
/* Prepare a dummy session to work on */
|
||||||
TEST_ASSERT( ssl_populate_session_tls12( &original, ticket_len, crt_file ) == 0 );
|
TEST_ASSERT( ssl_tls12_populate_session( &original, ticket_len, crt_file ) == 0 );
|
||||||
|
|
||||||
/* Serialize it */
|
/* Serialize it */
|
||||||
TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
|
TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
|
||||||
|
@ -4735,7 +4781,7 @@ void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
|
||||||
mbedtls_ssl_session_init( &session );
|
mbedtls_ssl_session_init( &session );
|
||||||
|
|
||||||
/* Prepare a dummy session to work on */
|
/* Prepare a dummy session to work on */
|
||||||
TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
|
TEST_ASSERT( ssl_tls12_populate_session( &session, ticket_len, crt_file ) == 0 );
|
||||||
|
|
||||||
/* Get desired buffer size for serializing */
|
/* Get desired buffer size for serializing */
|
||||||
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
|
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
|
||||||
|
@ -4785,7 +4831,7 @@ void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
|
||||||
mbedtls_ssl_session_init( &session );
|
mbedtls_ssl_session_init( &session );
|
||||||
|
|
||||||
/* Prepare dummy session and get serialized size */
|
/* Prepare dummy session and get serialized size */
|
||||||
TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
|
TEST_ASSERT( ssl_tls12_populate_session( &session, ticket_len, crt_file ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
|
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
|
||||||
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
|
|
||||||
|
@ -4821,7 +4867,7 @@ void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
|
||||||
mbedtls_ssl_session_init( &session );
|
mbedtls_ssl_session_init( &session );
|
||||||
|
|
||||||
/* Prepare serialized session data */
|
/* Prepare serialized session data */
|
||||||
TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
|
TEST_ASSERT( ssl_tls12_populate_session( &session, ticket_len, crt_file ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
|
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
|
||||||
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
|
TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
|
||||||
|
@ -4853,7 +4899,9 @@ exit:
|
||||||
void ssl_session_serialize_version_check( int corrupt_major,
|
void ssl_session_serialize_version_check( int corrupt_major,
|
||||||
int corrupt_minor,
|
int corrupt_minor,
|
||||||
int corrupt_patch,
|
int corrupt_patch,
|
||||||
int corrupt_config )
|
int corrupt_config,
|
||||||
|
int endpoint_type,
|
||||||
|
int tls_version )
|
||||||
{
|
{
|
||||||
unsigned char serialized_session[ 2048 ];
|
unsigned char serialized_session[ 2048 ];
|
||||||
size_t serialized_session_len;
|
size_t serialized_session_len;
|
||||||
|
@ -4866,7 +4914,18 @@ void ssl_session_serialize_version_check( int corrupt_major,
|
||||||
corrupt_config == 1 };
|
corrupt_config == 1 };
|
||||||
|
|
||||||
mbedtls_ssl_session_init( &session );
|
mbedtls_ssl_session_init( &session );
|
||||||
TEST_ASSERT( ssl_populate_session_tls12( &session, 0, NULL ) == 0 );
|
((void) endpoint_type);
|
||||||
|
((void) tls_version);
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3)
|
||||||
|
{
|
||||||
|
TEST_ASSERT( ssl_tls13_populate_session(
|
||||||
|
&session, 0, endpoint_type ) == 0 );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
TEST_ASSERT( ssl_tls12_populate_session( &session, 0, NULL ) == 0 );
|
||||||
|
|
||||||
|
|
||||||
/* Infer length of serialized session. */
|
/* Infer length of serialized session. */
|
||||||
TEST_ASSERT( mbedtls_ssl_session_save( &session,
|
TEST_ASSERT( mbedtls_ssl_session_save( &session,
|
||||||
|
|
Loading…
Reference in a new issue