From 47907a4bb4fbbf6a454f809cf2108c12e5ca2d4b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 24 Oct 2022 14:42:01 +0800 Subject: [PATCH 01/17] Create ssl_helpers.c to hold functions of TLS connection test_suite_ssl.function contains many functions that are used to set up a TLS connection. To reduce its file size, those functions would be moved to ssl_helpers.c under tests/src. As the start of this implementation, some necessary header files are moved in advance. Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 28 ++++++++++++++++++++++++++++ tests/src/ssl_helpers.c | 23 +++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 1 + 3 files changed, 52 insertions(+) create mode 100644 tests/include/test/ssl_helpers.h create mode 100644 tests/src/ssl_helpers.c diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h new file mode 100644 index 000000000..0209f4775 --- /dev/null +++ b/tests/include/test/ssl_helpers.h @@ -0,0 +1,28 @@ +/** \file ssl_helpers.h + * + * \brief This file contains helper functions to set up a TLS connection. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SSL_HELPERS_H +#define SSL_HELPERS_H + +#include + +#endif /* SSL_HELPERS_H */ diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c new file mode 100644 index 000000000..618b3ec17 --- /dev/null +++ b/tests/src/ssl_helpers.c @@ -0,0 +1,23 @@ +/** \file ssl_helpers.c + * + * \brief Helper functions to set up a TLS connection. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9dfb7ed2c..ed73678cb 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -7,6 +7,7 @@ #include #include #include "test/certs.h" +#include #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" From 9ef0dce9e3980697f3ac977e1d0a856762af3fae Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 25 Oct 2022 16:44:13 +0800 Subject: [PATCH 02/17] Rename the typedef statements which are used for TLS connection Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 238 +++++++++++++-------------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ed73678cb..0e3d14f38 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -37,10 +37,10 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -typedef struct log_pattern { +typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; size_t counter; -} log_pattern; +} mbedtls_test_ssl_log_pattern; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int rng_seed = 0xBEEF; @@ -57,14 +57,14 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len) /* * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a log_pattern in the received + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received * logged messages. */ void log_analyzer(void *ctx, int level, const char *file, int line, const char *str) { - log_pattern *p = (log_pattern *) ctx; + mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; (void) level; (void) line; @@ -77,7 +77,7 @@ void log_analyzer(void *ctx, int level, } } -typedef struct handshake_test_options { +typedef struct mbedtls_test_handshake_test_options { const char *cipher; mbedtls_ssl_protocol_version client_min_version; mbedtls_ssl_protocol_version client_max_version; @@ -109,9 +109,9 @@ typedef struct handshake_test_options { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif -} handshake_test_options; +} mbedtls_test_handshake_test_options; -void init_handshake_options(handshake_test_options *opts) +void init_handshake_options(mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) srand(rng_seed); @@ -154,7 +154,7 @@ exit: #endif } -void free_handshake_options(handshake_test_options *opts) +void free_handshake_options(mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(opts->cache); @@ -184,18 +184,18 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) * Buffer structure for custom I/O callbacks. */ -typedef struct mbedtls_test_buffer { +typedef struct mbedtls_test_ssl_buffer { size_t start; size_t content_length; size_t capacity; unsigned char *buffer; -} mbedtls_test_buffer; +} mbedtls_test_ssl_buffer; /* * Initialises \p buf. After calling this function it is safe to call * `mbedtls_test_buffer_free()` on \p buf. */ -void mbedtls_test_buffer_init(mbedtls_test_buffer *buf) +void mbedtls_test_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } @@ -204,7 +204,7 @@ void mbedtls_test_buffer_init(mbedtls_test_buffer *buf) * Sets up \p buf. After calling this function it is safe to call * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf. */ -int mbedtls_test_buffer_setup(mbedtls_test_buffer *buf, size_t capacity) +int mbedtls_test_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { buf->buffer = (unsigned char *) mbedtls_calloc(capacity, sizeof(unsigned char)); @@ -216,7 +216,7 @@ int mbedtls_test_buffer_setup(mbedtls_test_buffer *buf, size_t capacity) return 0; } -void mbedtls_test_buffer_free(mbedtls_test_buffer *buf) +void mbedtls_test_buffer_free(mbedtls_test_ssl_buffer *buf) { if (buf->buffer != NULL) { mbedtls_free(buf->buffer); @@ -236,7 +236,7 @@ void mbedtls_test_buffer_free(mbedtls_test_buffer *buf) * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not * zero and \p input is NULL. */ -int mbedtls_test_buffer_put(mbedtls_test_buffer *buf, +int mbedtls_test_buffer_put(mbedtls_test_ssl_buffer *buf, const unsigned char *input, size_t input_len) { size_t overflow = 0; @@ -292,7 +292,7 @@ int mbedtls_test_buffer_put(mbedtls_test_buffer *buf, * \retval 0 <= value < \p output_len, if the data is not available. * \retval -1, if \buf is NULL or it hasn't been set up. */ -int mbedtls_test_buffer_get(mbedtls_test_buffer *buf, +int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, unsigned char *output, size_t output_len) { size_t overflow = 0; @@ -335,12 +335,12 @@ int mbedtls_test_buffer_get(mbedtls_test_buffer *buf, /* * Context for a message metadata queue (fifo) that is on top of the ring buffer. */ -typedef struct mbedtls_test_message_queue { +typedef struct mbedtls_test_ssl_message_queue { size_t *messages; int pos; int num; int capacity; -} mbedtls_test_message_queue; +} mbedtls_test_ssl_message_queue; /* * Setup and free functions for the message metadata queue. @@ -351,7 +351,7 @@ typedef struct mbedtls_test_message_queue { * \retval 0, if a metadata queue of a given length can be allocated. * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. */ -int mbedtls_test_message_queue_setup(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_setup(mbedtls_test_ssl_message_queue *queue, size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); @@ -366,7 +366,7 @@ int mbedtls_test_message_queue_setup(mbedtls_test_message_queue *queue, return 0; } -void mbedtls_test_message_queue_free(mbedtls_test_message_queue *queue) +void mbedtls_test_message_queue_free(mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -387,7 +387,7 @@ void mbedtls_test_message_queue_free(mbedtls_test_message_queue *queue) * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. * \retval \p len, if the push was successful. */ -int mbedtls_test_message_queue_push_info(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, size_t len) { int place; @@ -415,7 +415,7 @@ int mbedtls_test_message_queue_push_info(mbedtls_test_message_queue *queue, * \retval message length, if the pop was successful, up to the given \p buf_len. */ -int mbedtls_test_message_queue_pop_info(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, size_t buf_len) { size_t message_length; @@ -450,7 +450,7 @@ int mbedtls_test_message_queue_pop_info(mbedtls_test_message_queue *queue, * set to the full message length so that the * caller knows what portion of the message can be dropped. */ -int mbedtls_test_message_queue_peek_info(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, size_t buf_len, size_t *msg_len) { if (queue == NULL || msg_len == NULL) { @@ -469,17 +469,17 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_message_queue *queue, #define MBEDTLS_MOCK_SOCKET_CONNECTED 1 -typedef struct mbedtls_mock_socket { +typedef struct mbedtls_test_mock_socket { int status; - mbedtls_test_buffer *input; - mbedtls_test_buffer *output; - struct mbedtls_mock_socket *peer; -} mbedtls_mock_socket; + mbedtls_test_ssl_buffer *input; + mbedtls_test_ssl_buffer *output; + struct mbedtls_test_mock_socket *peer; +} mbedtls_test_mock_socket; /* * Setup and teardown functions for mock sockets. */ -void mbedtls_mock_socket_init(mbedtls_mock_socket *socket) +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } @@ -497,7 +497,7 @@ void mbedtls_mock_socket_init(mbedtls_mock_socket *socket) * phenomenon that when closing a UDP connection the peer is not aware of the * connection having been closed. */ -void mbedtls_mock_socket_close(mbedtls_mock_socket *socket) +void mbedtls_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { return; @@ -530,14 +530,14 @@ void mbedtls_mock_socket_close(mbedtls_mock_socket *socket) * the correct value allows for simulation of MTU, sanity testing the mock * implementation and mocking TCP connections with lower memory cost. */ -int mbedtls_mock_socket_connect(mbedtls_mock_socket *peer1, - mbedtls_mock_socket *peer2, +int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, size_t bufsize) { int ret = -1; peer1->output = - (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); if (peer1->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -548,7 +548,7 @@ int mbedtls_mock_socket_connect(mbedtls_mock_socket *peer1, } peer2->output = - (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); if (peer2->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -582,7 +582,7 @@ exit: int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -593,7 +593,7 @@ int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -608,7 +608,7 @@ int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -623,7 +623,7 @@ int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -650,9 +650,9 @@ int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) * freed in the respective setup and free calls. */ typedef struct mbedtls_test_message_socket_context { - mbedtls_test_message_queue *queue_input; - mbedtls_test_message_queue *queue_output; - mbedtls_mock_socket *socket; + mbedtls_test_ssl_message_queue *queue_input; + mbedtls_test_ssl_message_queue *queue_output; + mbedtls_test_mock_socket *socket; } mbedtls_test_message_socket_context; void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) @@ -671,10 +671,10 @@ void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message * queue failed. */ -int mbedtls_message_socket_setup(mbedtls_test_message_queue *queue_input, - mbedtls_test_message_queue *queue_output, +int mbedtls_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, size_t queue_capacity, - mbedtls_mock_socket *socket, + mbedtls_test_mock_socket *socket, mbedtls_test_message_socket_context *ctx) { int ret = mbedtls_test_message_queue_setup(queue_input, queue_capacity); @@ -718,8 +718,8 @@ void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx) */ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { - mbedtls_test_message_queue *queue; - mbedtls_mock_socket *socket; + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; if (context == NULL || context->socket == NULL @@ -755,8 +755,8 @@ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) */ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { - mbedtls_test_message_queue *queue; - mbedtls_mock_socket *socket; + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; size_t drop_len = 0; size_t msg_len; @@ -805,29 +805,29 @@ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) /* * Structure with endpoint's certificates for SSL communication tests. */ -typedef struct mbedtls_endpoint_certificate { +typedef struct mbedtls_test_ssl_endpoint_certificate { mbedtls_x509_crt *ca_cert; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; -} mbedtls_endpoint_certificate; +} mbedtls_test_ssl_endpoint_certificate; /* * Endpoint structure for SSL communication tests. */ -typedef struct mbedtls_endpoint { +typedef struct mbedtls_test_ssl_endpoint { const char *name; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_mock_socket socket; - mbedtls_endpoint_certificate cert; -} mbedtls_endpoint; + mbedtls_test_mock_socket socket; + mbedtls_test_ssl_endpoint_certificate cert; +} mbedtls_test_ssl_endpoint; /* * Deinitializes certificates from endpoint represented by \p ep. */ -void mbedtls_endpoint_certificate_free(mbedtls_endpoint *ep) +void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) { - mbedtls_endpoint_certificate *cert = &(ep->cert); + mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); if (cert != NULL) { if (cert->ca_cert != NULL) { mbedtls_x509_crt_free(cert->ca_cert); @@ -859,13 +859,13 @@ void mbedtls_endpoint_certificate_free(mbedtls_endpoint *ep) * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_certificate_init(mbedtls_endpoint *ep, int pk_alg, +int mbedtls_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, int opaque_alg, int opaque_alg2, int opaque_usage) { int i = 0; int ret = -1; - mbedtls_endpoint_certificate *cert = NULL; + mbedtls_test_ssl_endpoint_certificate *cert = NULL; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; #endif @@ -993,11 +993,11 @@ exit: * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_init(mbedtls_endpoint *ep, int endpoint_type, - handshake_test_options *options, +int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_message_queue *input_queue, - mbedtls_test_message_queue *output_queue, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, uint16_t *group_list) { int ret = -1; @@ -1099,7 +1099,7 @@ exit: /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_endpoint_free(mbedtls_endpoint *ep, +void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { mbedtls_endpoint_certificate_free(ep); @@ -2020,12 +2020,12 @@ exit: #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void perform_handshake(handshake_test_options *options) +void perform_handshake(mbedtls_test_handshake_test_options *options) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; enum { BUFFSIZE = 17000 }; - mbedtls_endpoint client, server; + mbedtls_test_ssl_endpoint client, server; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif @@ -2044,7 +2044,7 @@ void perform_handshake(handshake_test_options *options) USE_PSA_INIT(); mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2551,7 +2551,7 @@ int tweak_tls13_certificate_msg_vector_len( void test_callback_buffer_sanity() { enum { MSGLEN = 10 }; - mbedtls_test_buffer buf; + mbedtls_test_ssl_buffer buf; unsigned char input[MSGLEN]; unsigned char output[MSGLEN]; @@ -2609,7 +2609,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_buffer` related functions is + * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is * correct and works as expected. * * That is @@ -2631,7 +2631,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, int put_ret[ROUNDS]; size_t get[ROUNDS]; int get_ret[ROUNDS]; - mbedtls_test_buffer buf; + mbedtls_test_ssl_buffer buf; unsigned char *input = NULL; size_t input_len; unsigned char *output = NULL; @@ -2721,7 +2721,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related I/O functions is + * Test if the implementation of `mbedtls_test_mock_socket` related I/O functions is * correct and works as expected on unconnected sockets. */ @@ -2731,7 +2731,7 @@ void ssl_mock_sanity() enum { MSGLEN = 105 }; unsigned char message[MSGLEN] = { 0 }; unsigned char received[MSGLEN] = { 0 }; - mbedtls_mock_socket socket; + mbedtls_test_mock_socket socket; mbedtls_mock_socket_init(&socket); TEST_ASSERT(mbedtls_mock_tcp_send_b(&socket, message, MSGLEN) < 0); @@ -2754,7 +2754,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related functions can + * Test if the implementation of `mbedtls_test_mock_socket` related functions can * send a single message from the client to the server. */ @@ -2765,8 +2765,8 @@ void ssl_mock_tcp(int blocking) enum { BUFLEN = MSGLEN / 5 }; unsigned char message[MSGLEN]; unsigned char received[MSGLEN]; - mbedtls_mock_socket client; - mbedtls_mock_socket server; + mbedtls_test_mock_socket client; + mbedtls_test_mock_socket server; size_t written, read; int send_ret, recv_ret; mbedtls_ssl_send_t *send; @@ -2847,7 +2847,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related functions can + * Test if the implementation of `mbedtls_test_mock_socket` related functions can * send messages in both direction at the same time (with the I/O calls * interleaving). */ @@ -2860,8 +2860,8 @@ void ssl_mock_tcp_interleaving(int blocking) enum { BUFLEN = MSGLEN / 5 }; unsigned char message[ROUNDS][MSGLEN]; unsigned char received[ROUNDS][MSGLEN]; - mbedtls_mock_socket client; - mbedtls_mock_socket server; + mbedtls_test_mock_socket client; + mbedtls_test_mock_socket server; size_t written[ROUNDS]; size_t read[ROUNDS]; int send_ret[ROUNDS]; @@ -2901,7 +2901,7 @@ void ssl_mock_tcp_interleaving(int blocking) /* This loop does not stop as long as there was a successful write or read * of at least one byte on either side. */ while (progress != 0) { - mbedtls_mock_socket *socket; + mbedtls_test_mock_socket *socket; for (i = 0; i < ROUNDS; i++) { /* First sending is from the client */ @@ -2976,7 +2976,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_sanity() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; /* Trying to push/pull to an empty queue */ TEST_ASSERT(mbedtls_test_message_queue_push_info(NULL, 1) @@ -2996,7 +2996,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_basic() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); @@ -3023,7 +3023,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_overflow_underflow() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); @@ -3049,7 +3049,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_interleaved() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); @@ -3083,7 +3083,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_insufficient_buffer() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; size_t message_len = 10; size_t buffer_len = 5; @@ -3104,8 +3104,8 @@ void ssl_message_mock_uninitialized() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; - mbedtls_mock_socket client, server; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_mock_socket client, server; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3150,9 +3150,9 @@ void ssl_message_mock_basic() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3204,9 +3204,9 @@ void ssl_message_mock_queue_overflow_underflow() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3261,9 +3261,9 @@ void ssl_message_mock_socket_overflow() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3309,9 +3309,9 @@ void ssl_message_mock_truncated() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3367,9 +3367,9 @@ void ssl_message_mock_socket_read_error() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3420,9 +3420,9 @@ void ssl_message_mock_interleaved_one_way() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -3477,9 +3477,9 @@ void ssl_message_mock_interleaved_two_ways() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -4967,9 +4967,9 @@ void ssl_session_serialize_version_check(int corrupt_major, void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; - mbedtls_endpoint ep; + mbedtls_test_ssl_endpoint ep; int ret = -1; - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.pk_alg = MBEDTLS_PK_RSA; @@ -4994,9 +4994,9 @@ exit: void move_handshake_to_state(int endpoint_type, int state, int need_pass) { enum { BUFFSIZE = 1024 }; - mbedtls_endpoint base_ep, second_ep; + mbedtls_test_ssl_endpoint base_ep, second_ep; int ret = -1; - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.pk_alg = MBEDTLS_PK_RSA; @@ -5048,7 +5048,7 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.client_min_version = client_min_version; @@ -5071,7 +5071,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.cipher = cipher; @@ -5105,7 +5105,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, int expected_handshake_result, int expected_ciphersuite) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.cipher = cipher; @@ -5131,7 +5131,7 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.mfl = mfl; @@ -5181,7 +5181,7 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_serialization() { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.serialize = 1; @@ -5199,8 +5199,8 @@ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) { - handshake_test_options options; - log_pattern srv_pattern, cli_pattern; + mbedtls_test_handshake_test_options options; + mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; srv_pattern.counter = 0; @@ -5236,7 +5236,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.renegotiate = 1; @@ -5256,7 +5256,7 @@ exit: void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.mfl = mfl; @@ -5516,9 +5516,9 @@ void conf_group() void force_bad_session_id_len() { enum { BUFFSIZE = 1024 }; - handshake_test_options options; - mbedtls_endpoint client, server; - log_pattern srv_pattern, cli_pattern; + mbedtls_test_handshake_test_options options; + mbedtls_test_ssl_endpoint client, server; + mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; mbedtls_test_message_socket_context server_context, client_context; srv_pattern.pattern = cli_pattern.pattern = "cache did not store session"; @@ -5702,10 +5702,10 @@ void cid_sanity() void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; - mbedtls_endpoint client, server; + mbedtls_test_ssl_endpoint client, server; mbedtls_psa_stats_t stats; size_t free_slots_before = -1; - handshake_test_options options; + mbedtls_test_handshake_test_options options; uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; @@ -5773,14 +5773,14 @@ exit: void tls13_server_certificate_msg_invalid_vector_len() { int ret = -1; - mbedtls_endpoint client_ep, server_ep; + mbedtls_test_ssl_endpoint client_ep, server_ep; unsigned char *buf, *end; size_t buf_len; int step = 0; int expected_result; mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args; - handshake_test_options client_options; - handshake_test_options server_options; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; /* * Test set-up From 55a6619135528f9ecefd6b834a559c74d1df3ff9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 26 Oct 2022 09:57:53 +0800 Subject: [PATCH 03/17] Move the renamed typedef statements to ssl_helpers.h With this change, the renamed typedef statements (commit de3caee) are moved from test_suite_ssl.function into ssl_helpers.h Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 117 +++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 112 ------------------------- 2 files changed, 117 insertions(+), 112 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 0209f4775..a292def7b 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -24,5 +24,122 @@ #define SSL_HELPERS_H #include +#include + +#if defined(MBEDTLS_SSL_CACHE_C) +#include "mbedtls/ssl_cache.h" +#endif + +typedef struct mbedtls_test_ssl_log_pattern { + const char *pattern; + size_t counter; +} mbedtls_test_ssl_log_pattern; + +typedef struct mbedtls_test_handshake_test_options { + const char *cipher; + mbedtls_ssl_protocol_version client_min_version; + mbedtls_ssl_protocol_version client_max_version; + mbedtls_ssl_protocol_version server_min_version; + mbedtls_ssl_protocol_version server_max_version; + mbedtls_ssl_protocol_version expected_negotiated_version; + int expected_handshake_result; + int expected_ciphersuite; + int pk_alg; + int opaque_alg; + int opaque_alg2; + int opaque_usage; + data_t *psk_str; + int dtls; + int srv_auth_mode; + int serialize; + int mfl; + int cli_msg_len; + int srv_msg_len; + int expected_cli_fragments; + int expected_srv_fragments; + int renegotiate; + int legacy_renegotiation; + void *srv_log_obj; + void *cli_log_obj; + void (*srv_log_fun)(void *, int, const char *, int, const char *); + void (*cli_log_fun)(void *, int, const char *, int, const char *); + int resize_buffers; +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_context *cache; +#endif +} mbedtls_test_handshake_test_options; + +typedef struct mbedtls_test_ssl_buffer { + size_t start; + size_t content_length; + size_t capacity; + unsigned char *buffer; +} mbedtls_test_ssl_buffer; + +/* + * Context for a message metadata queue (fifo) that is on top of the ring buffer. + */ +typedef struct mbedtls_test_ssl_message_queue { + size_t *messages; + int pos; + int num; + int capacity; +} mbedtls_test_ssl_message_queue; + +/* + * Context for the I/O callbacks simulating network connection. + */ + +#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 + +typedef struct mbedtls_test_mock_socket { + int status; + mbedtls_test_ssl_buffer *input; + mbedtls_test_ssl_buffer *output; + struct mbedtls_test_mock_socket *peer; +} mbedtls_test_mock_socket; + +/* Errors used in the message socket mocks */ + +#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 +#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 +#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 + +/* + * Structure used as an addon, or a wrapper, around the mocked sockets. + * Contains an input queue, to which the other socket pushes metadata, + * and an output queue, to which this one pushes metadata. This context is + * considered as an owner of the input queue only, which is initialized and + * freed in the respective setup and free calls. + */ +typedef struct mbedtls_test_message_socket_context { + mbedtls_test_ssl_message_queue *queue_input; + mbedtls_test_ssl_message_queue *queue_output; + mbedtls_test_mock_socket *socket; +} mbedtls_test_message_socket_context; + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +/* + * Structure with endpoint's certificates for SSL communication tests. + */ +typedef struct mbedtls_test_ssl_endpoint_certificate { + mbedtls_x509_crt *ca_cert; + mbedtls_x509_crt *cert; + mbedtls_pk_context *pkey; +} mbedtls_test_ssl_endpoint_certificate; + +/* + * Endpoint structure for SSL communication tests. + */ +typedef struct mbedtls_test_ssl_endpoint { + const char *name; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_test_mock_socket socket; + mbedtls_test_ssl_endpoint_certificate cert; +} mbedtls_test_ssl_endpoint; + +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* SSL_HELPERS_H */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0e3d14f38..c6315e4a5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1,5 +1,4 @@ /* BEGIN_HEADER */ -#include #include #include #include @@ -9,10 +8,6 @@ #include "test/certs.h" #include -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - #include #include "hash_info.h" @@ -37,11 +32,6 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -typedef struct mbedtls_test_ssl_log_pattern { - const char *pattern; - size_t counter; -} mbedtls_test_ssl_log_pattern; - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int rng_seed = 0xBEEF; static int rng_get(void *p_rng, unsigned char *output, size_t output_len) @@ -77,40 +67,6 @@ void log_analyzer(void *ctx, int level, } } -typedef struct mbedtls_test_handshake_test_options { - const char *cipher; - mbedtls_ssl_protocol_version client_min_version; - mbedtls_ssl_protocol_version client_max_version; - mbedtls_ssl_protocol_version server_min_version; - mbedtls_ssl_protocol_version server_max_version; - mbedtls_ssl_protocol_version expected_negotiated_version; - int expected_handshake_result; - int expected_ciphersuite; - int pk_alg; - int opaque_alg; - int opaque_alg2; - int opaque_usage; - data_t *psk_str; - int dtls; - int srv_auth_mode; - int serialize; - int mfl; - int cli_msg_len; - int srv_msg_len; - int expected_cli_fragments; - int expected_srv_fragments; - int renegotiate; - int legacy_renegotiation; - void *srv_log_obj; - void *cli_log_obj; - void (*srv_log_fun)(void *, int, const char *, int, const char *); - void (*cli_log_fun)(void *, int, const char *, int, const char *); - int resize_buffers; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context *cache; -#endif -} mbedtls_test_handshake_test_options; - void init_handshake_options(mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -184,13 +140,6 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) * Buffer structure for custom I/O callbacks. */ -typedef struct mbedtls_test_ssl_buffer { - size_t start; - size_t content_length; - size_t capacity; - unsigned char *buffer; -} mbedtls_test_ssl_buffer; - /* * Initialises \p buf. After calling this function it is safe to call * `mbedtls_test_buffer_free()` on \p buf. @@ -332,16 +281,6 @@ int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, #define MBEDTLS_TEST_ERROR_ARG_NULL -11 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 -/* - * Context for a message metadata queue (fifo) that is on top of the ring buffer. - */ -typedef struct mbedtls_test_ssl_message_queue { - size_t *messages; - int pos; - int num; - int capacity; -} mbedtls_test_ssl_message_queue; - /* * Setup and free functions for the message metadata queue. * @@ -463,18 +402,6 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, *msg_len = queue->messages[queue->pos]; return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -/* - * Context for the I/O callbacks simulating network connection. - */ - -#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 - -typedef struct mbedtls_test_mock_socket { - int status; - mbedtls_test_ssl_buffer *input; - mbedtls_test_ssl_buffer *output; - struct mbedtls_test_mock_socket *peer; -} mbedtls_test_mock_socket; /* * Setup and teardown functions for mock sockets. @@ -636,25 +563,6 @@ int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_buffer_get(socket->input, buf, len); } -/* Errors used in the message socket mocks */ - -#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 -#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 -#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 - -/* - * Structure used as an addon, or a wrapper, around the mocked sockets. - * Contains an input queue, to which the other socket pushes metadata, - * and an output queue, to which this one pushes metadata. This context is - * considered as an owner of the input queue only, which is initialized and - * freed in the respective setup and free calls. - */ -typedef struct mbedtls_test_message_socket_context { - mbedtls_test_ssl_message_queue *queue_input; - mbedtls_test_ssl_message_queue *queue_output; - mbedtls_test_mock_socket *socket; -} mbedtls_test_message_socket_context; - void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; @@ -802,26 +710,6 @@ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Structure with endpoint's certificates for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint_certificate { - mbedtls_x509_crt *ca_cert; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint_certificate; - -/* - * Endpoint structure for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint { - const char *name; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_test_mock_socket socket; - mbedtls_test_ssl_endpoint_certificate cert; -} mbedtls_test_ssl_endpoint; - /* * Deinitializes certificates from endpoint represented by \p ep. */ From f7b62353cb5297ef719f27e70d076422ee55282e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 26 Oct 2022 11:51:53 +0800 Subject: [PATCH 04/17] Rename the functions which are used to set up TLS connection Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 1052 +++++++++++++------------- 1 file changed, 527 insertions(+), 525 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c6315e4a5..bdd40487e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -50,9 +50,9 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len) * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received * logged messages. */ -void log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str) { mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; @@ -67,7 +67,7 @@ void log_analyzer(void *ctx, int level, } } -void init_handshake_options(mbedtls_test_handshake_test_options *opts) +void mbedtls_test_init_handshake_options(mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) srand(rng_seed); @@ -110,7 +110,7 @@ exit: #endif } -void free_handshake_options(mbedtls_test_handshake_test_options *opts) +void mbedtls_test_free_handshake_options(mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(opts->cache); @@ -142,18 +142,18 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) /* * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_buffer_free()` on \p buf. + * `mbedtls_test_ssl_buffer_free()` on \p buf. */ -void mbedtls_test_buffer_init(mbedtls_test_ssl_buffer *buf) +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } /* * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf. + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` on \p buf. */ -int mbedtls_test_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { buf->buffer = (unsigned char *) mbedtls_calloc(capacity, sizeof(unsigned char)); @@ -165,7 +165,7 @@ int mbedtls_test_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) return 0; } -void mbedtls_test_buffer_free(mbedtls_test_ssl_buffer *buf) +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) { if (buf->buffer != NULL) { mbedtls_free(buf->buffer); @@ -178,15 +178,15 @@ void mbedtls_test_buffer_free(mbedtls_test_ssl_buffer *buf) * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. * * \p buf must have been initialized and set up by calling - * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. * * \retval \p input_len, if the data fits. * \retval 0 <= value < \p input_len, if the data does not fit. * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not * zero and \p input is NULL. */ -int mbedtls_test_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len) { size_t overflow = 0; @@ -235,14 +235,14 @@ int mbedtls_test_buffer_put(mbedtls_test_ssl_buffer *buf, * ring buffer will be dropped, if the requested length is available. * * \p buf must have been initialized and set up by calling - * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. * * \retval \p output_len, if the data is available. * \retval 0 <= value < \p output_len, if the data is not available. * \retval -1, if \buf is NULL or it hasn't been set up. */ -int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len) { size_t overflow = 0; @@ -290,8 +290,8 @@ int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, * \retval 0, if a metadata queue of a given length can be allocated. * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. */ -int mbedtls_test_message_queue_setup(mbedtls_test_ssl_message_queue *queue, - size_t capacity) +int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, + size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); if (NULL == queue->messages) { @@ -305,7 +305,7 @@ int mbedtls_test_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return 0; } -void mbedtls_test_message_queue_free(mbedtls_test_ssl_message_queue *queue) +void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -326,8 +326,8 @@ void mbedtls_test_message_queue_free(mbedtls_test_ssl_message_queue *queue) * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. * \retval \p len, if the push was successful. */ -int mbedtls_test_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, - size_t len) +int mbedtls_test_ssl_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, + size_t len) { int place; if (queue == NULL) { @@ -354,8 +354,8 @@ int mbedtls_test_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, * \retval message length, if the pop was successful, up to the given \p buf_len. */ -int mbedtls_test_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len) +int mbedtls_test_ssl_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, + size_t buf_len) { size_t message_length; if (queue == NULL) { @@ -424,19 +424,19 @@ void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) * phenomenon that when closing a UDP connection the peer is not aware of the * connection having been closed. */ -void mbedtls_mock_socket_close(mbedtls_test_mock_socket *socket) +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { return; } if (socket->input != NULL) { - mbedtls_test_buffer_free(socket->input); + mbedtls_test_ssl_buffer_free(socket->input); mbedtls_free(socket->input); } if (socket->output != NULL) { - mbedtls_test_buffer_free(socket->output); + mbedtls_test_ssl_buffer_free(socket->output); mbedtls_free(socket->output); } @@ -457,9 +457,9 @@ void mbedtls_mock_socket_close(mbedtls_test_mock_socket *socket) * the correct value allows for simulation of MTU, sanity testing the mock * implementation and mocking TCP connections with lower memory cost. */ -int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize) { int ret = -1; @@ -469,8 +469,8 @@ int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - mbedtls_test_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_buffer_setup(peer1->output, bufsize))) { + mbedtls_test_ssl_buffer_init(peer1->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { goto exit; } @@ -480,8 +480,8 @@ int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - mbedtls_test_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_buffer_setup(peer2->output, bufsize))) { + mbedtls_test_ssl_buffer_init(peer2->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { goto exit; } @@ -496,8 +496,8 @@ int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, exit: if (ret != 0) { - mbedtls_mock_socket_close(peer1); - mbedtls_mock_socket_close(peer2); + mbedtls_test_mock_socket_close(peer1); + mbedtls_test_mock_socket_close(peer2); } return ret; @@ -507,7 +507,7 @@ exit: * Callbacks for simulating blocking I/O over connection-oriented transport. */ -int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -515,10 +515,10 @@ int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) return -1; } - return mbedtls_test_buffer_put(socket->output, buf, len); + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); } -int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -526,14 +526,14 @@ int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return -1; } - return mbedtls_test_buffer_get(socket->input, buf, len); + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } /* * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ -int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -545,10 +545,10 @@ int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) return MBEDTLS_ERR_SSL_WANT_WRITE; } - return mbedtls_test_buffer_put(socket->output, buf, len); + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); } -int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -560,10 +560,10 @@ int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return MBEDTLS_ERR_SSL_WANT_READ; } - return mbedtls_test_buffer_get(socket->input, buf, len); + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; ctx->queue_output = NULL; @@ -579,13 +579,13 @@ void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message * queue failed. */ -int mbedtls_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) +int mbedtls_test_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) { - int ret = mbedtls_test_message_queue_setup(queue_input, queue_capacity); + int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); if (ret != 0) { return ret; } @@ -601,14 +601,14 @@ int mbedtls_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, * Close a given message socket context, along with the socket itself. Free the * memory allocated by the input queue. */ -void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { return; } - mbedtls_test_message_queue_free(ctx->queue_input); - mbedtls_mock_socket_close(ctx->socket); + mbedtls_test_ssl_message_queue_free(ctx->queue_input); + mbedtls_test_mock_socket_close(ctx->socket); memset(ctx, 0, sizeof(*ctx)); } @@ -618,13 +618,13 @@ void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx) * \retval \p len, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_test_mock_tcp_send_b failed. * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. * * This function will also return any error from - * mbedtls_test_message_queue_push_info. + * mbedtls_test_ssl_message_queue_push_info. */ -int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; @@ -642,11 +642,11 @@ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) return MBEDTLS_ERR_SSL_WANT_WRITE; } - if (mbedtls_mock_tcp_send_b(socket, buf, len) != (int) len) { + if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { return MBEDTLS_TEST_ERROR_SEND_FAILED; } - return mbedtls_test_message_queue_push_info(queue, len); + return mbedtls_test_ssl_message_queue_push_info(queue, len); } /* @@ -656,12 +656,12 @@ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) * \retval message length, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_test_mock_tcp_recv_b failed. * * This function will also return any error other than * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info. */ -int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; @@ -691,19 +691,19 @@ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) return ret; } - if (mbedtls_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { return MBEDTLS_TEST_ERROR_RECV_FAILED; } if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Drop the remaining part of the message */ - if (mbedtls_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) { /* Inconsistent state - part of the message was read, * and a part couldn't. Not much we can do here, but it should not * happen in test environment, unless forced manually. */ } } - mbedtls_test_message_queue_pop_info(queue, buf_len); + mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); return msg_len; } @@ -747,9 +747,9 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage) +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, + int opaque_alg, int opaque_alg2, + int opaque_usage) { int i = 0; int ret = -1; @@ -868,7 +868,7 @@ exit: } /* - * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()` + * Initializes \p ep structure. It is important to call `mbedtls_test_ssl_endpoint_free()` * after calling this function even if it fails. * * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or @@ -881,12 +881,12 @@ exit: * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) +int mbedtls_test_ssl_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + uint16_t *group_list) { int ret = -1; uintptr_t user_data_n; @@ -919,9 +919,9 @@ int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context) == 0); } else { mbedtls_mock_socket_init(&(ep->socket)); } @@ -929,13 +929,13 @@ int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, /* Non-blocking callbacks without timeout */ if (dtls_context != NULL) { mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, - mbedtls_mock_tcp_send_msg, - mbedtls_mock_tcp_recv_msg, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, NULL); } else { mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_mock_tcp_send_nb, - mbedtls_mock_tcp_recv_nb, + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, NULL); } @@ -969,10 +969,10 @@ int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, } #endif - ret = mbedtls_endpoint_certificate_init(ep, options->pk_alg, - options->opaque_alg, - options->opaque_alg2, - options->opaque_usage); + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, + options->opaque_alg, + options->opaque_alg2, + options->opaque_usage); TEST_ASSERT(ret == 0); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); @@ -987,8 +987,8 @@ exit: /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) +void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) { mbedtls_endpoint_certificate_free(ep); @@ -996,9 +996,9 @@ void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, mbedtls_ssl_config_free(&(ep->conf)); if (context != NULL) { - mbedtls_message_socket_close(context); + mbedtls_test_message_socket_close(context); } else { - mbedtls_mock_socket_close(&(ep->socket)); + mbedtls_test_mock_socket_close(&(ep->socket)); } } @@ -1009,9 +1009,9 @@ void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, * * \retval 0 on success, otherwise error code. */ -int mbedtls_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state) { enum { BUFFSIZE = 1024 }; int max_steps = 1000; @@ -1192,10 +1192,10 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) -static int psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen) +static int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, + const unsigned char *iv, size_t iv_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1238,13 +1238,13 @@ static int psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */ -static int build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len) +static int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, + size_t cid0_len, + size_t cid1_len) { mbedtls_cipher_info_t const *cipher_info; int ret = 0; @@ -1593,9 +1593,9 @@ cleanup: * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. */ -static int ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - const char *crt_file) +static int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) { #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; @@ -1690,9 +1690,9 @@ static int ssl_tls12_populate_session(mbedtls_ssl_session *session, } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static int ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type) +static int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type) { ((void) ticket_len); session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; @@ -1908,7 +1908,7 @@ exit: #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void perform_handshake(mbedtls_test_handshake_test_options *options) +void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *options) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; @@ -1934,24 +1934,24 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) mbedtls_platform_zeroize(&server, sizeof(server)); mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); /* Client side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, &client_context, - &client_queue, - &server_queue, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + options, &client_context, + &client_queue, + &server_queue, NULL) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + options, NULL, NULL, + NULL, NULL) == 0); } if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { @@ -1978,19 +1978,19 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) /* Server side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, &server_context, - &server_queue, - &client_queue, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + options, &server_context, + &server_queue, + &client_queue, NULL) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, NULL, - NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + options, NULL, NULL, NULL, + NULL) == 0); } mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); @@ -2052,9 +2052,9 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) } #endif - TEST_ASSERT(mbedtls_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE) == 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { @@ -2070,9 +2070,9 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } - TEST_ASSERT(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) + TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER) == expected_handshake_result); if (expected_handshake_result != 0) { @@ -2083,9 +2083,9 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_move_handshake_to_state(&(server.ssl), - &(client.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), + &(client.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); /* Check that both sides have negotiated the expected version. */ @@ -2152,8 +2152,8 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); mbedtls_ssl_set_bio(&(server.ssl), &server_context, - mbedtls_mock_tcp_send_msg, - mbedtls_mock_tcp_recv_msg, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, NULL); mbedtls_ssl_set_user_data_p(&server.ssl, &server); @@ -2265,8 +2265,8 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); exit: - mbedtls_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL); - mbedtls_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL); + mbedtls_test_ssl_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); @@ -2446,53 +2446,53 @@ void test_callback_buffer_sanity() memset(input, 0, sizeof(input)); /* Make sure calling put and get on NULL buffer results in error. */ - TEST_ASSERT(mbedtls_test_buffer_put(NULL, input, sizeof(input)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(NULL, output, sizeof(output)) + TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(NULL, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); /* Make sure calling put and get on a buffer that hasn't been set up results * in error. */ - mbedtls_test_buffer_init(&buf); + mbedtls_test_ssl_buffer_init(&buf); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, sizeof(output)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); /* Make sure calling put and get on NULL input only results in * error if the length is not zero, and that a NULL output is valid for data * dropping. */ - TEST_ASSERT(mbedtls_test_buffer_setup(&buf, sizeof(input)) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, sizeof(output)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) == 0); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == 0); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); /* Make sure calling put several times in the row is safe */ - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == sizeof(input)); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, 2) == 2); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 1) == 1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); exit: - mbedtls_test_buffer_free(&buf); + mbedtls_test_ssl_buffer_free(&buf); } /* END_CASE */ @@ -2526,8 +2526,8 @@ void test_callback_buffer(int size, int put1, int put1_ret, size_t output_len; size_t i, j, written, read; - mbedtls_test_buffer_init(&buf); - TEST_ASSERT(mbedtls_test_buffer_setup(&buf, size) == 0); + mbedtls_test_ssl_buffer_init(&buf); + TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); /* Check the sanity of input parameters and initialise local variables. That * is, ensure that the amount of data is not negative and that we are not @@ -2586,11 +2586,11 @@ void test_callback_buffer(int size, int put1, int put1_ret, written = read = 0; for (j = 0; j < ROUNDS; j++) { - TEST_ASSERT(put_ret[j] == mbedtls_test_buffer_put(&buf, - input + written, put[j])); + TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, + input + written, put[j])); written += put_ret[j]; - TEST_ASSERT(get_ret[j] == mbedtls_test_buffer_get(&buf, - output + read, get[j])); + TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, + output + read, get[j])); read += get_ret[j]; TEST_ASSERT(read <= written); if (get_ret[j] > 0) { @@ -2604,7 +2604,7 @@ exit: mbedtls_free(input); mbedtls_free(output); - mbedtls_test_buffer_free(&buf); + mbedtls_test_ssl_buffer_free(&buf); } /* END_CASE */ @@ -2622,22 +2622,22 @@ void ssl_mock_sanity() mbedtls_test_mock_socket socket; mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_send_b(&socket, message, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); exit: - mbedtls_mock_socket_close(&socket); + mbedtls_test_mock_socket_close(&socket); } /* END_CASE */ @@ -2662,11 +2662,11 @@ void ssl_mock_tcp(int blocking) unsigned i; if (blocking == 0) { - send = mbedtls_mock_tcp_send_nb; - recv = mbedtls_mock_tcp_recv_nb; + send = mbedtls_test_mock_tcp_send_nb; + recv = mbedtls_test_mock_tcp_recv_nb; } else { - send = mbedtls_mock_tcp_send_b; - recv = mbedtls_mock_tcp_recv_b; + send = mbedtls_test_mock_tcp_send_b; + recv = mbedtls_test_mock_tcp_recv_b; } mbedtls_mock_socket_init(&client); @@ -2679,7 +2679,7 @@ void ssl_mock_tcp(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); /* Send the message to the server */ send_ret = recv_ret = 1; @@ -2729,8 +2729,8 @@ void ssl_mock_tcp(int blocking) exit: - mbedtls_mock_socket_close(&client); - mbedtls_mock_socket_close(&server); + mbedtls_test_mock_socket_close(&client); + mbedtls_test_mock_socket_close(&server); } /* END_CASE */ @@ -2759,11 +2759,11 @@ void ssl_mock_tcp_interleaving(int blocking) mbedtls_ssl_recv_t *recv; if (blocking == 0) { - send = mbedtls_mock_tcp_send_nb; - recv = mbedtls_mock_tcp_recv_nb; + send = mbedtls_test_mock_tcp_send_nb; + recv = mbedtls_test_mock_tcp_recv_nb; } else { - send = mbedtls_mock_tcp_send_b; - recv = mbedtls_mock_tcp_recv_b; + send = mbedtls_test_mock_tcp_send_b; + recv = mbedtls_test_mock_tcp_recv_b; } mbedtls_mock_socket_init(&client); @@ -2778,7 +2778,7 @@ void ssl_mock_tcp_interleaving(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; @@ -2856,8 +2856,8 @@ void ssl_mock_tcp_interleaving(int blocking) exit: - mbedtls_mock_socket_close(&client); - mbedtls_mock_socket_close(&server); + mbedtls_test_mock_socket_close(&client); + mbedtls_test_mock_socket_close(&server); } /* END_CASE */ @@ -2867,17 +2867,17 @@ void ssl_message_queue_sanity() mbedtls_test_ssl_message_queue queue; /* Trying to push/pull to an empty queue */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(NULL, 1) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(NULL, 1) + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 0); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2886,25 +2886,25 @@ void ssl_message_queue_basic() { mbedtls_test_ssl_message_queue queue; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* Sanity test - 3 pushes and 3 pops with sufficient space */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 3); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2913,24 +2913,24 @@ void ssl_message_queue_overflow_underflow() { mbedtls_test_ssl_message_queue queue; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* 4 pushes (last one with an error), 4 pops (last one with an error) */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2939,32 +2939,32 @@ void ssl_message_queue_interleaved() { mbedtls_test_ssl_message_queue queue; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops * (to wrap around the buffer) */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3) == 3); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 8) == 8); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 3) == 3); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 5) == 5); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 8) == 8); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2975,15 +2975,15 @@ void ssl_message_queue_insufficient_buffer() size_t message_len = 10; size_t buffer_len = 5; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 1) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); /* Popping without a sufficient buffer */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, message_len) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) == (int) message_len); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, buffer_len) + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) == (int) buffer_len); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2995,41 +2995,41 @@ void ssl_message_mock_uninitialized() mbedtls_test_mock_socket client, server; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); /* Send with a NULL context */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(NULL, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(NULL, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + &client, + &client_context) == 0); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&server_queue, MSGLEN) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, MSGLEN) == MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3042,48 +3042,48 @@ void ssl_message_mock_basic() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send the message to the server */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); /* Read from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, MSGLEN); /* Send the message to the client */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN) == MSGLEN); /* Read from the client */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3096,51 +3096,51 @@ void ssl_message_mock_queue_overflow_underflow() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN*2)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*2)); /* Send three message to the server, last one with an error */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) == MSGLEN - 1); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN - 1) == MSGLEN - 1); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_WRITE); /* Read three messages from the server, last one with an error */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) == MSGLEN - 1); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN - 1) == MSGLEN - 1); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3153,42 +3153,42 @@ void ssl_message_mock_socket_overflow() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send two message to the server, second one with an error */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3201,16 +3201,16 @@ void ssl_message_mock_truncated() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + &client, + &client_context) == 0); memset(received, 0, MSGLEN); /* Fill up the buffer with structured data so that unwanted changes @@ -3218,17 +3218,17 @@ void ssl_message_mock_truncated() for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - 2 * MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + 2 * MSGLEN)); /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) == MSGLEN / 2); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN / 2) == MSGLEN / 2); /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) == MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ @@ -3238,15 +3238,15 @@ void ssl_message_mock_truncated() memset(received, 0, MSGLEN); /* Read a full message from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) == MSGLEN / 2); /* Test that the first half of the message is valid */ TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3259,31 +3259,31 @@ void ssl_message_mock_socket_read_error() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; @@ -3292,14 +3292,14 @@ void ssl_message_mock_socket_read_error() /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3312,51 +3312,51 @@ void ssl_message_mock_interleaved_one_way() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, and then two reads * (to wrap around the buffer) */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); } - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3369,49 +3369,49 @@ void ssl_message_mock_interleaved_two_ways() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads * (to wrap around the buffer) both ways. */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -3419,27 +3419,27 @@ void ssl_message_mock_interleaved_two_ways() } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -3512,10 +3512,10 @@ void ssl_crypt_record(int cipher_type, int hash_id, mbedtls_ssl_init(&ssl); mbedtls_ssl_transform_init(&t0); mbedtls_ssl_transform_init(&t1); - ret = build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len); + ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver, + (size_t) cid0_len, + (size_t) cid1_len); TEST_ASSERT(ret == 0); @@ -3666,10 +3666,10 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, mbedtls_ssl_init(&ssl); mbedtls_ssl_transform_init(&t0); mbedtls_ssl_transform_init(&t1); - ret = build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len); + ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver, + (size_t) cid0_len, + (size_t) cid1_len); TEST_ASSERT(ret == 0); @@ -3829,10 +3829,10 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, mbedtls_ssl_transform_init(&t1); /* Set up transforms with dummy keys */ - ret = build_transforms(&t0, &t1, cipher_type, hash_id, - 0, trunc_hmac, - MBEDTLS_SSL_VERSION_TLS1_2, - 0, 0); + ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + 0, trunc_hmac, + MBEDTLS_SSL_VERSION_TLS1_2, + 0, 0); TEST_ASSERT(ret == 0); @@ -3933,9 +3933,9 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, /* * Encrypt and decrypt the correct record, expecting success */ - TEST_EQUAL(0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen)); + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + rec.buf + rec.data_offset, rec.data_len, + rec.buf + rec.data_offset, &olen)); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3957,9 +3957,10 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, rec.buf[i] ^= 0x01; /* Encrypt */ - TEST_EQUAL(0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen)); + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + rec.buf + rec.data_offset, + rec.data_len, + rec.buf + rec.data_offset, &olen)); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3992,9 +3993,10 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, memset(buf + buflen - padlen - 1, i, padlen + 1); /* Encrypt */ - TEST_EQUAL(0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen)); + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + rec.buf + rec.data_offset, + rec.data_len, + rec.buf + rec.data_offset, &olen)); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -4487,12 +4489,12 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, ((void) tls_version); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(ssl_tls13_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &original, 0, endpoint_type) == 0); } else #endif { - TEST_ASSERT(ssl_tls12_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &original, ticket_len, crt_file) == 0); } @@ -4634,12 +4636,12 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, ((void) tls_version); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(ssl_tls13_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); } else #endif { - TEST_ASSERT(ssl_tls12_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, ticket_len, crt_file) == 0); } @@ -4696,12 +4698,12 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, ((void) tls_version); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(ssl_tls13_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); } else #endif { - TEST_ASSERT(ssl_tls12_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, ticket_len, crt_file) == 0); } TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) @@ -4743,12 +4745,12 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, ((void) tls_version); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(ssl_tls13_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); } else #endif { - TEST_ASSERT(ssl_tls12_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, ticket_len, crt_file) == 0); } TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) @@ -4800,11 +4802,11 @@ void ssl_session_serialize_version_check(int corrupt_major, ((void) tls_version); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(ssl_tls13_populate_session( + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); } else #endif - TEST_ASSERT(ssl_tls12_populate_session(&session, 0, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(&session, 0, NULL) == 0); /* Infer length of serialized session. */ @@ -4858,23 +4860,23 @@ void mbedtls_endpoint_sanity(int endpoint_type) mbedtls_test_ssl_endpoint ep; int ret = -1; mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.pk_alg = MBEDTLS_PK_RSA; - ret = mbedtls_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, + NULL, NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - ret = mbedtls_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); + ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - ret = mbedtls_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, + NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); exit: - mbedtls_endpoint_free(&ep, NULL); - free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&ep, NULL); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -4885,32 +4887,32 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) mbedtls_test_ssl_endpoint base_ep, second_ep; int ret = -1; mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.pk_alg = MBEDTLS_PK_RSA; USE_PSA_INIT(); mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); - ret = mbedtls_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, + NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); - ret = mbedtls_endpoint_init(&second_ep, - (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&second_ep, + (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); - ret = mbedtls_mock_socket_connect(&(base_ep.socket), - &(second_ep.socket), - BUFFSIZE); + ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), + &(second_ep.socket), + BUFFSIZE); TEST_ASSERT(ret == 0); - ret = mbedtls_move_handshake_to_state(&(base_ep.ssl), - &(second_ep.ssl), - state); + ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), + &(second_ep.ssl), + state); if (need_pass) { TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || @@ -4924,9 +4926,9 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) } exit: - free_handshake_options(&options); - mbedtls_endpoint_free(&base_ep, NULL); - mbedtls_endpoint_free(&second_ep, NULL); + mbedtls_test_free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&base_ep, NULL); + mbedtls_test_ssl_endpoint_free(&second_ep, NULL); USE_PSA_DONE(); } /* END_CASE */ @@ -4937,7 +4939,7 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, int expected_negotiated_version) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.client_min_version = client_min_version; options.client_max_version = client_max_version; @@ -4946,13 +4948,13 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, options.expected_negotiated_version = expected_negotiated_version; options.dtls = dtls; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -4960,20 +4962,20 @@ exit: void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.cipher = cipher; options.dtls = dtls; options.psk_str = psk_str; options.pk_alg = pk_alg; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -4994,7 +4996,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, int expected_ciphersuite) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.cipher = cipher; options.psk_str = psk_str; @@ -5004,13 +5006,13 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, options.opaque_usage = psa_usage; options.expected_handshake_result = expected_handshake_result; options.expected_ciphersuite = expected_ciphersuite; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -5020,7 +5022,7 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_srv_fragments, int dtls) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.mfl = mfl; options.cli_msg_len = cli_msg_len; @@ -5032,13 +5034,13 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len, options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; #endif - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -5070,15 +5072,15 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, void handshake_serialization() { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.serialize = 1; options.dtls = 1; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -5094,7 +5096,7 @@ void handshake_fragmentation(int mfl, srv_pattern.counter = 0; cli_pattern.counter = 0; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.dtls = 1; options.mfl = mfl; /* Set cipher to one using CBC so that record splitting can be tested */ @@ -5102,10 +5104,10 @@ void handshake_fragmentation(int mfl, options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; options.srv_log_obj = &srv_pattern; options.cli_log_obj = &cli_pattern; - options.srv_log_fun = log_analyzer; - options.cli_log_fun = log_analyzer; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + options.cli_log_fun = mbedtls_test_ssl_log_analyzer; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* Test if the server received a fragmented handshake */ if (expected_srv_hs_fragmentation) { @@ -5117,7 +5119,7 @@ void handshake_fragmentation(int mfl, } exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -5125,18 +5127,18 @@ exit: void renegotiation(int legacy_renegotiation) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.renegotiate = 1; options.legacy_renegotiation = legacy_renegotiation; options.dtls = 1; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -5145,7 +5147,7 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.mfl = mfl; options.cipher = cipher; @@ -5155,12 +5157,12 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, options.dtls = dtls; options.resize_buffers = 1; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; exit: - free_handshake_options(&options); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ @@ -5411,37 +5413,37 @@ void force_bad_session_id_len() srv_pattern.pattern = cli_pattern.pattern = "cache did not store session"; srv_pattern.counter = 0; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.srv_log_obj = &srv_pattern; - options.srv_log_fun = log_analyzer; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; USE_PSA_INIT(); mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, + NULL, NULL) == 0); - TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, - NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL, + NULL) == 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, options.srv_log_obj); - TEST_ASSERT(mbedtls_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE) == 0); - TEST_ASSERT(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP) + TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_WRAPUP) == 0); /* Force a bad session_id_len that will be read by the server in * mbedtls_ssl_cache_set. */ @@ -5458,9 +5460,9 @@ void force_bad_session_id_len() /* Make sure that the cache did not store the session */ TEST_EQUAL(srv_pattern.counter, 1); exit: - mbedtls_endpoint_free(&client, NULL); - mbedtls_endpoint_free(&server, NULL); - free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_free_handshake_options(&options); mbedtls_debug_set_threshold(0); USE_PSA_DONE(); } @@ -5601,28 +5603,28 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.pk_alg = MBEDTLS_PK_ECDSA; /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the * required 0x04 identifier invalid. */ - TEST_EQUAL(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL, iana_tls_group_list), 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, + NULL, iana_tls_group_list), 0); /* Server side */ - TEST_EQUAL(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, - NULL, NULL), 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, + NULL, NULL), 0); - TEST_EQUAL(mbedtls_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE), 0); + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE), 0); - TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) , 0); mbedtls_psa_get_stats(&stats); @@ -5636,9 +5638,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; } - TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); mbedtls_psa_get_stats(&stats); @@ -5650,9 +5652,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) } exit: - mbedtls_endpoint_free(&client, NULL); - mbedtls_endpoint_free(&server, NULL); - free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_free_handshake_options(&options); USE_PSA_DONE(); } @@ -5677,36 +5679,36 @@ void tls13_server_certificate_msg_invalid_vector_len() mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&client_options); client_options.pk_alg = MBEDTLS_PK_ECDSA; - ret = mbedtls_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - init_handshake_options(&server_options); + mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; - ret = mbedtls_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - ret = mbedtls_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); TEST_EQUAL(ret, 0); while (1) { mbedtls_test_set_step(++step); - ret = mbedtls_move_handshake_to_state(&(server_ep.ssl), - &(client_ep.ssl), - MBEDTLS_SSL_CERTIFICATE_VERIFY); + ret = mbedtls_test_move_handshake_to_state(&(server_ep.ssl), + &(client_ep.ssl), + MBEDTLS_SSL_CERTIFICATE_VERIFY); TEST_EQUAL(ret, 0); ret = mbedtls_ssl_flush_output(&(server_ep.ssl)); TEST_EQUAL(ret, 0); - ret = mbedtls_move_handshake_to_state(&(client_ep.ssl), - &(server_ep.ssl), - MBEDTLS_SSL_SERVER_CERTIFICATE); + ret = mbedtls_test_move_handshake_to_state(&(client_ep.ssl), + &(server_ep.ssl), + MBEDTLS_SSL_SERVER_CERTIFICATE); TEST_EQUAL(ret, 0); ret = mbedtls_ssl_tls13_fetch_handshake_msg(&(client_ep.ssl), @@ -5744,10 +5746,10 @@ void tls13_server_certificate_msg_invalid_vector_len() exit: mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - mbedtls_endpoint_free(&client_ep, NULL); - mbedtls_endpoint_free(&server_ep, NULL); - free_handshake_options(&client_options); - free_handshake_options(&server_options); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); USE_PSA_DONE(); } /* END_CASE */ From bd29683c9040ef7671cb5b19ac11cc2c6e58be0f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 26 Oct 2022 18:28:11 +0800 Subject: [PATCH 05/17] Rewrap the lines to fit code standard in test_suite_ssl.function As the typedef statements and functions are renamed in commit de3caee and commit d51d285 respectively. This commit aims to align code lines to fit code standard and improve code readability. Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 385 ++++++++++++++++----------- 1 file changed, 233 insertions(+), 152 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index bdd40487e..9d425aed2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -47,8 +47,8 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len) /* * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received - * logged messages. + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. */ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, @@ -67,7 +67,8 @@ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, } } -void mbedtls_test_init_handshake_options(mbedtls_test_handshake_test_options *opts) +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) srand(rng_seed); @@ -110,7 +111,8 @@ exit: #endif } -void mbedtls_test_free_handshake_options(mbedtls_test_handshake_test_options *opts) +void mbedtls_test_free_handshake_options( + mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(opts->cache); @@ -151,9 +153,11 @@ void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) /* * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` on \p buf. + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity) { buf->buffer = (unsigned char *) mbedtls_calloc(capacity, sizeof(unsigned char)); @@ -326,8 +330,8 @@ void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. * \retval \p len, if the push was successful. */ -int mbedtls_test_ssl_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, - size_t len) +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len) { int place; if (queue == NULL) { @@ -354,8 +358,8 @@ int mbedtls_test_ssl_message_queue_push_info(mbedtls_test_ssl_message_queue *que * \retval message length, if the pop was successful, up to the given \p buf_len. */ -int mbedtls_test_ssl_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len) +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len) { size_t message_length; if (queue == NULL) { @@ -464,7 +468,8 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, int ret = -1; peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); if (peer1->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -475,7 +480,8 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, } peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); if (peer2->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -507,7 +513,8 @@ exit: * Callbacks for simulating blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, + size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -533,7 +540,8 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, + size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -579,11 +587,12 @@ void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message * queue failed. */ -int mbedtls_test_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) { int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); if (ret != 0) { @@ -618,17 +627,20 @@ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) * \retval \p len, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. * * This function will also return any error from * mbedtls_test_ssl_message_queue_push_info. */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, + size_t len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; if (context == NULL || context->socket == NULL || context->queue_output == NULL) { @@ -656,16 +668,20 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t l * \retval message length, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_test_mock_tcp_recv_b failed. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. * * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info. + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, + size_t buf_len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; size_t drop_len = 0; size_t msg_len; int ret; @@ -697,7 +713,8 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) + != (int) drop_len) { /* Inconsistent state - part of the message was read, * and a part couldn't. Not much we can do here, but it should not * happen in test environment, unless forced manually. */ @@ -747,7 +764,8 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) * * \retval 0 on success, otherwise error code. */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg, int opaque_alg, int opaque_alg2, int opaque_usage) { @@ -868,8 +886,9 @@ exit: } /* - * Initializes \p ep structure. It is important to call `mbedtls_test_ssl_endpoint_free()` - * after calling this function even if it fails. + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. * * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or * MBEDTLS_SSL_IS_CLIENT. @@ -881,12 +900,13 @@ exit: * * \retval 0 on success, otherwise error code. */ -int mbedtls_test_ssl_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + uint16_t *group_list) { int ret = -1; uintptr_t user_data_n; @@ -987,8 +1007,9 @@ exit: /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) { mbedtls_endpoint_certificate_free(ep); @@ -1192,10 +1213,13 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) -static int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen) +int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, + const unsigned char *iv, + size_t iv_len, + const unsigned char *input, + size_t ilen, + unsigned char *output, + size_t *olen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1238,13 +1262,13 @@ static int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transfo } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */ -static int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len) +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, + size_t cid0_len, + size_t cid1_len) { mbedtls_cipher_info_t const *cipher_info; int ret = 0; @@ -1593,9 +1617,9 @@ cleanup: * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. */ -static int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - const char *crt_file) +int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) { #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; @@ -1690,9 +1714,9 @@ static int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type) +int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type) { ((void) ticket_len); session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; @@ -1870,8 +1894,9 @@ int exchange_data(mbedtls_ssl_context *ssl_1, } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int check_ssl_version(mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *ssl) +static int check_ssl_version( + mbedtls_ssl_protocol_version expected_negotiated_version, + const mbedtls_ssl_context *ssl) { const char *version_string = mbedtls_ssl_get_version(ssl); mbedtls_ssl_protocol_version version_number = @@ -1908,7 +1933,8 @@ exit: #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *options) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; @@ -1939,7 +1965,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt /* Client side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, options, &client_context, &client_queue, &server_queue, NULL) == 0); @@ -1949,7 +1976,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, NULL, NULL) == 0); } @@ -1978,7 +2006,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt /* Server side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, options, &server_context, &server_queue, &client_queue, NULL) == 0); @@ -1988,7 +2017,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, options, NULL, NULL, NULL, NULL) == 0); } @@ -2085,7 +2115,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt /* Make sure server state is moved to HANDSHAKE_OVER also. */ TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), &(client.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); + MBEDTLS_SSL_HANDSHAKE_OVER), + 0); TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); /* Check that both sides have negotiated the expected version. */ @@ -2265,8 +2296,12 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); exit: - mbedtls_test_ssl_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL); + mbedtls_test_ssl_endpoint_free(&client, + options->dtls != 0 ? + &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, + options->dtls != 0 ? + &server_context : NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); @@ -2450,7 +2485,8 @@ void test_callback_buffer_sanity() == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); @@ -2459,10 +2495,12 @@ void test_callback_buffer_sanity() * in error. */ mbedtls_test_ssl_buffer_init(&buf); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); @@ -2474,7 +2512,8 @@ void test_callback_buffer_sanity() TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) == 0); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); @@ -2609,8 +2648,8 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_mock_socket` related I/O functions is - * correct and works as expected on unconnected sockets. + * Test if the implementation of `mbedtls_test_mock_socket` related + * I/O functions is correct and works as expected on unconnected sockets. */ /* BEGIN_CASE */ @@ -2642,8 +2681,8 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_mock_socket` related functions can - * send a single message from the client to the server. + * Test if the implementation of `mbedtls_test_mock_socket` related functions + * can send a single message from the client to the server. */ /* BEGIN_CASE */ @@ -2679,7 +2718,8 @@ void ssl_mock_tcp(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message to the server */ send_ret = recv_ret = 1; @@ -2735,8 +2775,8 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_mock_socket` related functions can - * send messages in both direction at the same time (with the I/O calls + * Test if the implementation of `mbedtls_test_mock_socket` related functions + * can send messages in both direction at the same time (with the I/O calls * interleaving). */ @@ -2778,7 +2818,8 @@ void ssl_mock_tcp_interleaving(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; @@ -3005,27 +3046,33 @@ void ssl_message_mock_uninitialized() TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, &client, &client_context) == 0); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, MSGLEN) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, + MSGLEN) == MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); exit: mbedtls_test_message_socket_close(&server_context); @@ -3045,11 +3092,13 @@ void ssl_message_mock_basic() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, &client, &client_context) == 0); @@ -3066,7 +3115,8 @@ void ssl_message_mock_basic() MSGLEN) == MSGLEN); /* Read from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -3074,10 +3124,12 @@ void ssl_message_mock_basic() /* Send the message to the client */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); /* Read from the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -3099,11 +3151,13 @@ void ssl_message_mock_queue_overflow_underflow() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, &client, &client_context) == 0); @@ -3117,10 +3171,12 @@ void ssl_message_mock_queue_overflow_underflow() /* Send three message to the server, last one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) == MSGLEN - 1); + MSGLEN - 1) + == MSGLEN - 1); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) @@ -3128,14 +3184,17 @@ void ssl_message_mock_queue_overflow_underflow() /* Read three messages from the server, last one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) == MSGLEN - 1); + MSGLEN - 1) + == MSGLEN - 1); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: @@ -3156,11 +3215,13 @@ void ssl_message_mock_socket_overflow() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, &client, &client_context) == 0); @@ -3174,14 +3235,16 @@ void ssl_message_mock_socket_overflow() /* Send two message to the server, second one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -3204,11 +3267,13 @@ void ssl_message_mock_truncated() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, &client, &client_context) == 0); @@ -3224,11 +3289,14 @@ void ssl_message_mock_truncated() /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) == MSGLEN / 2); + MSGLEN / 2) + == MSGLEN / 2); /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2) == MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ @@ -3238,7 +3306,8 @@ void ssl_message_mock_truncated() memset(received, 0, MSGLEN); /* Read a full message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2) == MSGLEN / 2); /* Test that the first half of the message is valid */ @@ -3262,11 +3331,13 @@ void ssl_message_mock_socket_read_error() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, &client, &client_context) == 0); @@ -3279,11 +3350,13 @@ void ssl_message_mock_socket_read_error() MSGLEN)); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; @@ -3292,7 +3365,8 @@ void ssl_message_mock_socket_read_error() /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -3315,11 +3389,13 @@ void ssl_message_mock_interleaved_one_way() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, &client, &client_context) == 0); @@ -3352,7 +3428,8 @@ void ssl_message_mock_interleaved_one_way() TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); @@ -3372,11 +3449,13 @@ void ssl_message_mock_interleaved_two_ways() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, &client, &client_context) == 0); @@ -3432,10 +3511,12 @@ void ssl_message_mock_interleaved_two_ways() memset(received, 0, sizeof(received)); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); @@ -3933,9 +4014,9 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, /* * Encrypt and decrypt the correct record, expecting success */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, rec.data_len, - rec.buf + rec.data_offset, &olen)); + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3957,10 +4038,9 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, rec.buf[i] ^= 0x01; /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, - rec.data_len, - rec.buf + rec.data_offset, &olen)); + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -3993,10 +4073,9 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, memset(buf + buflen - padlen - 1, i, padlen + 1); /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, - rec.buf + rec.data_offset, - rec.data_len, - rec.buf + rec.data_offset, &olen)); + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; @@ -4806,7 +4885,8 @@ void ssl_session_serialize_version_check(int corrupt_major, &session, 0, endpoint_type) == 0); } else #endif - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(&session, 0, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( + &session, 0, NULL) == 0); /* Infer length of serialized session. */ @@ -4867,7 +4947,8 @@ void mbedtls_endpoint_sanity(int endpoint_type) NULL, NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); + ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, + 0, 0, 0); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, @@ -4898,10 +4979,11 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); - ret = mbedtls_test_ssl_endpoint_init(&second_ep, - (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init( + &second_ep, + (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); @@ -5441,9 +5523,8 @@ void force_bad_session_id_len() &(server.socket), BUFFSIZE) == 0); - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP) + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP) == 0); /* Force a bad session_id_len that will be read by the server in * mbedtls_ssl_cache_set. */ @@ -5622,10 +5703,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) &(server.socket), BUFFSIZE), 0); - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) - , 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), + MBEDTLS_SSL_CLIENT_KEY_EXCHANGE), 0); mbedtls_psa_get_stats(&stats); /* Save the number of slots in use up to this point. @@ -5638,9 +5718,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; } - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); mbedtls_psa_get_stats(&stats); @@ -5682,13 +5761,15 @@ void tls13_server_certificate_msg_invalid_vector_len() mbedtls_test_init_handshake_options(&client_options); client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, NULL); + &client_options, NULL, NULL, NULL, + NULL); TEST_EQUAL(ret, 0); mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, NULL); + &server_options, NULL, NULL, NULL, + NULL); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), @@ -5698,17 +5779,17 @@ void tls13_server_certificate_msg_invalid_vector_len() while (1) { mbedtls_test_set_step(++step); - ret = mbedtls_test_move_handshake_to_state(&(server_ep.ssl), - &(client_ep.ssl), - MBEDTLS_SSL_CERTIFICATE_VERIFY); + ret = mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_CERTIFICATE_VERIFY); TEST_EQUAL(ret, 0); ret = mbedtls_ssl_flush_output(&(server_ep.ssl)); TEST_EQUAL(ret, 0); - ret = mbedtls_test_move_handshake_to_state(&(client_ep.ssl), - &(server_ep.ssl), - MBEDTLS_SSL_SERVER_CERTIFICATE); + ret = mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_CERTIFICATE); TEST_EQUAL(ret, 0); ret = mbedtls_ssl_tls13_fetch_handshake_msg(&(client_ep.ssl), From d577a68325be92202b6f6f377b2ac10186ef73c3 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 27 Oct 2022 11:47:54 +0800 Subject: [PATCH 06/17] Improve code readability for test_suite_ssl.function Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 204 ++++++++++++++++----------- 1 file changed, 118 insertions(+), 86 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9d425aed2..226e1b2a7 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -26,7 +26,7 @@ #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif enum { -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ tls13_label_ ## name, MBEDTLS_SSL_TLS1_3_LABEL_LIST #undef MBEDTLS_SSL_TLS1_3_LABEL @@ -792,9 +792,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, /* Load the trusted CA */ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der(cert->ca_cert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); + ret = mbedtls_x509_crt_parse_der( + cert->ca_cert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i]); TEST_ASSERT(ret == 0); } @@ -802,50 +803,58 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); TEST_ASSERT(ret == 0); } else { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); TEST_ASSERT(ret == 0); } } else { if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); TEST_ASSERT(ret == 0); } else { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); TEST_ASSERT(ret == 0); } } @@ -911,8 +920,10 @@ int mbedtls_test_ssl_endpoint_init( int ret = -1; uintptr_t user_data_n; - if (dtls_context != NULL && (input_queue == NULL || output_queue == NULL)) { + if (dtls_context != NULL && + (input_queue == NULL || output_queue == NULL)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } if (ep == NULL) { @@ -1113,7 +1124,8 @@ exit: } /* - * Read application data and increase read counter and fragments counter if necessary. + * Read application data and increase read counter and fragments counter + * if necessary. */ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, int buf_len, int *read, @@ -1157,10 +1169,10 @@ exit: * and version. */ -#define CHK(x) \ +#define CHK(x) \ do \ { \ - if (!(x)) \ + if (!(x)) \ { \ ret = -1; \ goto cleanup; \ @@ -1227,7 +1239,8 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, size_t part_len; status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, transform->psa_alg); + transform->psa_key_enc, + transform->psa_alg); if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); @@ -1239,15 +1252,14 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, return PSA_TO_MBEDTLS_ERR(status); } - status = psa_cipher_update(&cipher_op, - input, ilen, output, ilen, olen); + status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); } - status = psa_cipher_finish(&cipher_op, - output + *olen, ilen - *olen, &part_len); + status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, + &part_len); if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); @@ -1260,7 +1272,8 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, iv, iv_len, input, ilen, output, olen); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && + MBEDTLS_AES_C */ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, @@ -1661,11 +1674,12 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; - psa_status_t status = psa_hash_compute(psa_alg, tmp_crt.raw.p, - tmp_crt.raw.len, - session->peer_cert_digest, - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, - &hash_size); + psa_status_t status = psa_hash_compute( + psa_alg, tmp_crt.raw.p, + tmp_crt.raw.len, + session->peer_cert_digest, + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, + &hash_size); ret = PSA_TO_MBEDTLS_ERR(status); #else ret = mbedtls_md(mbedtls_md_info_from_type( @@ -1762,13 +1776,15 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, * message was sent in the correct number of fragments. * * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected beforehand. + * of them must be initialized and connected + * beforehand. * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. * /p expected_fragments_1 and /p expected_fragments_2 determine in how many * fragments the message should be sent. * expected_fragments is 0: can be used for DTLS testing while the message * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second endpoint. + * cannot be fragmented and sent to the second + * endpoint. * This value can be used for negative tests. * expected_fragments is 1: can be used for TLS/DTLS testing while the * message size is below MFL @@ -1921,7 +1937,8 @@ static int check_ssl_version( break; default: - TEST_ASSERT(!"Version check not implemented for this protocol version"); + TEST_ASSERT( + !"Version check not implemented for this protocol version"); } return 1; @@ -2037,24 +2054,28 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) == 0); + (unsigned char) options->mfl) + == 0); TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) == 0); + (unsigned char) options->mfl) + == 0); #else TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk(&client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); + TEST_ASSERT(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); + TEST_ASSERT(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); #if defined(MBEDTLS_SSL_SRV_C) mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); #endif @@ -2175,7 +2196,8 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, context_buf_len, - &context_buf_len) == 0); + &context_buf_len) + == 0); mbedtls_ssl_free(&(server.ssl)); mbedtls_ssl_init(&(server.ssl)); @@ -2215,12 +2237,13 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), - options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), - options->srv_msg_len, - options->expected_srv_fragments) + TEST_ASSERT(mbedtls_exchange_data( + &(client.ssl), + options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), + options->srv_msg_len, + options->expected_srv_fragments) == 0); } } @@ -2248,11 +2271,12 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE); - /* After calling mbedtls_ssl_renegotiate for the client all renegotiation - * should happen inside this function. However in this test, we cannot - * perform simultaneous communication between client and server so this - * function will return waiting error on the socket. All rest of - * renegotiation should happen during data exchanging */ + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ ret = mbedtls_ssl_renegotiate(&(client.ssl)); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { @@ -2351,9 +2375,11 @@ int tweak_tls13_certificate_msg_vector_len( unsigned char *p_certificate_request_context_len = buf; size_t certificate_request_context_len = buf[0]; - unsigned char *p_certificate_list_len = buf + 1 + certificate_request_context_len; + unsigned char *p_certificate_list_len = + buf + 1 + certificate_request_context_len; unsigned char *certificate_list = p_certificate_list_len + 3; - size_t certificate_list_len = MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); + size_t certificate_list_len = + MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); unsigned char *p_cert_data_len = certificate_list; unsigned char *cert_data = p_cert_data_len + 3; @@ -2367,8 +2393,8 @@ int tweak_tls13_certificate_msg_vector_len( switch (tweak) { case 1: - /* Failure when checking if the certificate request context length and - * certificate list length can be read + /* Failure when checking if the certificate request context length + * and certificate list length can be read */ *end = buf + 3; set_chk_buf_ptr_args(args, buf, *end, 4); @@ -2409,16 +2435,18 @@ int tweak_tls13_certificate_msg_vector_len( /* Failure when checking if the extensions length can be read. */ MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, p_extensions_len, - certificate_list + certificate_list_len - extensions_len - 1, 2); + set_chk_buf_ptr_args( + args, p_extensions_len, + certificate_list + certificate_list_len - extensions_len - 1, 2); break; case 7: /* Failure when checking if extensions data can be read. */ MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); - set_chk_buf_ptr_args(args, extensions, - certificate_list + certificate_list_len, extensions_len + 1); + set_chk_buf_ptr_args( + args, extensions, + certificate_list + certificate_list_len, extensions_len + 1); break; default: @@ -4151,10 +4179,12 @@ void ssl_tls13_traffic_key_generation(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT(client_secret->len == server_secret->len); - TEST_ASSERT(expected_client_write_iv->len == expected_server_write_iv->len && - expected_client_write_iv->len == (size_t) desired_iv_len); - TEST_ASSERT(expected_client_write_key->len == expected_server_write_key->len && - expected_client_write_key->len == (size_t) desired_key_len); + TEST_ASSERT( + expected_client_write_iv->len == expected_server_write_iv->len && + expected_client_write_iv->len == (size_t) desired_iv_len); + TEST_ASSERT( + expected_client_write_key->len == expected_server_write_key->len && + expected_client_write_key->len == (size_t) desired_key_len); PSA_INIT(); @@ -5438,7 +5468,8 @@ void conf_curve() TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL); TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL); - TEST_EQUAL(ssl.handshake->group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], + TEST_EQUAL(ssl.handshake-> + group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE); for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { @@ -5472,7 +5503,8 @@ void conf_group() TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL); - TEST_EQUAL(ssl.conf->group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], + TEST_EQUAL(ssl.conf-> + group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE); for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { From e6afd919dd86fb61e6b2080936fb0fb263a2e502 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 27 Oct 2022 12:11:18 +0800 Subject: [PATCH 07/17] Move TLS connection related functions to ssl_helpers.c Some functions are renamed in commit d51d285. This change moves all those functions which are used to set up a TLS connection from test_suite_ssl.function into ssl_helpers.c. Signed-off-by: Yanray Wang --- tests/src/ssl_helpers.c | 2425 ++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 2425 -------------------------- 2 files changed, 2425 insertions(+), 2425 deletions(-) diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c index 618b3ec17..150f6e84d 100644 --- a/tests/src/ssl_helpers.c +++ b/tests/src/ssl_helpers.c @@ -21,3 +21,2428 @@ */ #include + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static int rng_seed = 0xBEEF; +static int rng_get(void *p_rng, unsigned char *output, size_t output_len) +{ + (void) p_rng; + for (size_t i = 0; i < output_len; i++) { + output[i] = rand(); + } + + return 0; +} +#endif + +/* + * This function can be passed to mbedtls to receive output logs from it. In + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. + */ +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str) +{ + mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; + + (void) level; + (void) line; + (void) file; + + if (NULL != p && + NULL != p->pattern && + NULL != strstr(str, p->pattern)) { + p->counter++; + } +} + +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts) +{ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + srand(rng_seed); + rng_seed += 0xD0; +#endif + opts->cipher = ""; + opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; + opts->expected_handshake_result = 0; + opts->expected_ciphersuite = 0; + opts->pk_alg = MBEDTLS_PK_RSA; + opts->opaque_alg = 0; + opts->opaque_alg2 = 0; + opts->opaque_usage = 0; + opts->psk_str = NULL; + opts->dtls = 0; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->serialize = 0; + opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; + opts->cli_msg_len = 100; + opts->srv_msg_len = 100; + opts->expected_cli_fragments = 1; + opts->expected_srv_fragments = 1; + opts->renegotiate = 0; + opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + opts->srv_log_obj = NULL; + opts->srv_log_obj = NULL; + opts->srv_log_fun = NULL; + opts->cli_log_fun = NULL; + opts->resize_buffers = 1; +#if defined(MBEDTLS_SSL_CACHE_C) + opts->cache = NULL; + ASSERT_ALLOC(opts->cache, 1); + mbedtls_ssl_cache_init(opts->cache); +exit: + return; +#endif +} + +void mbedtls_test_free_handshake_options( + mbedtls_test_handshake_test_options *opts) +{ +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_free(opts->cache); + mbedtls_free(opts->cache); +#else + (void) opts; +#endif +} + +#if defined(MBEDTLS_TEST_HOOKS) +static void set_chk_buf_ptr_args( + mbedtls_ssl_chk_buf_ptr_args *args, + unsigned char *cur, unsigned char *end, size_t need) +{ + args->cur = cur; + args->end = end; + args->need = need; +} + +static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) +{ + memset(args, 0, sizeof(*args)); +} +#endif /* MBEDTLS_TEST_HOOKS */ + +/* + * Buffer structure for custom I/O callbacks. + */ + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_free()` on \p buf. + */ +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) +{ + memset(buf, 0, sizeof(*buf)); +} + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. + */ +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity) +{ + buf->buffer = (unsigned char *) mbedtls_calloc(capacity, + sizeof(unsigned char)); + if (NULL == buf->buffer) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + buf->capacity = capacity; + + return 0; +} + +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) +{ + if (buf->buffer != NULL) { + mbedtls_free(buf->buffer); + } + + memset(buf, 0, sizeof(*buf)); +} + +/* + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len) +{ + size_t overflow = 0; + + if ((buf == NULL) || (buf->buffer == NULL)) { + return -1; + } + + /* Reduce input_len to a number that fits in the buffer. */ + if ((buf->content_length + input_len) > buf->capacity) { + input_len = buf->capacity - buf->content_length; + } + + if (input == NULL) { + return (input_len == 0) ? 0 : -1; + } + + /* Check if the buffer has not come full circle and free space is not in + * the middle */ + if (buf->start + buf->content_length < buf->capacity) { + + /* Calculate the number of bytes that need to be placed at lower memory + * address */ + if (buf->start + buf->content_length + input_len + > buf->capacity) { + overflow = (buf->start + buf->content_length + input_len) + % buf->capacity; + } + + memcpy(buf->buffer + buf->start + buf->content_length, input, + input_len - overflow); + memcpy(buf->buffer, input + input_len - overflow, overflow); + + } else { + /* The buffer has come full circle and free space is in the middle */ + memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, + input, input_len); + } + + buf->content_length += input_len; + return input_len; +} + +/* + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL or it hasn't been set up. + */ +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len) +{ + size_t overflow = 0; + + if ((buf == NULL) || (buf->buffer == NULL)) { + return -1; + } + + if (output == NULL && output_len == 0) { + return 0; + } + + if (buf->content_length < output_len) { + output_len = buf->content_length; + } + + /* Calculate the number of bytes that need to be drawn from lower memory + * address */ + if (buf->start + output_len > buf->capacity) { + overflow = (buf->start + output_len) % buf->capacity; + } + + if (output != NULL) { + memcpy(output, buf->buffer + buf->start, output_len - overflow); + memcpy(output + output_len - overflow, buf->buffer, overflow); + } + + buf->content_length -= output_len; + buf->start = (buf->start + output_len) % buf->capacity; + + return output_len; +} + +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, + size_t capacity) +{ + queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); + if (NULL == queue->messages) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + queue->capacity = capacity; + queue->pos = 0; + queue->num = 0; + + return 0; +} + +void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) +{ + if (queue == NULL) { + return; + } + + if (queue->messages != NULL) { + mbedtls_free(queue->messages); + } + + memset(queue, 0, sizeof(*queue)); +} + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len) +{ + int place; + if (queue == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + + if (queue->num >= queue->capacity) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + place = (queue->pos + queue->num) % queue->capacity; + queue->messages[place] = len; + queue->num++; + return len; +} + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len) +{ + size_t message_length; + if (queue == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + if (queue->num == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + message_length = queue->messages[queue->pos]; + queue->messages[queue->pos] = 0; + queue->num--; + queue->pos++; + queue->pos %= queue->capacity; + if (queue->pos < 0) { + queue->pos += queue->capacity; + } + + return (message_length > buf_len) ? buf_len : message_length; +} + +/* + * Take a peek on the info about the next message length from the queue. + * This will be the oldest inserted message length(fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval 0, if the peek was successful. + * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is + * too small to fit the message. In this case the \p msg_len will be + * set to the full message length so that the + * caller knows what portion of the message can be dropped. + */ +int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, + size_t buf_len, size_t *msg_len) +{ + if (queue == NULL || msg_len == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + if (queue->num == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + *msg_len = queue->messages[queue->pos]; + return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; +} + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) +{ + memset(socket, 0, sizeof(*socket)); +} + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) +{ + if (socket == NULL) { + return; + } + + if (socket->input != NULL) { + mbedtls_test_ssl_buffer_free(socket->input); + mbedtls_free(socket->input); + } + + if (socket->output != NULL) { + mbedtls_test_ssl_buffer_free(socket->output); + mbedtls_free(socket->output); + } + + if (socket->peer != NULL) { + memset(socket->peer, 0, sizeof(*socket->peer)); + } + + memset(socket, 0, sizeof(*socket)); +} + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacities of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize) +{ + int ret = -1; + + peer1->output = + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); + if (peer1->output == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_ssl_buffer_init(peer1->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { + goto exit; + } + + peer2->output = + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); + if (peer2->output == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_ssl_buffer_init(peer2->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { + goto exit; + } + + peer1->peer = peer2; + peer2->peer = peer1; + peer1->input = peer2->output; + peer2->input = peer1->output; + + peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; + ret = 0; + +exit: + + if (ret != 0) { + mbedtls_test_mock_socket_close(peer1); + mbedtls_test_mock_socket_close(peer2); + } + + return ret; +} + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, + size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); +} + +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); +} + +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, + size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + if (socket->output->capacity == socket->output->content_length) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); +} + +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + if (socket->input->content_length == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); +} + +void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) +{ + ctx->queue_input = NULL; + ctx->queue_output = NULL; + ctx->socket = NULL; +} + +/* + * Setup a given message socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) +{ + int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); + if (ret != 0) { + return ret; + } + ctx->queue_input = queue_input; + ctx->queue_output = queue_output; + ctx->socket = socket; + mbedtls_mock_socket_init(socket); + + return 0; +} + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) +{ + if (ctx == NULL) { + return; + } + + mbedtls_test_ssl_message_queue_free(ctx->queue_input); + mbedtls_test_mock_socket_close(ctx->socket); + memset(ctx, 0, sizeof(*ctx)); +} + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_ssl_message_queue_push_info. + */ +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, + size_t len) +{ + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; + + if (context == NULL || context->socket == NULL + || context->queue_output == NULL) { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_output; + socket = context->socket; + + if (queue->num >= queue->capacity) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { + return MBEDTLS_TEST_ERROR_SEND_FAILED; + } + + return mbedtls_test_ssl_message_queue_push_info(queue, len); +} + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. + */ +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, + size_t buf_len) +{ + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; + size_t drop_len = 0; + size_t msg_len; + int ret; + + if (context == NULL || context->socket == NULL + || context->queue_input == NULL) { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_input; + socket = context->socket; + + /* Peek first, so that in case of a socket error the data remains in + * the queue. */ + ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); + if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { + /* Calculate how much to drop */ + drop_len = msg_len - buf_len; + + /* Set the requested message len to be buffer length */ + msg_len = buf_len; + } else if (ret != 0) { + return ret; + } + + if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { + return MBEDTLS_TEST_ERROR_RECV_FAILED; + } + + if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { + /* Drop the remaining part of the message */ + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) + != (int) drop_len) { + /* Inconsistent state - part of the message was read, + * and a part couldn't. Not much we can do here, but it should not + * happen in test environment, unless forced manually. */ + } + } + mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); + + return msg_len; +} + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +/* + * Deinitializes certificates from endpoint represented by \p ep. + */ +void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) +{ + mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); + if (cert != NULL) { + if (cert->ca_cert != NULL) { + mbedtls_x509_crt_free(cert->ca_cert); + mbedtls_free(cert->ca_cert); + cert->ca_cert = NULL; + } + if (cert->cert != NULL) { + mbedtls_x509_crt_free(cert->cert); + mbedtls_free(cert->cert); + cert->cert = NULL; + } + if (cert->pkey != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { + mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; + psa_destroy_key(*key_slot); + } +#endif + mbedtls_pk_free(cert->pkey); + mbedtls_free(cert->pkey); + cert->pkey = NULL; + } + } +} + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg, + int opaque_alg, int opaque_alg2, + int opaque_usage) +{ + int i = 0; + int ret = -1; + mbedtls_test_ssl_endpoint_certificate *cert = NULL; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; +#endif + + if (ep == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + cert = &(ep->cert); + ASSERT_ALLOC(cert->ca_cert, 1); + ASSERT_ALLOC(cert->cert, 1); + ASSERT_ALLOC(cert->pkey, 1); + + mbedtls_x509_crt_init(cert->ca_cert); + mbedtls_x509_crt_init(cert->cert); + mbedtls_pk_init(cert->pkey); + + /* Load the trusted CA */ + + for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { + ret = mbedtls_x509_crt_parse_der( + cert->ca_cert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i]); + TEST_ASSERT(ret == 0); + } + + /* Load own certificate and private key */ + + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + if (pk_alg == MBEDTLS_PK_RSA) { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } else { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } + } else { + if (pk_alg == MBEDTLS_PK_RSA) { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } else { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } + } + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (opaque_alg != 0) { + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot, + opaque_alg, opaque_usage, + opaque_alg2), 0); + } +#else + (void) opaque_alg; + (void) opaque_alg2; + (void) opaque_usage; +#endif + + mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, + cert->pkey); + TEST_ASSERT(ret == 0); + TEST_ASSERT(ep->conf.key_cert != NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); + TEST_ASSERT(ret == 0); + TEST_ASSERT(ep->conf.key_cert == NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, + cert->pkey); + TEST_ASSERT(ret == 0); + +exit: + if (ret != 0) { + mbedtls_endpoint_certificate_free(ep); + } + + return ret; +} + +/* + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and + * MBEDTLS_PK_ECDSA are supported. + * \p dtls_context - in case of DTLS - this is the context handling metadata. + * \p input_queue - used only in case of DTLS. + * \p output_queue - used only in case of DTLS. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + uint16_t *group_list) +{ + int ret = -1; + uintptr_t user_data_n; + + if (dtls_context != NULL && + (input_queue == NULL || output_queue == NULL)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + + } + + if (ep == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + memset(ep, 0, sizeof(*ep)); + + ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; + + mbedtls_ssl_init(&(ep->ssl)); + mbedtls_ssl_config_init(&(ep->conf)); + mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL); + + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); + + (void) mbedtls_test_rnd_std_rand(NULL, + (void *) &user_data_n, + sizeof(user_data_n)); + mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); + mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); + + if (dtls_context != NULL) { + TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context) == 0); + } else { + mbedtls_mock_socket_init(&(ep->socket)); + } + + /* Non-blocking callbacks without timeout */ + if (dtls_context != NULL) { + mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + } else { + mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, + NULL); + } + + ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, + (dtls_context != NULL) ? + MBEDTLS_SSL_TRANSPORT_DATAGRAM : + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); + TEST_ASSERT(ret == 0); + + if (group_list != NULL) { + mbedtls_ssl_conf_groups(&(ep->conf), group_list); + } + + mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + +#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { + mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, + mbedtls_ssl_cache_get, + mbedtls_ssl_cache_set); + } +#endif + + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); + TEST_ASSERT(ret == 0); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { + mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); + } +#endif + + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, + options->opaque_alg, + options->opaque_alg2, + options->opaque_usage); + TEST_ASSERT(ret == 0); + + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); + mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); + mbedtls_ssl_set_user_data_p(&ep->ssl, ep); + +exit: + return ret; +} + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) +{ + mbedtls_endpoint_certificate_free(ep); + + mbedtls_ssl_free(&(ep->ssl)); + mbedtls_ssl_config_free(&(ep->conf)); + + if (context != NULL) { + mbedtls_test_message_socket_close(context); + } else { + mbedtls_test_mock_socket_close(&(ep->socket)); + } +} + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state) +{ + enum { BUFFSIZE = 1024 }; + int max_steps = 1000; + int ret = 0; + + if (ssl == NULL || second_ssl == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + /* Perform communication via connected sockets */ + while ((ssl->state != state) && (--max_steps >= 0)) { + /* If /p second_ssl ends the handshake procedure before /p ssl then + * there is no need to call the next step */ + if (!mbedtls_ssl_is_handshake_over(second_ssl)) { + ret = mbedtls_ssl_handshake_step(second_ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + + /* We only care about the \p ssl state and returns, so we call it last, + * to leave the iteration as soon as the state is as expected. */ + ret = mbedtls_ssl_handshake_step(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + + return (max_steps >= 0) ? ret : -1; +} + +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +/* + * Write application data. Increase write counter if necessary. + */ +int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, + int buf_len, int *written, + const int expected_fragments) +{ + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); + } + + int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); + if (ret > 0) { + *written += ret; + } + + if (expected_fragments == 0) { + /* Used for DTLS and the message size larger than MFL. In that case + * the message can not be fragmented and the library should return + * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned + * to prevent a dead loop inside mbedtls_exchange_data(). */ + return ret; + } else if (expected_fragments == 1) { + /* Used for TLS/DTLS and the message size lower than MFL */ + TEST_ASSERT(ret == buf_len || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } else { + /* Used for TLS and the message size larger than MFL */ + TEST_ASSERT(expected_fragments > 1); + TEST_ASSERT((ret >= 0 && ret <= buf_len) || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } + + return 0; + +exit: + /* Some of the tests failed */ + return -1; +} + +/* + * Read application data and increase read counter and fragments counter + * if necessary. + */ +int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, + int buf_len, int *read, + int *fragments, const int expected_fragments) +{ + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); + } + + int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); + if (ret > 0) { + (*fragments)++; + *read += ret; + } + + if (expected_fragments == 0) { + TEST_ASSERT(ret == 0); + } else if (expected_fragments == 1) { + TEST_ASSERT(ret == buf_len || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } else { + TEST_ASSERT(expected_fragments > 1); + TEST_ASSERT((ret >= 0 && ret <= buf_len) || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } + + return 0; + +exit: + /* Some of the tests failed */ + return -1; +} + +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ + +#define CHK(x) \ + do \ + { \ + if (!(x)) \ + { \ + ret = -1; \ + goto cleanup; \ + } \ + } while (0) + +void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, + int *forced_ciphersuite) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + forced_ciphersuite[1] = 0; + + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); + + TEST_ASSERT(ciphersuite_info != NULL); + TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); + TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); + + if (conf->max_tls_version > ciphersuite_info->max_tls_version) { + conf->max_tls_version = ciphersuite_info->max_tls_version; + } + if (conf->min_tls_version < ciphersuite_info->min_tls_version) { + conf->min_tls_version = ciphersuite_info->min_tls_version; + } + + mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); + +exit: + return; +} + +int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) +{ + (void) p_info; + (void) ssl; + (void) name; + (void) name_len; + + return 0; +} + +#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX +#else +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) +int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, + const unsigned char *iv, + size_t iv_len, + const unsigned char *input, + size_t ilen, + unsigned char *output, + size_t *olen) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; + size_t part_len; + + status = psa_cipher_encrypt_setup(&cipher_op, + transform->psa_key_enc, + transform->psa_alg); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + status = psa_cipher_set_iv(&cipher_op, iv, iv_len); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, + &part_len); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + *olen += part_len; + return 0; +#else + return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, + iv, iv_len, input, ilen, output, olen); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && + MBEDTLS_AES_C */ + +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, + size_t cid0_len, + size_t cid1_len) +{ + mbedtls_cipher_info_t const *cipher_info; + int ret = 0; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + size_t key_bits; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#endif + + size_t keylen, maclen, ivlen; + unsigned char *key0 = NULL, *key1 = NULL; + unsigned char *md0 = NULL, *md1 = NULL; + unsigned char iv_enc[16], iv_dec[16]; + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + unsigned char cid0[SSL_CID_LEN_MIN]; + unsigned char cid1[SSL_CID_LEN_MIN]; + + mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); + mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); +#else + ((void) cid0_len); + ((void) cid1_len); +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + maclen = 0; + + /* Pick cipher */ + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + CHK(cipher_info != NULL); + CHK(cipher_info->iv_size <= 16); + CHK(cipher_info->key_bitlen % 8 == 0); + + /* Pick keys */ + keylen = cipher_info->key_bitlen / 8; + /* Allocate `keylen + 1` bytes to ensure that we get + * a non-NULL pointers from `mbedtls_calloc` even if + * `keylen == 0` in the case of the NULL cipher. */ + CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); + CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); + memset(key0, 0x1, keylen); + memset(key1, 0x2, keylen); + +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + /* Setup cipher contexts */ + CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + if (cipher_info->mode == MBEDTLS_MODE_CBC) { + CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, + MBEDTLS_PADDING_NONE) == 0); + } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + + CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, + keylen << 3, MBEDTLS_ENCRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, + keylen << 3, MBEDTLS_DECRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, + keylen << 3, MBEDTLS_ENCRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, + keylen << 3, MBEDTLS_DECRYPT) == 0); +#endif + + /* Setup MAC contexts */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + if (cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_STREAM) { +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); + CHK(md_info != NULL); +#endif + maclen = mbedtls_hash_info_get_size(hash_id); + CHK(maclen != 0); + /* Pick hash keys */ + CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); + CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); + memset(md0, 0x5, maclen); + memset(md1, 0x6, maclen); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + alg = mbedtls_hash_info_psa_from_md(hash_id); + + CHK(alg != 0); + + t_out->psa_mac_alg = PSA_ALG_HMAC(alg); + t_in->psa_mac_alg = PSA_ALG_HMAC(alg); + t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; + t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; + t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; + t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; + + psa_reset_key_attributes(&attributes); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); + psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); + + CHK(psa_import_key(&attributes, + md0, maclen, + &t_in->psa_mac_enc) == PSA_SUCCESS); + + CHK(psa_import_key(&attributes, + md1, maclen, + &t_out->psa_mac_enc) == PSA_SUCCESS); + + if (cipher_info->mode == MBEDTLS_MODE_STREAM || + etm == MBEDTLS_SSL_ETM_DISABLED) { + /* mbedtls_ct_hmac() requires the key to be exportable */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_VERIFY_HASH); + } else { + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + } + + CHK(psa_import_key(&attributes, + md1, maclen, + &t_in->psa_mac_dec) == PSA_SUCCESS); + + CHK(psa_import_key(&attributes, + md0, maclen, + &t_out->psa_mac_dec) == PSA_SUCCESS); +#else + CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); + + CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, + md0, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, + md1, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, + md1, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, + md0, maclen) == 0); +#endif + } +#else + ((void) hash_id); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + + + /* Pick IV's (regardless of whether they + * are being used by the transform). */ + ivlen = cipher_info->iv_size; + memset(iv_enc, 0x3, sizeof(iv_enc)); + memset(iv_dec, 0x4, sizeof(iv_dec)); + + /* + * Setup transforms + */ + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + t_out->encrypt_then_mac = etm; + t_in->encrypt_then_mac = etm; +#else + ((void) etm); +#endif + + t_out->tls_version = tls_version; + t_in->tls_version = tls_version; + t_out->ivlen = ivlen; + t_in->ivlen = ivlen; + + switch (cipher_info->mode) { + case MBEDTLS_MODE_GCM: + case MBEDTLS_MODE_CCM: +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + } else +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + { + t_out->fixed_ivlen = 4; + t_in->fixed_ivlen = 4; + } + t_out->maclen = 0; + t_in->maclen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + ret = 1; + goto cleanup; + } + break; + + case MBEDTLS_MODE_CHACHAPOLY: + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + t_out->maclen = 0; + t_in->maclen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + ret = 1; + goto cleanup; + } + break; + + case MBEDTLS_MODE_STREAM: + case MBEDTLS_MODE_CBC: + t_out->fixed_ivlen = 0; /* redundant, must be 0 */ + t_in->fixed_ivlen = 0; /* redundant, must be 0 */ + t_out->taglen = 0; + t_in->taglen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->maclen = maclen; + t_in->maclen = maclen; + break; + default: + ret = 1; + goto cleanup; + } + break; + default: + ret = 1; + goto cleanup; + break; + } + + /* Setup IV's */ + + memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); + memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); + memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); + memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* Add CID */ + memcpy(&t_in->in_cid, cid0, cid0_len); + memcpy(&t_in->out_cid, cid1, cid1_len); + t_in->in_cid_len = cid0_len; + t_in->out_cid_len = cid1_len; + memcpy(&t_out->in_cid, cid1, cid1_len); + memcpy(&t_out->out_cid, cid0, cid0_len); + t_out->in_cid_len = cid1_len; + t_out->out_cid_len = cid0_len; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = mbedtls_ssl_cipher_to_psa(cipher_type, + t_in->taglen, + &alg, + &key_type, + &key_bits); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + t_in->psa_alg = alg; + t_out->psa_alg = alg; + + if (alg != MBEDTLS_SSL_NULL_CIPHER) { + psa_reset_key_attributes(&attributes); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + status = psa_import_key(&attributes, + key0, + PSA_BITS_TO_BYTES(key_bits), + &t_in->psa_key_enc); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + status = psa_import_key(&attributes, + key1, + PSA_BITS_TO_BYTES(key_bits), + &t_out->psa_key_enc); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); + + status = psa_import_key(&attributes, + key1, + PSA_BITS_TO_BYTES(key_bits), + &t_in->psa_key_dec); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + status = psa_import_key(&attributes, + key0, + PSA_BITS_TO_BYTES(key_bits), + &t_out->psa_key_dec); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +cleanup: + + mbedtls_free(key0); + mbedtls_free(key1); + + mbedtls_free(md0); + mbedtls_free(md1); + + return ret; +} + +/* + * Populate a session structure for serialization tests. + * Choose dummy values, mostly non-0 to distinguish from the init default. + */ +int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) +{ +#if defined(MBEDTLS_HAVE_TIME) + session->start = mbedtls_time(NULL) - 42; +#endif + session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + session->ciphersuite = 0xabcd; + session->id_len = sizeof(session->id); + memset(session->id, 66, session->id_len); + memset(session->master, 17, sizeof(session->master)); + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) + if (crt_file != NULL && strlen(crt_file) != 0) { + mbedtls_x509_crt tmp_crt; + int ret; + + mbedtls_x509_crt_init(&tmp_crt); + ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); + if (ret != 0) { + return ret; + } + +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + /* Move temporary CRT. */ + session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); + if (session->peer_cert == NULL) { + return -1; + } + *session->peer_cert = tmp_crt; + memset(&tmp_crt, 0, sizeof(tmp_crt)); +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* Calculate digest of temporary CRT. */ + session->peer_cert_digest = + mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); + if (session->peer_cert_digest == NULL) { + return -1; + } + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); + size_t hash_size = 0; + psa_status_t status = psa_hash_compute( + psa_alg, tmp_crt.raw.p, + tmp_crt.raw.len, + session->peer_cert_digest, + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, + &hash_size); + ret = PSA_TO_MBEDTLS_ERR(status); +#else + ret = mbedtls_md(mbedtls_md_info_from_type( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), + tmp_crt.raw.p, tmp_crt.raw.len, + session->peer_cert_digest); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (ret != 0) { + return ret; + } + session->peer_cert_digest_type = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; + session->peer_cert_digest_len = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + + mbedtls_x509_crt_free(&tmp_crt); + } +#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ + (void) crt_file; +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ + session->verify_result = 0xdeadbeef; + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + if (ticket_len != 0) { + session->ticket = mbedtls_calloc(1, ticket_len); + if (session->ticket == NULL) { + return -1; + } + memset(session->ticket, 33, ticket_len); + } + session->ticket_len = ticket_len; + session->ticket_lifetime = 86401; +#else + (void) ticket_len; +#endif + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + session->mfl_code = 1; +#endif +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + session->encrypt_then_mac = 1; +#endif + + return 0; +} + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type) +{ + ((void) ticket_len); + session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; + session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; + session->ciphersuite = 0xabcd; + session->ticket_age_add = 0x87654321; + session->ticket_flags = 0x7; + + session->resumption_key_len = 32; + memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); + +#if defined(MBEDTLS_HAVE_TIME) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + session->start = mbedtls_time(NULL) - 42; + } +#endif + +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_HAVE_TIME) + session->ticket_received = mbedtls_time(NULL) - 40; +#endif + session->ticket_lifetime = 0xfedcba98; + + session->ticket_len = ticket_len; + if (ticket_len != 0) { + session->ticket = mbedtls_calloc(1, ticket_len); + if (session->ticket == NULL) { + return -1; + } + memset(session->ticket, 33, ticket_len); + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + + return 0; +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the + * message was sent in the correct number of fragments. + * + * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both + * of them must be initialized and connected + * beforehand. + * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. + * /p expected_fragments_1 and /p expected_fragments_2 determine in how many + * fragments the message should be sent. + * expected_fragments is 0: can be used for DTLS testing while the message + * size is larger than MFL. In that case the message + * cannot be fragmented and sent to the second + * endpoint. + * This value can be used for negative tests. + * expected_fragments is 1: can be used for TLS/DTLS testing while the + * message size is below MFL + * expected_fragments > 1: can be used for TLS testing while the message + * size is larger than MFL + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2) +{ + unsigned char *msg_buf_1 = malloc(msg_len_1); + unsigned char *msg_buf_2 = malloc(msg_len_2); + unsigned char *in_buf_1 = malloc(msg_len_2); + unsigned char *in_buf_2 = malloc(msg_len_1); + int msg_type, ret = -1; + + /* Perform this test with two message types. At first use a message + * consisting of only 0x00 for the client and only 0xFF for the server. + * At the second time use message with generated data */ + for (msg_type = 0; msg_type < 2; msg_type++) { + int written_1 = 0; + int written_2 = 0; + int read_1 = 0; + int read_2 = 0; + int fragments_1 = 0; + int fragments_2 = 0; + + if (msg_type == 0) { + memset(msg_buf_1, 0x00, msg_len_1); + memset(msg_buf_2, 0xff, msg_len_2); + } else { + int i, j = 0; + for (i = 0; i < msg_len_1; i++) { + msg_buf_1[i] = j++ & 0xFF; + } + for (i = 0; i < msg_len_2; i++) { + msg_buf_2[i] = (j -= 5) & 0xFF; + } + } + + while (read_1 < msg_len_2 || read_2 < msg_len_1) { + /* ssl_1 sending */ + if (msg_len_1 > written_1) { + ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, + msg_len_1, &written_1, + expected_fragments_1); + if (expected_fragments_1 == 0) { + /* This error is expected when the message is too large and + * cannot be fragmented */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + msg_len_1 = 0; + } else { + TEST_ASSERT(ret == 0); + } + } + + /* ssl_2 sending */ + if (msg_len_2 > written_2) { + ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, + msg_len_2, &written_2, + expected_fragments_2); + if (expected_fragments_2 == 0) { + /* This error is expected when the message is too large and + * cannot be fragmented */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + msg_len_2 = 0; + } else { + TEST_ASSERT(ret == 0); + } + } + + /* ssl_1 reading */ + if (read_1 < msg_len_2) { + ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, + msg_len_2, &read_1, + &fragments_2, + expected_fragments_2); + TEST_ASSERT(ret == 0); + } + + /* ssl_2 reading */ + if (read_2 < msg_len_1) { + ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, + msg_len_1, &read_2, + &fragments_1, + expected_fragments_1); + TEST_ASSERT(ret == 0); + } + } + + ret = -1; + TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); + TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); + TEST_ASSERT(fragments_1 == expected_fragments_1); + TEST_ASSERT(fragments_2 == expected_fragments_2); + } + + ret = 0; + +exit: + free(msg_buf_1); + free(in_buf_1); + free(msg_buf_2); + free(in_buf_2); + + return ret; +} + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints + * must be initialized and connected beforehand. + * + * \retval 0 on success, otherwise error code. + */ +int exchange_data(mbedtls_ssl_context *ssl_1, + mbedtls_ssl_context *ssl_2) +{ + return mbedtls_exchange_data(ssl_1, 256, 1, + ssl_2, 256, 1); +} + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static int check_ssl_version( + mbedtls_ssl_protocol_version expected_negotiated_version, + const mbedtls_ssl_context *ssl) +{ + const char *version_string = mbedtls_ssl_get_version(ssl); + mbedtls_ssl_protocol_version version_number = + mbedtls_ssl_get_version_number(ssl); + + TEST_EQUAL(ssl->tls_version, expected_negotiated_version); + + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_EQUAL(version_string[0], 'D'); + ++version_string; + } + + switch (expected_negotiated_version) { + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); + TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); + break; + + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); + TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); + break; + + default: + TEST_ASSERT( + !"Version check not implemented for this protocol version"); + } + + return 1; + +exit: + return 0; +} +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options) +{ + /* forced_ciphersuite needs to last until the end of the handshake */ + int forced_ciphersuite[2]; + enum { BUFFSIZE = 17000 }; + mbedtls_test_ssl_endpoint client, server; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif +#if defined(MBEDTLS_TIMING_C) + mbedtls_timing_delay_context timer_client, timer_server; +#endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + unsigned char *context_buf = NULL; + size_t context_buf_len; +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + int ret = -1; +#endif + int expected_handshake_result = options->expected_handshake_result; + + USE_PSA_INIT(); + mbedtls_platform_zeroize(&client, sizeof(client)); + mbedtls_platform_zeroize(&server, sizeof(server)); + mbedtls_test_ssl_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); + + /* Client side */ + if (options->dtls != 0) { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, &client_context, + &client_queue, + &server_queue, NULL) == 0); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, NULL, NULL, + NULL, NULL) == 0); + } + + if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_min_tls_version(&client.conf, + options->client_min_version); + } + + if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_max_tls_version(&client.conf, + options->client_max_version); + } + + if (strlen(options->cipher) > 0) { + set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); + } + +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun) { + mbedtls_debug_set_threshold(4); + mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, + options->cli_log_obj); + } +#endif + + /* Server side */ + if (options->dtls != 0) { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, &server_context, + &server_queue, + &client_queue, NULL) == 0); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, NULL, NULL, NULL, + NULL) == 0); + } + + mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + + if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_min_tls_version(&server.conf, + options->server_min_version); + } + + if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_max_tls_version(&server.conf, + options->server_max_version); + } + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), + (unsigned char) options->mfl) + == 0); + TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), + (unsigned char) options->mfl) + == 0); +#else + TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_ASSERT(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); + + TEST_ASSERT(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); +#if defined(MBEDTLS_SSL_SRV_C) + mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); +#endif + } +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&(server.conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_renegotiation(&(client.conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + + mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), + options->legacy_renegotiation); + mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + +#if defined(MBEDTLS_DEBUG_C) + if (options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, + options->srv_log_obj); + } +#endif + + TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE) == 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + + if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { + expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; + } + + TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER) + == expected_handshake_result); + + if (expected_handshake_result != 0) { + /* Connection will have failed by this point, skip to cleanup */ + goto exit; + } + + TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); + + /* Make sure server state is moved to HANDSHAKE_OVER also. */ + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), + &(client.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), + 0); + + TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); + /* Check that both sides have negotiated the expected version. */ + mbedtls_test_set_step(0); + if (!check_ssl_version(options->expected_negotiated_version, + &client.ssl)) { + goto exit; + } + + mbedtls_test_set_step(1); + if (!check_ssl_version(options->expected_negotiated_version, + &server.ssl)) { + goto exit; + } + + if (options->expected_ciphersuite != 0) { + TEST_EQUAL(server.ssl.session->ciphersuite, + options->expected_ciphersuite); + } + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* A server, when using DTLS, might delay a buffer resize to happen + * after it receives a message, so we force it. */ + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + + TEST_ASSERT(client.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_ASSERT(client.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif + + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + /* Start data exchanging test */ + TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments) + == 0); + } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if (options->serialize == 1) { + TEST_ASSERT(options->dtls == 1); + + TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, + 0, &context_buf_len) + == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + + context_buf = mbedtls_calloc(1, context_buf_len); + TEST_ASSERT(context_buf != NULL); + + TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, + context_buf_len, + &context_buf_len) + == 0); + + mbedtls_ssl_free(&(server.ssl)); + mbedtls_ssl_init(&(server.ssl)); + + TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); + + mbedtls_ssl_set_bio(&(server.ssl), &server_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + + mbedtls_ssl_set_user_data_p(&server.ssl, &server); + +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, + context_buf_len) == 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after context deserialization */ + if (options->resize_buffers != 0) { + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif + /* Retest writing/reading */ + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + TEST_ASSERT(mbedtls_exchange_data( + &(client.ssl), + options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), + options->srv_msg_len, + options->expected_srv_fragments) + == 0); + } + } +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + /* Start test with renegotiation */ + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + /* After calling this function for the server, it only sends a handshake + * request. All renegotiation should happen during data exchanging */ + TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ + ret = mbedtls_ssl_renegotiate(&(client.ssl)); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(ret == 0 || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after renegotiation */ + if (options->resize_buffers != 0) { + TEST_ASSERT(client.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_ASSERT(client.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); + +exit: + mbedtls_test_ssl_endpoint_free(&client, + options->dtls != 0 ? + &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, + options->dtls != 0 ? + &server_context : NULL); +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(0); + } +#endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if (context_buf != NULL) { + mbedtls_free(context_buf); + } +#endif + USE_PSA_DONE(); +} +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_TEST_HOOKS) +/* + * Tweak vector lengths in a TLS 1.3 Certificate message + * + * \param[in] buf Buffer containing the Certificate message to tweak + * \param[in]]out] end End of the buffer to parse + * \param tweak Tweak identifier (from 1 to the number of tweaks). + * \param[out] expected_result Error code expected from the parsing function + * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that + * is expected to fail. All zeroes if no + * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. + */ +int tweak_tls13_certificate_msg_vector_len( + unsigned char *buf, unsigned char **end, int tweak, + int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) +{ +/* + * The definition of the tweaks assume that the certificate list contains only + * one certificate. + */ + +/* + * struct { + * opaque cert_data<1..2^24-1>; + * Extension extensions<0..2^16-1>; + * } CertificateEntry; + * + * struct { + * opaque certificate_request_context<0..2^8-1>; + * CertificateEntry certificate_list<0..2^24-1>; + * } Certificate; + */ + unsigned char *p_certificate_request_context_len = buf; + size_t certificate_request_context_len = buf[0]; + + unsigned char *p_certificate_list_len = + buf + 1 + certificate_request_context_len; + unsigned char *certificate_list = p_certificate_list_len + 3; + size_t certificate_list_len = + MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); + + unsigned char *p_cert_data_len = certificate_list; + unsigned char *cert_data = p_cert_data_len + 3; + size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); + + unsigned char *p_extensions_len = cert_data + cert_data_len; + unsigned char *extensions = p_extensions_len + 2; + size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); + + *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; + + switch (tweak) { + case 1: + /* Failure when checking if the certificate request context length + * and certificate list length can be read + */ + *end = buf + 3; + set_chk_buf_ptr_args(args, buf, *end, 4); + break; + + case 2: + /* Invalid certificate request context length. + */ + *p_certificate_request_context_len = + certificate_request_context_len + 1; + reset_chk_buf_ptr_args(args); + break; + + case 3: + /* Failure when checking if certificate_list data can be read. */ + MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, + p_certificate_list_len, 0); + set_chk_buf_ptr_args(args, certificate_list, *end, + certificate_list_len + 1); + break; + + case 4: + /* Failure when checking if the cert_data length can be read. */ + MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); + set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); + break; + + case 5: + /* Failure when checking if cert_data data can be read. */ + MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, + p_cert_data_len, 0); + set_chk_buf_ptr_args(args, cert_data, + certificate_list + certificate_list_len, + certificate_list_len - 3 + 1); + break; + + case 6: + /* Failure when checking if the extensions length can be read. */ + MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, + p_certificate_list_len, 0); + set_chk_buf_ptr_args( + args, p_extensions_len, + certificate_list + certificate_list_len - extensions_len - 1, 2); + break; + + case 7: + /* Failure when checking if extensions data can be read. */ + MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); + + set_chk_buf_ptr_args( + args, extensions, + certificate_list + certificate_list_len, extensions_len + 1); + break; + + default: + return -1; + } + + return 0; +} +#endif /* MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 226e1b2a7..62eefae2e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -32,2431 +32,6 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int rng_seed = 0xBEEF; -static int rng_get(void *p_rng, unsigned char *output, size_t output_len) -{ - (void) p_rng; - for (size_t i = 0; i < output_len; i++) { - output[i] = rand(); - } - - return 0; -} -#endif - -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) -{ - mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; - - (void) level; - (void) line; - (void) file; - - if (NULL != p && - NULL != p->pattern && - NULL != strstr(str, p->pattern)) { - p->counter++; - } -} - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - srand(rng_seed); - rng_seed += 0xD0; -#endif - opts->cipher = ""; - opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - opts->expected_handshake_result = 0; - opts->expected_ciphersuite = 0; - opts->pk_alg = MBEDTLS_PK_RSA; - opts->opaque_alg = 0; - opts->opaque_alg2 = 0; - opts->opaque_usage = 0; - opts->psk_str = NULL; - opts->dtls = 0; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->serialize = 0; - opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; - opts->cli_msg_len = 100; - opts->srv_msg_len = 100; - opts->expected_cli_fragments = 1; - opts->expected_srv_fragments = 1; - opts->renegotiate = 0; - opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->srv_log_obj = NULL; - opts->srv_log_obj = NULL; - opts->srv_log_fun = NULL; - opts->cli_log_fun = NULL; - opts->resize_buffers = 1; -#if defined(MBEDTLS_SSL_CACHE_C) - opts->cache = NULL; - ASSERT_ALLOC(opts->cache, 1); - mbedtls_ssl_cache_init(opts->cache); -exit: - return; -#endif -} - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(opts->cache); - mbedtls_free(opts->cache); -#else - (void) opts; -#endif -} - -#if defined(MBEDTLS_TEST_HOOKS) -static void set_chk_buf_ptr_args( - mbedtls_ssl_chk_buf_ptr_args *args, - unsigned char *cur, unsigned char *end, size_t need) -{ - args->cur = cur; - args->end = end; - args->need = need; -} - -static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) -{ - memset(args, 0, sizeof(*args)); -} -#endif /* MBEDTLS_TEST_HOOKS */ - -/* - * Buffer structure for custom I/O callbacks. - */ - -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) -{ - memset(buf, 0, sizeof(*buf)); -} - -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity) -{ - buf->buffer = (unsigned char *) mbedtls_calloc(capacity, - sizeof(unsigned char)); - if (NULL == buf->buffer) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - buf->capacity = capacity; - - return 0; -} - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) -{ - if (buf->buffer != NULL) { - mbedtls_free(buf->buffer); - } - - memset(buf, 0, sizeof(*buf)); -} - -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - /* Reduce input_len to a number that fits in the buffer. */ - if ((buf->content_length + input_len) > buf->capacity) { - input_len = buf->capacity - buf->content_length; - } - - if (input == NULL) { - return (input_len == 0) ? 0 : -1; - } - - /* Check if the buffer has not come full circle and free space is not in - * the middle */ - if (buf->start + buf->content_length < buf->capacity) { - - /* Calculate the number of bytes that need to be placed at lower memory - * address */ - if (buf->start + buf->content_length + input_len - > buf->capacity) { - overflow = (buf->start + buf->content_length + input_len) - % buf->capacity; - } - - memcpy(buf->buffer + buf->start + buf->content_length, input, - input_len - overflow); - memcpy(buf->buffer, input + input_len - overflow, overflow); - - } else { - /* The buffer has come full circle and free space is in the middle */ - memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, - input, input_len); - } - - buf->content_length += input_len; - return input_len; -} - -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - if (output == NULL && output_len == 0) { - return 0; - } - - if (buf->content_length < output_len) { - output_len = buf->content_length; - } - - /* Calculate the number of bytes that need to be drawn from lower memory - * address */ - if (buf->start + output_len > buf->capacity) { - overflow = (buf->start + output_len) % buf->capacity; - } - - if (output != NULL) { - memcpy(output, buf->buffer + buf->start, output_len - overflow); - memcpy(output + output_len - overflow, buf->buffer, overflow); - } - - buf->content_length -= output_len; - buf->start = (buf->start + output_len) % buf->capacity; - - return output_len; -} - -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ -int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, - size_t capacity) -{ - queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); - if (NULL == queue->messages) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - queue->capacity = capacity; - queue->pos = 0; - queue->num = 0; - - return 0; -} - -void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) -{ - if (queue == NULL) { - return; - } - - if (queue->messages != NULL) { - mbedtls_free(queue->messages); - } - - memset(queue, 0, sizeof(*queue)); -} - -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len) -{ - int place; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - place = (queue->pos + queue->num) % queue->capacity; - queue->messages[place] = len; - queue->num++; - return len; -} - -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len) -{ - size_t message_length; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - message_length = queue->messages[queue->pos]; - queue->messages[queue->pos] = 0; - queue->num--; - queue->pos++; - queue->pos %= queue->capacity; - if (queue->pos < 0) { - queue->pos += queue->capacity; - } - - return (message_length > buf_len) ? buf_len : message_length; -} - -/* - * Take a peek on the info about the next message length from the queue. - * This will be the oldest inserted message length(fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval 0, if the peek was successful. - * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is - * too small to fit the message. In this case the \p msg_len will be - * set to the full message length so that the - * caller knows what portion of the message can be dropped. - */ -int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) -{ - if (queue == NULL || msg_len == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - *msg_len = queue->messages[queue->pos]; - return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; -} - -/* - * Setup and teardown functions for mock sockets. - */ -void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) -{ - memset(socket, 0, sizeof(*socket)); -} - -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) -{ - if (socket == NULL) { - return; - } - - if (socket->input != NULL) { - mbedtls_test_ssl_buffer_free(socket->input); - mbedtls_free(socket->input); - } - - if (socket->output != NULL) { - mbedtls_test_ssl_buffer_free(socket->output); - mbedtls_free(socket->output); - } - - if (socket->peer != NULL) { - memset(socket->peer, 0, sizeof(*socket->peer)); - } - - memset(socket, 0, sizeof(*socket)); -} - -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) -{ - int ret = -1; - - peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer1->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { - goto exit; - } - - peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer2->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { - goto exit; - } - - peer1->peer = peer2; - peer2->peer = peer1; - peer1->input = peer2->output; - peer2->input = peer1->output; - - peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; - ret = 0; - -exit: - - if (ret != 0) { - mbedtls_test_mock_socket_close(peer1); - mbedtls_test_mock_socket_close(peer2); - } - - return ret; -} - -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ - -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, - size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ - -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, - size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->output->capacity == socket->output->content_length) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->input->content_length == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) -{ - ctx->queue_input = NULL; - ctx->queue_output = NULL; - ctx->socket = NULL; -} - -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) -{ - int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); - if (ret != 0) { - return ret; - } - ctx->queue_input = queue_input; - ctx->queue_output = queue_output; - ctx->socket = socket; - mbedtls_mock_socket_init(socket); - - return 0; -} - -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ -void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_test_ssl_message_queue_free(ctx->queue_input); - mbedtls_test_mock_socket_close(ctx->socket); - memset(ctx, 0, sizeof(*ctx)); -} - -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, - size_t len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - - if (context == NULL || context->socket == NULL - || context->queue_output == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_output; - socket = context->socket; - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { - return MBEDTLS_TEST_ERROR_SEND_FAILED; - } - - return mbedtls_test_ssl_message_queue_push_info(queue, len); -} - -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. - */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, - size_t buf_len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - size_t drop_len = 0; - size_t msg_len; - int ret; - - if (context == NULL || context->socket == NULL - || context->queue_input == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_input; - socket = context->socket; - - /* Peek first, so that in case of a socket error the data remains in - * the queue. */ - ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Calculate how much to drop */ - drop_len = msg_len - buf_len; - - /* Set the requested message len to be buffer length */ - msg_len = buf_len; - } else if (ret != 0) { - return ret; - } - - if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { - return MBEDTLS_TEST_ERROR_RECV_FAILED; - } - - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) - != (int) drop_len) { - /* Inconsistent state - part of the message was read, - * and a part couldn't. Not much we can do here, but it should not - * happen in test environment, unless forced manually. */ - } - } - mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - - return msg_len; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Deinitializes certificates from endpoint represented by \p ep. - */ -void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) -{ - mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); - if (cert != NULL) { - if (cert->ca_cert != NULL) { - mbedtls_x509_crt_free(cert->ca_cert); - mbedtls_free(cert->ca_cert); - cert->ca_cert = NULL; - } - if (cert->cert != NULL) { - mbedtls_x509_crt_free(cert->cert); - mbedtls_free(cert->cert); - cert->cert = NULL; - } - if (cert->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; - psa_destroy_key(*key_slot); - } -#endif - mbedtls_pk_free(cert->pkey); - mbedtls_free(cert->pkey); - cert->pkey = NULL; - } - } -} - -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage) -{ - int i = 0; - int ret = -1; - mbedtls_test_ssl_endpoint_certificate *cert = NULL; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert = &(ep->cert); - ASSERT_ALLOC(cert->ca_cert, 1); - ASSERT_ALLOC(cert->cert, 1); - ASSERT_ALLOC(cert->pkey, 1); - - mbedtls_x509_crt_init(cert->ca_cert); - mbedtls_x509_crt_init(cert->cert); - mbedtls_pk_init(cert->pkey); - - /* Load the trusted CA */ - - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der( - cert->ca_cert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - TEST_ASSERT(ret == 0); - } - - /* Load own certificate and private key */ - - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } - } else { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opaque_alg != 0) { - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot, - opaque_alg, opaque_usage, - opaque_alg2), 0); - } -#else - (void) opaque_alg; - (void) opaque_alg2; - (void) opaque_usage; -#endif - - mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - TEST_ASSERT(ep->conf.key_cert != NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_ASSERT(ret == 0); - TEST_ASSERT(ep->conf.key_cert == NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - -exit: - if (ret != 0) { - mbedtls_endpoint_certificate_free(ep); - } - - return ret; -} - -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) -{ - int ret = -1; - uintptr_t user_data_n; - - if (dtls_context != NULL && - (input_queue == NULL || output_queue == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - - } - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(ep, 0, sizeof(*ep)); - - ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; - - mbedtls_ssl_init(&(ep->ssl)); - mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL); - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); - - (void) mbedtls_test_rnd_std_rand(NULL, - (void *) &user_data_n, - sizeof(user_data_n)); - mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); - mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - - if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); - } else { - mbedtls_mock_socket_init(&(ep->socket)); - } - - /* Non-blocking callbacks without timeout */ - if (dtls_context != NULL) { - mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - (dtls_context != NULL) ? - MBEDTLS_SSL_TRANSPORT_DATAGRAM : - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - TEST_ASSERT(ret == 0); - - if (group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), group_list); - } - - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); - -#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { - mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); - } -#endif - - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_ASSERT(ret == 0); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { - mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); - } -#endif - - ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, - options->opaque_alg, - options->opaque_alg2, - options->opaque_usage); - TEST_ASSERT(ret == 0); - - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); - mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); - mbedtls_ssl_set_user_data_p(&ep->ssl, ep); - -exit: - return ret; -} - -/* - * Deinitializes endpoint represented by \p ep. - */ -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) -{ - mbedtls_endpoint_certificate_free(ep); - - mbedtls_ssl_free(&(ep->ssl)); - mbedtls_ssl_config_free(&(ep->conf)); - - if (context != NULL) { - mbedtls_test_message_socket_close(context); - } else { - mbedtls_test_mock_socket_close(&(ep->socket)); - } -} - -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) -{ - enum { BUFFSIZE = 1024 }; - int max_steps = 1000; - int ret = 0; - - if (ssl == NULL || second_ssl == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Perform communication via connected sockets */ - while ((ssl->state != state) && (--max_steps >= 0)) { - /* If /p second_ssl ends the handshake procedure before /p ssl then - * there is no need to call the next step */ - if (!mbedtls_ssl_is_handshake_over(second_ssl)) { - ret = mbedtls_ssl_handshake_step(second_ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - /* We only care about the \p ssl state and returns, so we call it last, - * to leave the iteration as soon as the state is as expected. */ - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - return (max_steps >= 0) ? ret : -1; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Write application data. Increase write counter if necessary. - */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *written, - const int expected_fragments) -{ - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); - } - - int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); - if (ret > 0) { - *written += ret; - } - - if (expected_fragments == 0) { - /* Used for DTLS and the message size larger than MFL. In that case - * the message can not be fragmented and the library should return - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_exchange_data(). */ - return ret; - } else if (expected_fragments == 1) { - /* Used for TLS/DTLS and the message size lower than MFL */ - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - /* Used for TLS and the message size larger than MFL */ - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Read application data and increase read counter and fragments counter - * if necessary. - */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *read, - int *fragments, const int expected_fragments) -{ - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); - } - - int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); - if (ret > 0) { - (*fragments)++; - *read += ret; - } - - if (expected_fragments == 0) { - TEST_ASSERT(ret == 0); - } else if (expected_fragments == 1) { - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ - -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - -void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - forced_ciphersuite[1] = 0; - - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); - - if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = ciphersuite_info->max_tls_version; - } - if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = ciphersuite_info->min_tls_version; - } - - mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); - -exit: - return; -} - -int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} - -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - size_t part_len; - - status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, - transform->psa_alg); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_set_iv(&cipher_op, iv, iv_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, - &part_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *olen += part_len; - return 0; -#else - return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - iv, iv_len, input, ilen, output, olen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && - MBEDTLS_AES_C */ - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len) -{ - mbedtls_cipher_info_t const *cipher_info; - int ret = 0; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - size_t key_bits; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - - size_t keylen, maclen, ivlen; - unsigned char *key0 = NULL, *key1 = NULL; - unsigned char *md0 = NULL, *md1 = NULL; - unsigned char iv_enc[16], iv_dec[16]; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid0[SSL_CID_LEN_MIN]; - unsigned char cid1[SSL_CID_LEN_MIN]; - - mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); - mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); -#else - ((void) cid0_len); - ((void) cid1_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - maclen = 0; - - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type(cipher_type); - CHK(cipher_info != NULL); - CHK(cipher_info->iv_size <= 16); - CHK(cipher_info->key_bitlen % 8 == 0); - - /* Pick keys */ - keylen = cipher_info->key_bitlen / 8; - /* Allocate `keylen + 1` bytes to ensure that we get - * a non-NULL pointers from `mbedtls_calloc` even if - * `keylen == 0` in the case of the NULL cipher. */ - CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); - CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); - memset(key0, 0x1, keylen); - memset(key1, 0x2, keylen); - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_info->mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - keylen << 3, MBEDTLS_ENCRYPT) == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - keylen << 3, MBEDTLS_DECRYPT) == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - keylen << 3, MBEDTLS_ENCRYPT) == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - keylen << 3, MBEDTLS_DECRYPT) == 0); -#endif - - /* Setup MAC contexts */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (cipher_info->mode == MBEDTLS_MODE_CBC || - cipher_info->mode == MBEDTLS_MODE_STREAM) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); - CHK(md_info != NULL); -#endif - maclen = mbedtls_hash_info_get_size(hash_id); - CHK(maclen != 0); - /* Pick hash keys */ - CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); - CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); - memset(md0, 0x5, maclen); - memset(md1, 0x6, maclen); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_hash_info_psa_from_md(hash_id); - - CHK(alg != 0); - - t_out->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_in->psa_mac_enc) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_out->psa_mac_enc) == PSA_SUCCESS); - - if (cipher_info->mode == MBEDTLS_MODE_STREAM || - etm == MBEDTLS_SSL_ETM_DISABLED) { - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - } else { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - } - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_in->psa_mac_dec) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_out->psa_mac_dec) == PSA_SUCCESS); -#else - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); -#endif - } -#else - ((void) hash_id); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - - /* Pick IV's (regardless of whether they - * are being used by the transform). */ - ivlen = cipher_info->iv_size; - memset(iv_enc, 0x3, sizeof(iv_enc)); - memset(iv_dec, 0x4, sizeof(iv_dec)); - - /* - * Setup transforms - */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - t_out->encrypt_then_mac = etm; - t_in->encrypt_then_mac = etm; -#else - ((void) etm); -#endif - - t_out->tls_version = tls_version; - t_in->tls_version = tls_version; - t_out->ivlen = ivlen; - t_in->ivlen = ivlen; - - switch (cipher_info->mode) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { - t_out->fixed_ivlen = 4; - t_in->fixed_ivlen = 4; - } - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_CHACHAPOLY: - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_STREAM: - case MBEDTLS_MODE_CBC: - t_out->fixed_ivlen = 0; /* redundant, must be 0 */ - t_in->fixed_ivlen = 0; /* redundant, must be 0 */ - t_out->taglen = 0; - t_in->taglen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->maclen = maclen; - t_in->maclen = maclen; - break; - default: - ret = 1; - goto cleanup; - } - break; - default: - ret = 1; - goto cleanup; - break; - } - - /* Setup IV's */ - - memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); - memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Add CID */ - memcpy(&t_in->in_cid, cid0, cid0_len); - memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = cid0_len; - t_in->out_cid_len = cid1_len; - memcpy(&t_out->in_cid, cid1, cid1_len); - memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = cid1_len; - t_out->out_cid_len = cid0_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = mbedtls_ssl_cipher_to_psa(cipher_type, - t_in->taglen, - &alg, - &key_type, - &key_bits); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - t_in->psa_alg = alg; - t_out->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -cleanup: - - mbedtls_free(key0); - mbedtls_free(key1); - - mbedtls_free(md0); - mbedtls_free(md1); - - return ret; -} - -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - const char *crt_file) -{ -#if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_time(NULL) - 42; -#endif - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - session->ciphersuite = 0xabcd; - session->id_len = sizeof(session->id); - memset(session->id, 66, session->id_len); - memset(session->master, 17, sizeof(session->master)); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) - if (crt_file != NULL && strlen(crt_file) != 0) { - mbedtls_x509_crt tmp_crt; - int ret; - - mbedtls_x509_crt_init(&tmp_crt); - ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); - if (ret != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Move temporary CRT. */ - session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); - if (session->peer_cert == NULL) { - return -1; - } - *session->peer_cert = tmp_crt; - memset(&tmp_crt, 0, sizeof(tmp_crt)); -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Calculate digest of temporary CRT. */ - session->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (session->peer_cert_digest == NULL) { - return -1; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); - size_t hash_size = 0; - psa_status_t status = psa_hash_compute( - psa_alg, tmp_crt.raw.p, - tmp_crt.raw.len, - session->peer_cert_digest, - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, - &hash_size); - ret = PSA_TO_MBEDTLS_ERR(status); -#else - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - return ret; - } - session->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - session->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_x509_crt_free(&tmp_crt); - } -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - (void) crt_file; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - session->verify_result = 0xdeadbeef; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } - session->ticket_len = ticket_len; - session->ticket_lifetime = 86401; -#else - (void) ticket_len; -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - session->mfl_code = 1; -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - session->encrypt_then_mac = 1; -#endif - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type) -{ - ((void) ticket_len); - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; - session->ciphersuite = 0xabcd; - session->ticket_age_add = 0x87654321; - session->ticket_flags = 0x7; - - session->resumption_key_len = 32; - memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); - -#if defined(MBEDTLS_HAVE_TIME) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->start = mbedtls_time(NULL) - 42; - } -#endif - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_received = mbedtls_time(NULL) - 40; -#endif - session->ticket_lifetime = 0xfedcba98; - - session->ticket_len = ticket_len; - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) -{ - unsigned char *msg_buf_1 = malloc(msg_len_1); - unsigned char *msg_buf_2 = malloc(msg_len_2); - unsigned char *in_buf_1 = malloc(msg_len_2); - unsigned char *in_buf_2 = malloc(msg_len_1); - int msg_type, ret = -1; - - /* Perform this test with two message types. At first use a message - * consisting of only 0x00 for the client and only 0xFF for the server. - * At the second time use message with generated data */ - for (msg_type = 0; msg_type < 2; msg_type++) { - int written_1 = 0; - int written_2 = 0; - int read_1 = 0; - int read_2 = 0; - int fragments_1 = 0; - int fragments_2 = 0; - - if (msg_type == 0) { - memset(msg_buf_1, 0x00, msg_len_1); - memset(msg_buf_2, 0xff, msg_len_2); - } else { - int i, j = 0; - for (i = 0; i < msg_len_1; i++) { - msg_buf_1[i] = j++ & 0xFF; - } - for (i = 0; i < msg_len_2; i++) { - msg_buf_2[i] = (j -= 5) & 0xFF; - } - } - - while (read_1 < msg_len_2 || read_2 < msg_len_1) { - /* ssl_1 sending */ - if (msg_len_1 > written_1) { - ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, - msg_len_1, &written_1, - expected_fragments_1); - if (expected_fragments_1 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_1 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_2 sending */ - if (msg_len_2 > written_2) { - ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, - msg_len_2, &written_2, - expected_fragments_2); - if (expected_fragments_2 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_2 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_1 reading */ - if (read_1 < msg_len_2) { - ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, - msg_len_2, &read_1, - &fragments_2, - expected_fragments_2); - TEST_ASSERT(ret == 0); - } - - /* ssl_2 reading */ - if (read_2 < msg_len_1) { - ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, - msg_len_1, &read_2, - &fragments_1, - expected_fragments_1); - TEST_ASSERT(ret == 0); - } - } - - ret = -1; - TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_ASSERT(fragments_1 == expected_fragments_1); - TEST_ASSERT(fragments_2 == expected_fragments_2); - } - - ret = 0; - -exit: - free(msg_buf_1); - free(in_buf_1); - free(msg_buf_2); - free(in_buf_2); - - return ret; -} - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints - * must be initialized and connected beforehand. - * - * \retval 0 on success, otherwise error code. - */ -int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) -{ - return mbedtls_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int check_ssl_version( - mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *ssl) -{ - const char *version_string = mbedtls_ssl_get_version(ssl); - mbedtls_ssl_protocol_version version_number = - mbedtls_ssl_get_version_number(ssl); - - TEST_EQUAL(ssl->tls_version, expected_negotiated_version); - - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_EQUAL(version_string[0], 'D'); - ++version_string; - } - - switch (expected_negotiated_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); - TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); - break; - - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); - break; - - default: - TEST_ASSERT( - !"Version check not implemented for this protocol version"); - } - - return 1; - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options) -{ - /* forced_ciphersuite needs to last until the end of the handshake */ - int forced_ciphersuite[2]; - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int ret = -1; -#endif - int expected_handshake_result = options->expected_handshake_result; - - USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - - /* Client side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, &client_context, - &client_queue, - &server_queue, NULL) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL, NULL) == 0); - } - - if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&client.conf, - options->client_min_version); - } - - if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&client.conf, - options->client_max_version); - } - - if (strlen(options->cipher) > 0) { - set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); - } - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, - options->cli_log_obj); - } -#endif - - /* Server side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, &server_context, - &server_queue, - &client_queue, NULL) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, NULL, - NULL) == 0); - } - - mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); - - if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&server.conf, - options->server_min_version); - } - - if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&server.conf, - options->server_max_version); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) - == 0); -#else - TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - TEST_ASSERT(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_DEBUG_C) - if (options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, - options->srv_log_obj); - } -#endif - - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - - if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { - expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) - == expected_handshake_result); - - if (expected_handshake_result != 0) { - /* Connection will have failed by this point, skip to cleanup */ - goto exit; - } - - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); - - /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), - &(client.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), - 0); - - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); - /* Check that both sides have negotiated the expected version. */ - mbedtls_test_set_step(0); - if (!check_ssl_version(options->expected_negotiated_version, - &client.ssl)) { - goto exit; - } - - mbedtls_test_set_step(1); - if (!check_ssl_version(options->expected_negotiated_version, - &server.ssl)) { - goto exit; - } - - if (options->expected_ciphersuite != 0) { - TEST_EQUAL(server.ssl.session->ciphersuite, - options->expected_ciphersuite); - } - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* A server, when using DTLS, might delay a buffer resize to happen - * after it receives a message, so we force it. */ - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (options->serialize == 1) { - TEST_ASSERT(options->dtls == 1); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, - 0, &context_buf_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, - context_buf_len, - &context_buf_len) - == 0); - - mbedtls_ssl_free(&(server.ssl)); - mbedtls_ssl_init(&(server.ssl)); - - TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); - - mbedtls_ssl_set_bio(&(server.ssl), &server_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - - mbedtls_ssl_set_user_data_p(&server.ssl, &server); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, - context_buf_len) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_exchange_data( - &(client.ssl), - options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), - options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - /* Start test with renegotiation */ - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client.ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); - -exit: - mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? - &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? - &server_context : NULL); -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(0); - } -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_free(context_buf); - } -#endif - USE_PSA_DONE(); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -/* - * Tweak vector lengths in a TLS 1.3 Certificate message - * - * \param[in] buf Buffer containing the Certificate message to tweak - * \param[in]]out] end End of the buffer to parse - * \param tweak Tweak identifier (from 1 to the number of tweaks). - * \param[out] expected_result Error code expected from the parsing function - * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that - * is expected to fail. All zeroes if no - * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. - */ -int tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) -{ -/* - * The definition of the tweaks assume that the certificate list contains only - * one certificate. - */ - -/* - * struct { - * opaque cert_data<1..2^24-1>; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - */ - unsigned char *p_certificate_request_context_len = buf; - size_t certificate_request_context_len = buf[0]; - - unsigned char *p_certificate_list_len = - buf + 1 + certificate_request_context_len; - unsigned char *certificate_list = p_certificate_list_len + 3; - size_t certificate_list_len = - MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); - - unsigned char *p_cert_data_len = certificate_list; - unsigned char *cert_data = p_cert_data_len + 3; - size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); - - unsigned char *p_extensions_len = cert_data + cert_data_len; - unsigned char *extensions = p_extensions_len + 2; - size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); - - *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; - - switch (tweak) { - case 1: - /* Failure when checking if the certificate request context length - * and certificate list length can be read - */ - *end = buf + 3; - set_chk_buf_ptr_args(args, buf, *end, 4); - break; - - case 2: - /* Invalid certificate request context length. - */ - *p_certificate_request_context_len = - certificate_request_context_len + 1; - reset_chk_buf_ptr_args(args); - break; - - case 3: - /* Failure when checking if certificate_list data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, certificate_list, *end, - certificate_list_len + 1); - break; - - case 4: - /* Failure when checking if the cert_data length can be read. */ - MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); - break; - - case 5: - /* Failure when checking if cert_data data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, - p_cert_data_len, 0); - set_chk_buf_ptr_args(args, cert_data, - certificate_list + certificate_list_len, - certificate_list_len - 3 + 1); - break; - - case 6: - /* Failure when checking if the extensions length can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args( - args, p_extensions_len, - certificate_list + certificate_list_len - extensions_len - 1, 2); - break; - - case 7: - /* Failure when checking if extensions data can be read. */ - MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); - - set_chk_buf_ptr_args( - args, extensions, - certificate_list + certificate_list_len, extensions_len + 1); - break; - - default: - return -1; - } - - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ - #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) From 4d07d1c394726c21a33a50e449049899ee691c13 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 27 Oct 2022 15:28:16 +0800 Subject: [PATCH 08/17] Resolve build errors for ssl_helpers.c and test_suite_ssl.c Since we move many functions from test_suite_ssl.function to ssl_helpers.c in commit 8e2bbdd. This causes various of build errors. This commit fixes all the build errors by - including header files - providing function definition - adding guards for typedef statements and functions Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 373 ++++++++++++++++++++++++++- tests/src/ssl_helpers.c | 8 +- tests/suites/test_suite_ssl.function | 1 - 3 files changed, 374 insertions(+), 8 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index a292def7b..72095ea61 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -23,8 +23,22 @@ #ifndef SSL_HELPERS_H #define SSL_HELPERS_H +#include "mbedtls/build_info.h" + +#include + #include -#include +#include +#include +#include + +#if defined(MBEDTLS_SSL_TLS_C) +#include +#include +#include +#include "hash_info.h" + +#include "test/certs.h" #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" @@ -142,4 +156,361 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* + * This function can be passed to mbedtls to receive output logs from it. In + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. + */ +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str); + +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts); + +void mbedtls_test_free_handshake_options( + mbedtls_test_handshake_test_options *opts); + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_free()` on \p buf. + */ +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. + */ +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity); + +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); + +/* + * + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len); + +/* + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL or it hasn't been set up. + */ +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len); + +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity); + +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue); + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len); + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len); + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket); + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacities of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize); + + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, + size_t len); + +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); + +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, + size_t len); + +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); + +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx); + +/* + * Setup a given message socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx); + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx); + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_ssl_message_queue_push_info. + */ +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, + size_t len); + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. + */ +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, + size_t buf_len); + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg, + int opaque_alg, int opaque_alg2, + int opaque_usage); + +/* + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and + * MBEDTLS_PK_ECDSA are supported. + * \p dtls_context - in case of DTLS - this is the context handling metadata. + * \p input_queue - used only in case of DTLS. + * \p output_queue - used only in case of DTLS. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + uint16_t *group_list); + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context); + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state); + +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) +int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, + const unsigned char *iv, + size_t iv_len, + const unsigned char *input, + size_t ilen, + unsigned char *output, + size_t *olen); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && + MBEDTLS_AES_C */ + +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, + size_t cid0_len, + size_t cid1_len); + +/* + * Populate a session structure for serialization tests. + * Choose dummy values, mostly non-0 to distinguish from the init default. + */ +int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the + * message was sent in the correct number of fragments. + * + * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both + * of them must be initialized and connected + * beforehand. + * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. + * /p expected_fragments_1 and /p expected_fragments_2 determine in how many + * fragments the message should be sent. + * expected_fragments is 0: can be used for DTLS testing while the message + * size is larger than MFL. In that case the message + * cannot be fragmented and sent to the second + * endpoint. + * This value can be used for negative tests. + * expected_fragments is 1: can be used for TLS/DTLS testing while the + * message size is below MFL + * expected_fragments > 1: can be used for TLS testing while the message + * size is larger than MFL + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2); + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options); +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_TEST_HOOKS) +/* + * Tweak vector lengths in a TLS 1.3 Certificate message + * + * \param[in] buf Buffer containing the Certificate message to tweak + * \param[in]]out] end End of the buffer to parse + * \param tweak Tweak identifier (from 1 to the number of tweaks). + * \param[out] expected_result Error code expected from the parsing function + * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that + * is expected to fail. All zeroes if no + * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. + */ +int tweak_tls13_certificate_msg_vector_len( + unsigned char *buf, unsigned char **end, int tweak, + int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_SSL_TLS_C */ + #endif /* SSL_HELPERS_H */ diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c index 150f6e84d..793eed605 100644 --- a/tests/src/ssl_helpers.c +++ b/tests/src/ssl_helpers.c @@ -22,6 +22,7 @@ #include +#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int rng_seed = 0xBEEF; static int rng_get(void *p_rng, unsigned char *output, size_t output_len) @@ -269,12 +270,6 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return output_len; } -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - /* * Setup and free functions for the message metadata queue. * @@ -2446,3 +2441,4 @@ int tweak_tls13_certificate_msg_vector_len( return 0; } #endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 62eefae2e..7edfb273b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5,7 +5,6 @@ #include #include #include -#include "test/certs.h" #include #include From 1fca4de942e9fb64bd493fed08091e2d165ab974 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 6 Feb 2023 12:10:48 +0800 Subject: [PATCH 09/17] ssl_helpers.c: remove duplicate comments for some functions Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 18 ++- tests/src/ssl_helpers.c | 234 +------------------------------ 2 files changed, 22 insertions(+), 230 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 72095ea61..fecfad906 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -188,7 +188,6 @@ int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); /* - * * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. * * \p buf must have been initialized and set up by calling @@ -300,7 +299,6 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, /* * Callbacks for simulating blocking I/O over connection-oriented transport. */ - int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len); @@ -309,7 +307,6 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); /* * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ - int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len); @@ -429,6 +426,21 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ +#define CHK(x) \ + do \ + { \ + if (!(x)) \ + { \ + ret = -1; \ + goto cleanup; \ + } \ + } while (0) + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c index 793eed605..8dcb6d278 100644 --- a/tests/src/ssl_helpers.c +++ b/tests/src/ssl_helpers.c @@ -36,11 +36,6 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len) } #endif -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, const char *str) @@ -133,20 +128,11 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) * Buffer structure for custom I/O callbacks. */ -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { @@ -169,17 +155,6 @@ void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) memset(buf, 0, sizeof(*buf)); } -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, const unsigned char *input, size_t input_len) { @@ -224,18 +199,6 @@ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, return input_len; } -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, unsigned char *output, size_t output_len) { @@ -270,15 +233,6 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return output_len; } -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, size_t capacity) { @@ -307,14 +261,6 @@ void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) memset(queue, 0, sizeof(*queue)); } -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ int mbedtls_test_ssl_message_queue_push_info( mbedtls_test_ssl_message_queue *queue, size_t len) { @@ -333,16 +279,6 @@ int mbedtls_test_ssl_message_queue_push_info( return len; } -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ int mbedtls_test_ssl_message_queue_pop_info( mbedtls_test_ssl_message_queue *queue, size_t buf_len) { @@ -392,27 +328,11 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -/* - * Setup and teardown functions for mock sockets. - */ void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { @@ -436,16 +356,6 @@ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) memset(socket, 0, sizeof(*socket)); } -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, mbedtls_test_mock_socket *peer2, size_t bufsize) @@ -494,10 +404,6 @@ exit: return ret; } -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ - int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { @@ -521,10 +427,6 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ - int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { @@ -563,15 +465,6 @@ void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) ctx->socket = NULL; } -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ int mbedtls_test_message_socket_setup( mbedtls_test_ssl_message_queue *queue_input, mbedtls_test_ssl_message_queue *queue_output, @@ -591,10 +484,6 @@ int mbedtls_test_message_socket_setup( return 0; } -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { @@ -606,19 +495,6 @@ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) memset(ctx, 0, sizeof(*ctx)); } -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { @@ -646,20 +522,6 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, return mbedtls_test_ssl_message_queue_push_info(queue, len); } -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. - */ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { @@ -743,12 +605,6 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) } } -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, int opaque_alg, int opaque_alg2, @@ -879,21 +735,6 @@ exit: return ret; } -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, mbedtls_test_handshake_test_options *options, @@ -1000,9 +841,6 @@ exit: return ret; } -/* - * Deinitializes endpoint represented by \p ep. - */ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) @@ -1019,13 +857,6 @@ void mbedtls_test_ssl_endpoint_free( } } -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, mbedtls_ssl_context *second_ssl, int state) @@ -1067,8 +898,9 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, /* * Write application data. Increase write counter if necessary. */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *written, +int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *written, const int expected_fragments) { /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is @@ -1112,9 +944,10 @@ exit: * Read application data and increase read counter and fragments counter * if necessary. */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *read, - int *fragments, const int expected_fragments) +int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *read, int *fragments, + const int expected_fragments) { /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ @@ -1148,22 +981,6 @@ exit: return -1; } -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ - -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, int *forced_ciphersuite) { @@ -1611,10 +1428,6 @@ cleanup: return ret; } -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) @@ -1756,28 +1569,6 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, int msg_len_1, const int expected_fragments_1, mbedtls_ssl_context *ssl_2, @@ -2326,17 +2117,6 @@ exit: #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) -/* - * Tweak vector lengths in a TLS 1.3 Certificate message - * - * \param[in] buf Buffer containing the Certificate message to tweak - * \param[in]]out] end End of the buffer to parse - * \param tweak Tweak identifier (from 1 to the number of tweaks). - * \param[out] expected_result Error code expected from the parsing function - * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that - * is expected to fail. All zeroes if no - * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. - */ int tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) From b458b8c0ec6ac45ed24f4844bbe220fbbaadb1a8 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 28 Oct 2022 11:49:33 +0800 Subject: [PATCH 10/17] Fix build errors in CMake tests/src/ssl_helpers.c depends on functions defined in library/*.c. If it's complied as an OBJECT with other c files, cmake complains undefined reference in link stage under programs/. Therefore, tests/src/test_helpers/ is created to hold c files with dependency of library/*.c. Besides, tests/src/test_helper/*.c is separated into another OBJECT, mbedtls_test_helpers, as sources to build all test suite executables. In addition, everest header directory is included in case MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is enabled. Signed-off-by: Yanray Wang --- CMakeLists.txt | 13 ++++++++++++- tests/CMakeLists.txt | 4 +++- tests/Makefile | 9 +++++++-- tests/src/{ => test_helpers}/ssl_helpers.c | 0 4 files changed, 22 insertions(+), 4 deletions(-) rename tests/src/{ => test_helpers}/ssl_helpers.c (100%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 519604b50..7bd918932 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -280,12 +280,23 @@ add_subdirectory(library) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) + file(GLOB MBEDTLS_TEST_FILES + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library) + + file(GLOB MBEDTLS_TEST_HELPER_FILES + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c) + add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES}) + target_include_directories(mbedtls_test_helpers + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include) endif() if(ENABLE_PROGRAMS) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 4549a7a2b..9bd93f156 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -237,7 +237,9 @@ function(add_test_suite suite_name) test_suite_${data_name}.datax ) - add_executable(test_suite_${data_name} test_suite_${data_name}.c $) + add_executable(test_suite_${data_name} test_suite_${data_name}.c + $ + $) add_dependencies(test_suite_${data_name} ${dependency}) target_link_libraries(test_suite_${data_name} ${libs}) # Include test-specific header files from ./include and private header diff --git a/tests/Makefile b/tests/Makefile index 26947f4b9..75dc3c629 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -160,7 +160,7 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c)) +MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c src/test_helpers/*.c)) mbedtls_test: $(MBEDTLS_TEST_OBJS) @@ -181,6 +181,10 @@ src/drivers/%.o : src/drivers/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< +src/test_helpers/%.o : src/test_helpers/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) c: $(C_FILES) @@ -217,7 +221,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax - rm -f src/*.o src/drivers/*.o src/libmbed* + rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* rm -f include/test/instrument_record_status.h rm -f include/alt-extra/*/*_alt.h rm -rf libtestdriver1 @@ -228,6 +232,7 @@ else if exist *.datax del /Q /F *.datax if exist src/*.o del /Q /F src/*.o if exist src/drivers/*.o del /Q /F src/drivers/*.o + if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o if exist src/libmbed* del /Q /F src/libmed* if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h endif diff --git a/tests/src/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c similarity index 100% rename from tests/src/ssl_helpers.c rename to tests/src/test_helpers/ssl_helpers.c From e64b40520d7c92c4c45b17aca93d2a2aa09f1376 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 28 Oct 2022 18:12:01 +0800 Subject: [PATCH 11/17] Fix build error in CI about test_fail_if_psa_leaking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit During test of component build_arm_linux_gnueabi_gcc_arm5vte and build_arm_none_eabi_gcc_m0plus. It fails with - error: implicit declaration of function ‘test_fail_if_psa_leaking’ It happens because test_fail_if_psa_leaking is defined in helpers.function. This block of code is not converted into C code while compiling ssl_helpers.c. The function has been moved to psa_crypto_helpers.c in order to fix this build error. Signed-off-by: Yanray Wang --- tests/include/test/psa_crypto_helpers.h | 22 +++++++++++++++------- tests/src/psa_crypto_helpers.c | 11 +++++++++++ tests/suites/helpers.function | 19 ------------------- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 19a0483cc..ac6eb2083 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -104,11 +104,11 @@ const char *mbedtls_test_helper_is_psa_leaking(void); * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` * but with a more informative message. */ -#define ASSERT_PSA_PRISTINE() \ +#define ASSERT_PSA_PRISTINE() \ do \ { \ - if (test_fail_if_psa_leaking(__LINE__, __FILE__)) \ - goto exit; \ + if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \ + goto exit; \ } \ while (0) @@ -122,12 +122,12 @@ const char *mbedtls_test_helper_is_psa_leaking(void); * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before * creating them. */ -#define PSA_DONE() \ +#define PSA_DONE() \ do \ { \ - test_fail_if_psa_leaking(__LINE__, __FILE__); \ - mbedtls_test_psa_purge_key_storage(); \ - mbedtls_psa_crypto_free(); \ + mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ + mbedtls_test_psa_purge_key_storage(); \ + mbedtls_psa_crypto_free(); \ } \ while (0) @@ -193,6 +193,14 @@ psa_status_t mbedtls_test_record_status(psa_status_t status, */ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags); +/** Check that no PSA Crypto key slots are in use. + * + * If any slots are in use, mark the current test as failed. + * + * \return 0 if the key store is empty, 1 otherwise. + */ +int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); + /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or * alternative implementation. diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 06274d388..77c2f8976 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -138,4 +138,15 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) return updated_usage; } +int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) +{ + const char *msg = mbedtls_test_helper_is_psa_leaking(); + if (msg == NULL) { + return 0; + } else { + mbedtls_test_fail(msg, line_no, filename); + return 1; + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 313459e4f..60eae9a64 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -76,25 +76,6 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ /* Helper Functions */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -/** Check that no PSA Crypto key slots are in use. - * - * If any slots are in use, mark the current test as failed. - * - * \return 0 if the key store is empty, 1 otherwise. - */ -int test_fail_if_psa_leaking(int line_no, const char *filename) -{ - const char *msg = mbedtls_test_helper_is_psa_leaking(); - if (msg == NULL) { - return 0; - } else { - mbedtls_test_fail(msg, line_no, filename); - return 1; - } -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) */ - #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output(FILE *out_stream, const char *path) { From a8f445e60f903c3365d6945b4eaf885bf2354ae9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 3 Nov 2022 11:51:59 +0800 Subject: [PATCH 12/17] Fix issue of conversion from size_t to int ssl_helpers.c is treated with W3 warning level in MSVC complier. So that it's reported as error for warning of conversion from size_t to int. This change fixes all this type of warning seen in Microsoft Visual Studio 12.0. Besides, some potential problems of type conversion are also handled. Signed-off-by: Yanray Wang --- tests/src/test_helpers/ssl_helpers.c | 39 +++++++++++++++++----------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 8dcb6d278..776755ccb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -196,7 +196,7 @@ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, } buf->content_length += input_len; - return input_len; + return (input_len > INT_MAX) ? INT_MAX : (int) input_len; } int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, @@ -230,7 +230,7 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, buf->content_length -= output_len; buf->start = (buf->start + output_len) % buf->capacity; - return output_len; + return (output_len > INT_MAX) ? INT_MAX : (int) output_len; } int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, @@ -241,7 +241,7 @@ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - queue->capacity = capacity; + queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; queue->pos = 0; queue->num = 0; @@ -276,7 +276,7 @@ int mbedtls_test_ssl_message_queue_push_info( place = (queue->pos + queue->num) % queue->capacity; queue->messages[place] = len; queue->num++; - return len; + return (len > INT_MAX) ? INT_MAX : (int) len; } int mbedtls_test_ssl_message_queue_pop_info( @@ -299,7 +299,8 @@ int mbedtls_test_ssl_message_queue_pop_info( queue->pos += queue->capacity; } - return (message_length > buf_len) ? buf_len : message_length; + return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : + (message_length > buf_len) ? (int) buf_len : (int) message_length; } /* @@ -569,7 +570,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, } mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - return msg_len; + return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -1151,13 +1152,21 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, #endif /* MBEDTLS_CIPHER_MODE_CBC */ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - keylen << 3, MBEDTLS_ENCRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_ENCRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - keylen << 3, MBEDTLS_DECRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_DECRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - keylen << 3, MBEDTLS_ENCRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_ENCRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - keylen << 3, MBEDTLS_DECRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_DECRYPT) + == 0); #endif /* Setup MAC contexts */ @@ -1344,12 +1353,12 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Add CID */ memcpy(&t_in->in_cid, cid0, cid0_len); memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = cid0_len; - t_in->out_cid_len = cid1_len; + t_in->in_cid_len = (uint8_t) cid0_len; + t_in->out_cid_len = (uint8_t) cid1_len; memcpy(&t_out->in_cid, cid1, cid1_len); memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = cid1_len; - t_out->out_cid_len = cid0_len; + t_out->in_cid_len = (uint8_t) cid1_len; + t_out->out_cid_len = (uint8_t) cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -2169,7 +2178,7 @@ int tweak_tls13_certificate_msg_vector_len( /* Invalid certificate request context length. */ *p_certificate_request_context_len = - certificate_request_context_len + 1; + (unsigned char) certificate_request_context_len + 1; reset_chk_buf_ptr_args(args); break; From 1db628f254e454433b70de9ee21b63b953cc957e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Feb 2023 11:01:29 +0800 Subject: [PATCH 13/17] Move ECJPAKE_TEST_SET_PASSWORD into ssl_helpers.h Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 16 ++++++++++++++++ tests/suites/test_suite_ssl.function | 15 --------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index fecfad906..eb89d1956 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -523,6 +523,22 @@ int tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ + +#define ECJPAKE_TEST_PWD "bla" + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ + ret = (use_opaque_arg) ? \ + mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ + mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ + TEST_EQUAL(ret, exp_ret_val) +#else +#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ + ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ + pwd_string, pwd_len); \ + TEST_EQUAL(ret, exp_ret_val) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #endif /* MBEDTLS_SSL_TLS_C */ #endif /* SSL_HELPERS_H */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7edfb273b..2babbc666 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -31,21 +31,6 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -#define ECJPAKE_TEST_PWD "bla" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = (use_opaque_arg) ? \ - mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ - mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#else -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ - pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#endif - #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ group_id_); \ From 09a6f7e14fb47d81073c00be60c5c11795b6df45 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Feb 2023 11:04:38 +0800 Subject: [PATCH 14/17] Move TEST_AVAILABLE_ECC into ssl_helpers.h Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 19 +++++++++++++++++++ tests/suites/test_suite_ssl.function | 19 ------------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index eb89d1956..9d88ad115 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -539,6 +539,25 @@ int tweak_tls13_certificate_msg_vector_len( TEST_EQUAL(ret, exp_ret_val) #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ + TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ + group_id_); \ + TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ + tls_id_); \ + TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ + &psa_family, &psa_bits), PSA_SUCCESS); \ + TEST_EQUAL(psa_family_, psa_family); \ + TEST_EQUAL(psa_bits_, psa_bits); + +#define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ + TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ + MBEDTLS_ECP_DP_NONE); \ + TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ + 0); \ + TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ + &psa_family, &psa_bits), \ + PSA_ERROR_NOT_SUPPORTED); + #endif /* MBEDTLS_SSL_TLS_C */ #endif /* SSL_HELPERS_H */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2babbc666..623ee08b5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -31,25 +31,6 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - group_id_); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - tls_id_); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_family, &psa_bits), PSA_SUCCESS); \ - TEST_EQUAL(psa_family_, psa_family); \ - TEST_EQUAL(psa_bits_, psa_bits); - -#define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - MBEDTLS_ECP_DP_NONE); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - 0); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_family, &psa_bits), \ - PSA_ERROR_NOT_SUPPORTED); - /* END_HEADER */ /* BEGIN_DEPENDENCIES From 5ba709c449c664fc444308b984524634f56d170e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Feb 2023 11:07:56 +0800 Subject: [PATCH 15/17] Move #define Directive into ssl_helpers.h Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 18 ++++++++++++++++++ tests/suites/test_suite_ssl.function | 18 ------------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 9d88ad115..cb6fd2efd 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -44,6 +44,24 @@ #include "mbedtls/ssl_cache.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +#endif +enum { +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ + tls13_label_ ## name, + MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL +}; + typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; size_t counter; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 623ee08b5..f03cd6a41 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -13,24 +13,6 @@ #include #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -#endif -enum { -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - tls13_label_ ## name, - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL -}; - /* END_HEADER */ /* BEGIN_DEPENDENCIES From 3463435ec5533dce0cf6c7ff1deed72590ce33e7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Feb 2023 17:56:51 +0800 Subject: [PATCH 16/17] ssl_helpers.c: fix review comments and improve code readability Signed-off-by: Yanray Wang --- tests/src/test_helpers/ssl_helpers.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 776755ccb..d18114b14 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -428,8 +428,8 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, - size_t len) +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -496,8 +496,8 @@ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) memset(ctx, 0, sizeof(*ctx)); } -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, - size_t len) +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; @@ -523,8 +523,8 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, return mbedtls_test_ssl_message_queue_push_info(queue, len); } -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, - size_t buf_len) +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; From af727a28c9d5ac4eb532e3069df670b90824f26a Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Mar 2023 19:22:36 +0800 Subject: [PATCH 17/17] ssl_helpers.c: improve code readability Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 16 ++++++++-------- tests/src/test_helpers/ssl_helpers.c | 14 ++++++-------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index cb6fd2efd..b38c58aee 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -317,16 +317,16 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, /* * Callbacks for simulating blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, - size_t len); +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len); int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); /* * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, - size_t len); +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len); int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); @@ -368,8 +368,8 @@ void mbedtls_test_message_socket_close( * This function will also return any error from * mbedtls_test_ssl_message_queue_push_info. */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, - size_t len); +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len); /* * Receive one message from a given message socket context and return message @@ -385,8 +385,8 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from * mbedtls_test_message_queue_peek_info. */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, - size_t buf_len); +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d18114b14..d248e2935 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -405,8 +405,8 @@ exit: return ret; } -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, - size_t len) +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -561,8 +561,8 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) - != (int) drop_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != + (int) drop_len) { /* Inconsistent state - part of the message was read, * and a part couldn't. Not much we can do here, but it should not * happen in test environment, unless forced manually. */ @@ -2106,11 +2106,9 @@ void mbedtls_test_ssl_perform_handshake( exit: mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? - &client_context : NULL); + options->dtls != 0 ? &client_context : NULL); mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? - &server_context : NULL); + options->dtls != 0 ? &server_context : NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0);