yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load

Browse source 
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
This commit is contained in:
Ronald Cron 2022-07-23 08:57:11 +02:00 committed by GitHub
commit e579ece305
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 552 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/mbedtls/ssl.h
View file

@ -1184,6 +1184,8 @@ struct mbedtls_ssl_session
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */
uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */
unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN];

212
library/ssl_tls.c
View file

@ -440,12 +440,12 @@ static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned ch
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
#endif /* MBEDTLS_SHA384_C */
static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
static size_t ssl_tls12_session_save( const mbedtls_ssl_session *session,
unsigned char *buf,
size_t buf_len );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_session_load_tls12( mbedtls_ssl_session *session,
static int ssl_tls12_session_load( mbedtls_ssl_session *session,
const unsigned char *buf,
size_t len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -1893,7 +1893,170 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static size_t ssl_session_save_tls13( const mbedtls_ssl_session *session,
/* Serialization of TLS 1.3 sessions:
*
* struct {
* uint64 ticket_received;
* uint32 ticket_lifetime;
* opaque ticket<0..2^16>;
* } ClientOnlyData;
*
* struct {
* uint8 endpoint;
* uint8 ciphersuite[2];
* uint32 ticket_age_add;
* uint8 ticket_flags;
* opaque resumption_key<0..255>;
* select ( endpoint ) {
* case client: ClientOnlyData;
* case server: uint64 start_time;
* };
* } serialized_session_tls13;
*
*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session,
unsigned char *buf,
size_t buf_len )
{
unsigned char *p = buf;
size_t needed = 1 /* endpoint */
+ 2 /* ciphersuite */
+ 4 /* ticket_age_add */
+ 2 /* resumption_key length */
+ session->resumption_key_len; /* resumption_key */
#if defined(MBEDTLS_HAVE_TIME)
needed += 8; /* start_time or ticket_received */
#endif
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
needed += 4 /* ticket_lifetime */
+ 2 /* ticket_len */
+ session->ticket_len; /* ticket */
}
#endif /* MBEDTLS_SSL_CLI_C */
if( needed > buf_len )
return( needed );
p[0] = session->endpoint;
MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 1 );
MBEDTLS_PUT_UINT32_BE( session->ticket_age_add, p, 3 );
p[7] = session->ticket_flags;
/* save resumption_key */
p[8] = session->resumption_key_len;
p += 9;
memcpy( p, session->resumption_key, session->resumption_key_len );
p += session->resumption_key_len;
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
{
MBEDTLS_PUT_UINT64_BE( (uint64_t) session->start, p, 0 );
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
#if defined(MBEDTLS_HAVE_TIME)
MBEDTLS_PUT_UINT64_BE( (uint64_t) session->ticket_received, p, 0 );
p += 8;
#endif
MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
p += 4;
MBEDTLS_PUT_UINT16_BE( session->ticket_len, p, 0 );
p += 2;
if( session->ticket_len > 0 )
{
memcpy( p, session->ticket, session->ticket_len );
p += session->ticket_len;
}
}
#endif /* MBEDTLS_SSL_CLI_C */
return( needed );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_load( mbedtls_ssl_session *session,
const unsigned char *buf,
size_t len )
{
const unsigned char *p = buf;
const unsigned char *end = buf + len;
if( end - p < 9 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->endpoint = p[0];
session->ciphersuite = MBEDTLS_GET_UINT16_BE( p, 1 );
session->ticket_age_add = MBEDTLS_GET_UINT32_BE( p, 3 );
session->ticket_flags = p[7];
/* load resumption_key */
session->resumption_key_len = p[8];
p += 9;
if( end - p < session->resumption_key_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( sizeof( session->resumption_key ) < session->resumption_key_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
memcpy( session->resumption_key, p, session->resumption_key_len );
p += session->resumption_key_len;
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
{
if( end - p < 8 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->start = MBEDTLS_GET_UINT64_BE( p, 0 );
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
#if defined(MBEDTLS_HAVE_TIME)
if( end - p < 8 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->ticket_received = MBEDTLS_GET_UINT64_BE( p, 0 );
p += 8;
#endif
if( end - p < 4 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->ticket_lifetime = MBEDTLS_GET_UINT32_BE( p, 0 );
p += 4;
if( end - p < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->ticket_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
if( end - p < ( long int )session->ticket_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( session->ticket_len > 0 )
{
session->ticket = mbedtls_calloc( 1, session->ticket_len );
if( session->ticket == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( session->ticket, p, session->ticket_len );
p += session->ticket_len;
}
}
#endif /* MBEDTLS_SSL_CLI_C */
return( 0 );
}
#else /* MBEDTLS_SSL_SESSION_TICKETS */
static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session,
unsigned char *buf,
size_t buf_len )
{
@ -1902,6 +2065,17 @@ static size_t ssl_session_save_tls13( const mbedtls_ssl_session *session,
((void) buf_len);
return( 0 );
}
static int ssl_tls13_session_load( const mbedtls_ssl_session *session,
unsigned char *buf,
size_t buf_len )
{
((void) session);
((void) buf);
((void) buf_len);
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* !MBEDTLS_SSL_SESSION_TICKETS */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
@ -2832,12 +3006,14 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
size_t used = 0;
size_t remaining_len;
if( session == NULL )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
if( !omit_header )
{
/*
* Add Mbed TLS version identifier
*/
used += sizeof( ssl_serialized_session_header );
if( used <= buf_len )
@ -2863,18 +3039,14 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
{
used += ssl_session_save_tls12( session, p, remaining_len );
used += ssl_tls12_session_save( session, p, remaining_len );
break;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
{
used += ssl_session_save_tls13( session, p, remaining_len );
used += ssl_tls13_session_save( session, p, remaining_len );
break;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
default:
@ -2913,6 +3085,11 @@ static int ssl_session_load( mbedtls_ssl_session *session,
{
const unsigned char *p = buf;
const unsigned char * const end = buf + len;
size_t remaining_len;
if( session == NULL )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
if( !omit_header )
{
@ -2939,16 +3116,19 @@ static int ssl_session_load( mbedtls_ssl_session *session,
session->tls_version = 0x0300 | *p++;
/* Dispatch according to TLS version. */
remaining_len = ( end - p );
switch( session->tls_version )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
{
size_t remaining_len = ( end - p );
return( ssl_session_load_tls12( session, p, remaining_len ) );
}
return( ssl_tls12_session_load( session, p, remaining_len ) );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
return( ssl_tls13_session_load( session, p, remaining_len ) );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
default:
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@ -7831,7 +8011,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
* } serialized_session_tls12;
*
*/
static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
static size_t ssl_tls12_session_save( const mbedtls_ssl_session *session,
unsigned char *buf,
size_t buf_len )
{
@ -7983,7 +8163,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_session_load_tls12( mbedtls_ssl_session *session,
static int ssl_tls12_session_load( mbedtls_ssl_session *session,
const unsigned char *buf,
size_t len )
{

6
library/ssl_tls13_client.c
View file

@ -1110,6 +1110,7 @@ static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_is_supported_versions_ext_present(
ssl, buf, end ) );
if( ret == 0 )
{
MBEDTLS_SSL_PROC_CHK_NEG(
@ -1143,6 +1144,11 @@ static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl,
return( SSL_SERVER_HELLO_TLS1_2 );
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
ssl->session_negotiate->tls_version = ssl->tls_version;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
ret = ssl_server_hello_is_hrr( ssl, buf, end );

1
library/ssl_tls13_server.c
View file

@ -1006,6 +1006,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
/* Store minor version for later use with ticket serialization. */
ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
#endif
/* ...

9
tests/ssl-opt.sh
View file

@ -12658,11 +12658,12 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache " \
"$P_CLI debug_level=4" \
"$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3
@ -12672,11 +12673,12 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
"$P_CLI debug_level=4" \
"$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
@ -12713,11 +12715,12 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
"$P_CLI debug_level=4" \
"$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
-c "HTTP/1.0 200 OK" \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \

152
tests/suites/test_suite_ssl.data
View file

@ -796,19 +796,51 @@ ssl_set_hostname_twice:"server0":"server1"
SSL session serialization: Wrong major version
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:1:0:0:0
ssl_session_serialize_version_check:1:0:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2
SSL session serialization: Wrong minor version
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:1:0:0
ssl_session_serialize_version_check:0:1:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2
SSL session serialization: Wrong patch version
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:1:0
ssl_session_serialize_version_check:0:0:1:0:0:MBEDTLS_SSL_VERSION_TLS1_2
SSL session serialization: Wrong config
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:0:1
ssl_session_serialize_version_check:0:0:0:1:0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: session serialization: Wrong major version
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: session serialization: Wrong minor version
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: session serialization: Wrong patch version
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: session serialization: Wrong config
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong major version
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong minor version
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong patch version
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong config
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Record crypt, AES-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
@ -3169,99 +3201,163 @@ ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef12345678
Session serialization, save-load: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:""
ssl_serialize_session_save_load:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:""
ssl_serialize_session_save_load:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:""
ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:"data_files/server5.crt"
ssl_serialize_session_save_load:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: small ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:"data_files/server5.crt"
ssl_serialize_session_save_load:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: large ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:"data_files/server5.crt"
ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save-load: no ticket
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_load:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, save-load: small ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_load:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, save-load: large ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: Session serialization, save-load: large ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Session serialization, load-save: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:""
ssl_serialize_session_load_save:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:42:""
ssl_serialize_session_load_save:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:1023:""
ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:"data_files/server5.crt"
ssl_serialize_session_load_save:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: small ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:42:"data_files/server5.crt"
ssl_serialize_session_load_save:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: large ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:1023:"data_files/server5.crt"
ssl_serialize_session_load_save:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load-save: no ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, load-save: small ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_load_save:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, load-save: large ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_load_save:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: Session serialization, load-save
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Session serialization, save buffer size: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:""
ssl_serialize_session_save_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:42:""
ssl_serialize_session_save_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:1023:""
ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt"
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: small ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt"
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: large ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt"
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save buffer size: no ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, save buffer size: small ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, save buffer size: large ticket
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: Session serialization, save buffer size
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Session serialization, load buffer size: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_buf_size:0:""
ssl_serialize_session_load_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: small ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:42:""
ssl_serialize_session_load_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: large ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:1023:""
ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: no ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt"
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: small ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt"
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: large ticket, cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt"
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load buffer size: no ticket
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, load buffer size: small ticket
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, load buffer size: large ticket
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: Session serialization, load buffer size
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Constant-flow HMAC: MD5
depends_on:MBEDTLS_MD5_C

271
tests/suites/test_suite_ssl.function
View file

@ -1724,7 +1724,7 @@ cleanup:
* Populate a session structure for serialization tests.
* Choose dummy values, mostly non-0 to distinguish from the init default.
*/
static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
static int ssl_tls12_populate_session( mbedtls_ssl_session *session,
int ticket_len,
const char *crt_file )
{
@ -1805,6 +1805,52 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session,
return( 0 );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static int ssl_tls13_populate_session( mbedtls_ssl_session *session,
int ticket_len,
int endpoint_type )
{
((void) ticket_len);
session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ?
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER;
session->ciphersuite = 0xabcd;
session->ticket_age_add = 0x87654321;
session->ticket_flags = 0x7;
session->resumption_key_len = 32;
memset( session->resumption_key, 0x99, sizeof( session->resumption_key ) );
#if defined(MBEDTLS_HAVE_TIME)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
{
session->start = mbedtls_time( NULL ) - 42;
}
#endif
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
#if defined(MBEDTLS_HAVE_TIME)
session->ticket_received = mbedtls_time( NULL ) - 40;
#endif
session->ticket_lifetime = 0xfedcba98;
session->ticket_len = ticket_len;
if( ticket_len != 0 )
{
session->ticket = mbedtls_calloc( 1, ticket_len );
if( session->ticket == NULL )
return( -1 );
memset( session->ticket, 33, ticket_len );
}
}
#endif /* MBEDTLS_SSL_CLI_C */
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/*
* Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
* message was sent in the correct number of fragments.
@ -4624,7 +4670,8 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
void ssl_serialize_session_save_load( int ticket_len, char *crt_file,
int endpoint_type, int tls_version )
{
mbedtls_ssl_session original, restored;
unsigned char *buf = NULL;
@ -4638,7 +4685,20 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
mbedtls_ssl_session_init( &restored );
/* Prepare a dummy session to work on */
TEST_ASSERT( ssl_populate_session_tls12( &original, ticket_len, crt_file ) == 0 );
((void) endpoint_type);
((void) tls_version);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
TEST_ASSERT( ssl_tls13_populate_session(
&original, 0, endpoint_type ) == 0 );
}
else
#endif
{
TEST_ASSERT( ssl_tls12_populate_session(
&original, ticket_len, crt_file ) == 0 );
}
/* Serialize it */
TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
@ -4658,61 +4718,109 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
#endif
TEST_ASSERT( original.tls_version == restored.tls_version );
TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
TEST_ASSERT( original.compression == restored.compression );
TEST_ASSERT( original.id_len == restored.id_len );
TEST_ASSERT( memcmp( original.id,
restored.id, sizeof( original.id ) ) == 0 );
TEST_ASSERT( memcmp( original.master,
restored.master, sizeof( original.master ) ) == 0 );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
TEST_ASSERT( original.compression == restored.compression );
TEST_ASSERT( original.id_len == restored.id_len );
TEST_ASSERT( memcmp( original.id,
restored.id, sizeof( original.id ) ) == 0 );
TEST_ASSERT( memcmp( original.master,
restored.master, sizeof( original.master ) ) == 0 );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
TEST_ASSERT( ( original.peer_cert == NULL ) ==
( restored.peer_cert == NULL ) );
if( original.peer_cert != NULL )
{
TEST_ASSERT( original.peer_cert->raw.len ==
restored.peer_cert->raw.len );
TEST_ASSERT( memcmp( original.peer_cert->raw.p,
restored.peer_cert->raw.p,
original.peer_cert->raw.len ) == 0 );
}
TEST_ASSERT( ( original.peer_cert == NULL ) ==
( restored.peer_cert == NULL ) );
if( original.peer_cert != NULL )
{
TEST_ASSERT( original.peer_cert->raw.len ==
restored.peer_cert->raw.len );
TEST_ASSERT( memcmp( original.peer_cert->raw.p,
restored.peer_cert->raw.p,
original.peer_cert->raw.len ) == 0 );
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
TEST_ASSERT( original.peer_cert_digest_type ==
restored.peer_cert_digest_type );
TEST_ASSERT( original.peer_cert_digest_len ==
restored.peer_cert_digest_len );
TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
( restored.peer_cert_digest == NULL ) );
if( original.peer_cert_digest != NULL )
{
TEST_ASSERT( memcmp( original.peer_cert_digest,
restored.peer_cert_digest,
original.peer_cert_digest_len ) == 0 );
}
TEST_ASSERT( original.peer_cert_digest_type ==
restored.peer_cert_digest_type );
TEST_ASSERT( original.peer_cert_digest_len ==
restored.peer_cert_digest_len );
TEST_ASSERT( ( original.peer_cert_digest == NULL ) ==
( restored.peer_cert_digest == NULL ) );
if( original.peer_cert_digest != NULL )
{
TEST_ASSERT( memcmp( original.peer_cert_digest,
restored.peer_cert_digest,
original.peer_cert_digest_len ) == 0 );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
TEST_ASSERT( original.verify_result == restored.verify_result );
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
TEST_ASSERT( original.ticket_len == restored.ticket_len );
if( original.ticket_len != 0 )
{
TEST_ASSERT( original.ticket != NULL );
TEST_ASSERT( restored.ticket != NULL );
TEST_ASSERT( memcmp( original.ticket,
restored.ticket, original.ticket_len ) == 0 );
}
TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
#endif
TEST_ASSERT( original.verify_result == restored.verify_result );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
TEST_ASSERT( original.mfl_code == restored.mfl_code );
TEST_ASSERT( original.mfl_code == restored.mfl_code );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
TEST_ASSERT( original.ticket_len == restored.ticket_len );
if( original.ticket_len != 0 )
{
TEST_ASSERT( original.ticket != NULL );
TEST_ASSERT( restored.ticket != NULL );
TEST_ASSERT( memcmp( original.ticket,
restored.ticket, original.ticket_len ) == 0 );
}
TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
TEST_ASSERT( original.endpoint == restored.endpoint );
TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
TEST_ASSERT( original.ticket_age_add == restored.ticket_age_add );
TEST_ASSERT( original.ticket_flags == restored.ticket_flags );
TEST_ASSERT( original.resumption_key_len == restored.resumption_key_len );
if( original.resumption_key_len != 0 )
{
TEST_ASSERT( original.resumption_key != NULL );
TEST_ASSERT( restored.resumption_key != NULL );
TEST_ASSERT( memcmp( original.resumption_key,
restored.resumption_key,
original.resumption_key_len ) == 0 );
}
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( endpoint_type == MBEDTLS_SSL_IS_CLIENT)
{
TEST_ASSERT( original.start == restored.start );
}
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
if( endpoint_type == MBEDTLS_SSL_IS_CLIENT)
{
#if defined(MBEDTLS_HAVE_TIME)
TEST_ASSERT( original.ticket_received == restored.ticket_received );
#endif
TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
TEST_ASSERT( original.ticket_len == restored.ticket_len );
if( original.ticket_len != 0 )
{
TEST_ASSERT( original.ticket != NULL );
TEST_ASSERT( restored.ticket != NULL );
TEST_ASSERT( memcmp( original.ticket,
restored.ticket,
original.ticket_len ) == 0 );
}
}
#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
exit:
mbedtls_ssl_session_free( &original );
@ -4722,7 +4830,8 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
void ssl_serialize_session_load_save( int ticket_len, char *crt_file,
int endpoint_type, int tls_version )
{
mbedtls_ssl_session session;
unsigned char *buf1 = NULL, *buf2 = NULL;
@ -4735,7 +4844,20 @@ void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
mbedtls_ssl_session_init( &session );
/* Prepare a dummy session to work on */
TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
((void) endpoint_type);
((void) tls_version);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3)
{
TEST_ASSERT( ssl_tls13_populate_session(
&session, 0, endpoint_type ) == 0 );
}
else
#endif
{
TEST_ASSERT( ssl_tls12_populate_session(
&session, ticket_len, crt_file ) == 0 );
}
/* Get desired buffer size for serializing */
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
@ -4772,7 +4894,8 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file,
int endpoint_type, int tls_version )
{
mbedtls_ssl_session session;
unsigned char *buf = NULL;
@ -4785,7 +4908,20 @@ void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
mbedtls_ssl_session_init( &session );
/* Prepare dummy session and get serialized size */
TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
((void) endpoint_type);
((void) tls_version);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3)
{
TEST_ASSERT( ssl_tls13_populate_session(
&session, 0, endpoint_type ) == 0 );
}
else
#endif
{
TEST_ASSERT( ssl_tls12_populate_session(
&session, ticket_len, crt_file ) == 0 );
}
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@ -4808,7 +4944,8 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file,
int endpoint_type, int tls_version )
{
mbedtls_ssl_session session;
unsigned char *good_buf = NULL, *bad_buf = NULL;
@ -4821,7 +4958,20 @@ void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
mbedtls_ssl_session_init( &session );
/* Prepare serialized session data */
TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 );
((void) endpoint_type);
((void) tls_version);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3)
{
TEST_ASSERT( ssl_tls13_populate_session(
&session, 0, endpoint_type ) == 0 );
}
else
#endif
{
TEST_ASSERT( ssl_tls12_populate_session(
&session, ticket_len, crt_file ) == 0 );
}
TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
@ -4853,7 +5003,9 @@ exit:
void ssl_session_serialize_version_check( int corrupt_major,
int corrupt_minor,
int corrupt_patch,
int corrupt_config )
int corrupt_config,
int endpoint_type,
int tls_version )
{
unsigned char serialized_session[ 2048 ];
size_t serialized_session_len;
@ -4866,7 +5018,18 @@ void ssl_session_serialize_version_check( int corrupt_major,
corrupt_config == 1 };
mbedtls_ssl_session_init( &session );
TEST_ASSERT( ssl_populate_session_tls12( &session, 0, NULL ) == 0 );
((void) endpoint_type);
((void) tls_version);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3)
{
TEST_ASSERT( ssl_tls13_populate_session(
&session, 0, endpoint_type ) == 0 );
}
else
#endif
TEST_ASSERT( ssl_tls12_populate_session( &session, 0, NULL ) == 0 );
/* Infer length of serialized session. */
TEST_ASSERT( mbedtls_ssl_session_save( &session,