From fb53647b0b4c51a57ec195e915cffcca6fcf43f2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 14:55:25 +0100 Subject: [PATCH 01/12] tests: ssl: Move group list to options Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 4 +- tests/src/test_helpers/ssl_helpers.c | 16 ++++---- tests/suites/test_suite_ssl.function | 59 ++++++++++++++-------------- 3 files changed, 39 insertions(+), 40 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 1f41966d6..44c2fcfea 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -85,6 +85,7 @@ typedef struct mbedtls_test_ssl_log_pattern { typedef struct mbedtls_test_handshake_test_options { const char *cipher; + uint16_t *group_list; mbedtls_ssl_protocol_version client_min_version; mbedtls_ssl_protocol_version client_max_version; mbedtls_ssl_protocol_version server_min_version; @@ -440,8 +441,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list); + mbedtls_test_ssl_message_queue *output_queue); /* * Deinitializes endpoint represented by \p ep. diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 980c19218..cc96cfed4 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -50,6 +50,7 @@ void mbedtls_test_init_handshake_options( rng_seed += 0xD0; #endif opts->cipher = ""; + opts->group_list = NULL; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; @@ -733,8 +734,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) + mbedtls_test_ssl_message_queue *output_queue) { int ret = -1; uintptr_t user_data_n; @@ -818,8 +818,8 @@ int mbedtls_test_ssl_endpoint_init( } } - if (group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), group_list); + if (options->group_list != NULL) { + mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); @@ -2006,7 +2006,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_IS_CLIENT, options, &client_context, &client_queue, - &server_queue, NULL) == 0); + &server_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, @@ -2016,7 +2016,7 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); } if (strlen(options->cipher) > 0) { @@ -2029,7 +2029,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_IS_SERVER, options, &server_context, &server_queue, - &client_queue, NULL) == 0); + &client_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, @@ -2038,7 +2038,7 @@ void mbedtls_test_ssl_perform_handshake( } else { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, NULL, + options, NULL, NULL, NULL) == 0); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8687a4d6f..02b950038 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2457,7 +2457,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, @@ -2465,7 +2465,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(ret == 0); exit: @@ -2509,14 +2509,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(ret == 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, NULL); + &options, NULL, NULL, NULL); TEST_ASSERT(ret == 0); @@ -3069,11 +3069,10 @@ void force_bad_session_id_len() TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, - NULL) == 0); + &options, NULL, NULL, NULL) == 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, @@ -3248,8 +3247,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_test_ssl_endpoint client, server; mbedtls_psa_stats_t stats; size_t free_slots_before = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); + mbedtls_test_handshake_test_options client_options, server_options; + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; @@ -3257,21 +3257,22 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - options.pk_alg = MBEDTLS_PK_ECDSA; - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the * required 0x04 identifier invalid. */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = iana_tls_group_list; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL, iana_tls_group_list), 0); + &client_options, NULL, NULL, + NULL), 0); /* Server side */ + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; + server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, - NULL, NULL), 0); + &server_options, NULL, NULL, + NULL), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), @@ -3307,7 +3308,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) exit: mbedtls_test_ssl_endpoint_free(&client, NULL); mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_free_handshake_options(&options); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); } @@ -3336,15 +3338,13 @@ void tls13_server_certificate_msg_invalid_vector_len() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - NULL); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - NULL); + &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), @@ -3591,14 +3591,12 @@ void tls13_resume_session_with_ticket() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - NULL); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - NULL); + &server_options, NULL, NULL, NULL); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse, @@ -3702,19 +3700,20 @@ void tls13_early_data(int scenario) PSA_INIT(); client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = group_list; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - group_list); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - group_list); + &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, From b4ad3e750b9e592cb8e55d95dc1958194de0c5e8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 14:57:53 +0100 Subject: [PATCH 02/12] tests: ssl: First reset to all zeroes options in init Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index cc96cfed4..2090f92cd 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -49,37 +49,25 @@ void mbedtls_test_init_handshake_options( srand(rng_seed); rng_seed += 0xD0; #endif + + memset(opts, 0, sizeof(*opts)); + opts->cipher = ""; - opts->group_list = NULL; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->expected_handshake_result = 0; - opts->expected_ciphersuite = 0; opts->pk_alg = MBEDTLS_PK_RSA; - opts->opaque_alg = 0; - opts->opaque_alg2 = 0; - opts->opaque_usage = 0; - opts->psk_str = NULL; - opts->dtls = 0; opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->serialize = 0; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; opts->expected_cli_fragments = 1; opts->expected_srv_fragments = 1; - opts->renegotiate = 0; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->srv_log_obj = NULL; - opts->cli_log_obj = NULL; - opts->srv_log_fun = NULL; - opts->cli_log_fun = NULL; opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) - opts->cache = NULL; TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) From ced99be007836d65563c8c1af5db6110cadca550 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 15:49:12 +0100 Subject: [PATCH 03/12] tests: ssl: Add early data handshake option Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 5 +++++ tests/suites/test_suite_ssl.function | 4 ++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 44c2fcfea..0aa53c868 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -113,6 +113,7 @@ typedef struct mbedtls_test_handshake_test_options { void (*srv_log_fun)(void *, int, const char *, int, const char *); void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; + int early_data; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 2090f92cd..a9a215949 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -67,6 +67,7 @@ void mbedtls_test_init_handshake_options( opts->expected_srv_fragments = 1; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->resize_buffers = 1; + opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; #if defined(MBEDTLS_SSL_CACHE_C) TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); @@ -812,6 +813,10 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); +#endif + #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 02b950038..861aa72ec 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3701,20 +3701,20 @@ void tls13_early_data(int scenario) client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.group_list = group_list; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.group_list = group_list; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse, From 1f6e4e4a4999bd4716db933ecb7762479728e018 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 16:31:33 +0100 Subject: [PATCH 04/12] tests: ssl: Add helper function to get a TLS 1.3 ticket Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 11 ++++++ tests/src/test_helpers/ssl_helpers.c | 56 ++++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 52 ++++++++------------------ 3 files changed, 83 insertions(+), 36 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 0aa53c868..3506609ac 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -600,6 +600,17 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len); #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session); +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a9a215949..ad4c070bc 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2455,4 +2455,60 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, return mbedtls_ssl_session_load(session, buf, len); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session) +{ + int ret = -1; + unsigned char buf[64]; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); + + TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); + + do { + ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); + } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); + + ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); + TEST_EQUAL(ret, 0); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + + return ret; +} +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 861aa72ec..ca12051f8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3572,15 +3572,11 @@ exit: void tls13_resume_session_with_ticket() { int ret = -1; - unsigned char buf[64]; mbedtls_test_ssl_endpoint client_ep, server_ep; mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; - /* - * Test set-up - */ mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); @@ -3589,14 +3585,27 @@ void tls13_resume_session_with_ticket() PSA_INIT(); + /* + * Run first handshake to get a ticket from the server. + */ client_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse, @@ -3607,41 +3616,12 @@ void tls13_resume_session_with_ticket() &(server_ep.socket), 1024); TEST_EQUAL(ret, 0); - /* - * Run initial handshake: ephemeral key exchange mode, certificate with - * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature - * algorithm. Then, get the ticket sent by the server at the end of its - * handshake sequence. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - /* - * Save client session and reset the SSL context of the two endpoints. - */ - ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - /* - * Set saved session on client side and handshake using the ticket - * included in that session. - */ - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); TEST_EQUAL(ret, 0); /* + * Handshake with ticket. + * * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks * below. From bfcdc069efb1d52a98e3578aa0ec62a4bec7e9e4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 16:57:25 +0100 Subject: [PATCH 05/12] tests: ssl: Use get TLS 1.3 ticket helper for early data test Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 106 ++++++++++----------------- 1 file changed, 40 insertions(+), 66 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ca12051f8..d6e4c6aea 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3668,9 +3668,6 @@ void tls13_early_data(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - /* - * Test set-up - */ mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); @@ -3679,16 +3676,50 @@ void tls13_early_data(int scenario) PSA_INIT(); + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.group_list = group_list; client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + switch (scenario) { + case TEST_EARLY_DATA_REFERENCE: + break; + + case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: + mbedtls_debug_set_threshold(3); + server_pattern.pattern = + "EarlyData: deprotect and discard app data records."; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_DISCARD_AFTER_HRR: + mbedtls_debug_set_threshold(3); + server_pattern.pattern = + "EarlyData: Ignore application message before 2nd ClientHello"; + server_options.group_list = group_list + 1; + break; + + default: + TEST_FAIL("Unknown scenario."); + } + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.group_list = group_list; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, @@ -3704,69 +3735,12 @@ void tls13_early_data(int scenario) &(server_ep.socket), 1024); TEST_EQUAL(ret, 0); - /* - * Run initial handshake: ephemeral key exchange mode, certificate with - * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature - * algorithm. Then, get the ticket sent by the server at the end of its - * handshake sequence. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - /* - * Save client session and reset the SSL context of the two endpoints. - */ - ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - /* - * Set saved session on client side and start handshake using the ticket - * included in that session. - */ - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); TEST_EQUAL(ret, 0); - switch (scenario) { - case TEST_EARLY_DATA_REFERENCE: - break; - - case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: deprotect and discard app data records."; - mbedtls_ssl_conf_early_data(&server_ep.conf, - MBEDTLS_SSL_EARLY_DATA_DISABLED); - break; - - case TEST_EARLY_DATA_DISCARD_AFTER_HRR: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: Ignore application message before 2nd ClientHello"; - mbedtls_ssl_conf_groups(&server_ep.conf, group_list + 1); - /* - * Need to reset again to reconstruct the group list in the - * handshake structure from the configured one. - */ - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - + /* + * Handshake with ticket and send early data. + */ TEST_EQUAL(mbedtls_test_move_handshake_to_state( &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_SERVER_HELLO), 0); From fe59ff794d2e198665ca9456c097eae0b30fab66 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 14:31:50 +0100 Subject: [PATCH 06/12] tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron --- library/ssl_misc.h | 15 ++++++++++++--- library/ssl_tls13_client.c | 23 ++++++++++++++--------- library/ssl_tls13_generic.c | 2 ++ library/ssl_tls13_server.c | 10 +++++++--- 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 16cd62e28..dff19c88e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -731,14 +731,23 @@ struct mbedtls_ssl_handshake_params { uint8_t key_exchange_mode; /*!< Selected key exchange mode */ /** Number of HelloRetryRequest messages received/sent from/to the server. */ - int hello_retry_request_count; + uint8_t hello_retry_request_count; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /** + * Number of dummy change_cipher_spec (CCS) record sent. Used to send only + * one CCS per handshake without having to complicate the handshake state + * transitions. + */ + uint8_t ccs_count; +#endif #if defined(MBEDTLS_SSL_SRV_C) - /** selected_group of key_share extension in HelloRetryRequest message. */ - uint16_t hrr_selected_group; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif + /** selected_group of key_share extension in HelloRetryRequest message. */ + uint16_t hrr_selected_group; #if defined(MBEDTLS_SSL_SESSION_TICKETS) uint16_t new_session_tickets_count; /*!< number of session tickets */ #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f4987b316..e6680c7a6 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2568,8 +2568,6 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ { @@ -3059,18 +3057,25 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) */ #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); + ret = 0; + if (ssl->handshake->ccs_count == 0) { + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret != 0) { + break; + } } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); + ret = 0; + if (ssl->handshake->ccs_count == 0) { + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret != 0) { + break; + } } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); break; #if defined(MBEDTLS_SSL_EARLY_DATA) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2666067b7..386a75402 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1390,6 +1390,8 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) /* Dispatch message */ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); + ssl->handshake->ccs_count++; + cleanup: MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 62b117cfa..05693f3bf 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3482,10 +3482,14 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) break; case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); + ret = 0; + if (ssl->handshake->ccs_count == 0) { + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret != 0) { + break; + } } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ From 90e223364ca559042710316d4ba4e6eb86178284 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 22 Jan 2024 15:24:21 +0100 Subject: [PATCH 07/12] tls13: cli: Refine early data status The main purpose of the change is to know from the status, at any point in the handshake, if early data can be sent or not and why. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 6 ++--- library/ssl_misc.h | 32 +++++++++++++++++++++++++++ library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 45 ++++++++++++++++++++++---------------- 4 files changed, 62 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e0cd79d02..9583a15be 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5106,9 +5106,9 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_EARLY_DATA) -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3 #if defined(MBEDTLS_SSL_SRV_C) /** diff --git a/library/ssl_misc.h b/library/ssl_misc.h index dff19c88e..942d4ad22 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2145,6 +2145,38 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len); + +#if defined(MBEDTLS_SSL_CLI_C) +/* + * The client has not sent the first ClientHello yet, it is unknown if the + * client will send an early data indication extension or not. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 + +/* + * The client has sent an early data indication extension in its first + * ClientHello, it has not received the response (ServerHello or + * HelloRetryRequest) from the server yet. The transform to protect early data + * is not set and early data cannot be sent yet. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_SENT 4 + +/* + * The client has sent an early data indication extension in its first + * ClientHello, it has not received the response (ServerHello or + * HelloRetryRequest) from the server yet. The transform to protect early data + * has been set and early data can be written now. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE 5 + +/* + * The client has sent an early data indication extension in its first + * ClientHello, the server has accepted them and the client has received the + * server Finished message. It cannot send early data to the server anymore. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED 6 +#endif /* MBEDTLS_SSL_CLI_C */ + #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8afedde88..3bbd4ca26 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1100,7 +1100,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_CLI_C) - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN; #endif #if defined(MBEDTLS_SSL_SRV_C) ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e6680c7a6..5d7a49590 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1180,26 +1180,21 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && - ssl_tls13_early_data_has_valid_ticket(ssl) && - ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->handshake->hello_retry_request_count == 0) { + if (ssl->handshake->hello_retry_request_count == 0) { + if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && + ssl_tls13_early_data_has_valid_ticket(ssl) && + ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, 0, p, end, &ext_len); + if (ret != 0) { + return ret; + } + p += ext_len; - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &ext_len); - if (ret != 0) { - return ret; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SENT; + } else { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } - p += ext_len; - - /* Initializes the status to `rejected`. It will be updated to - * `accepted` if the EncryptedExtension message contain an early data - * indication extension. - */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1236,7 +1231,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1299,6 +1294,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) 1, ("Switch to early data keys for outbound traffic")); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_earlydata); + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE; #endif } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1971,6 +1967,13 @@ static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl) } ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id; + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + } +#endif + return 0; } @@ -2230,6 +2233,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) } ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } else if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } #endif @@ -2567,6 +2572,7 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3088,6 +3094,7 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) 1, ("Switch to early data keys for outbound traffic")); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_earlydata); + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE; } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From a7f94e49a821d37f4f33addd5db8d183cb1720f8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 09:40:46 +0100 Subject: [PATCH 08/12] tests: ssl: Add early data status unit test Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 + tests/suites/test_suite_ssl.function | 143 +++++++++++++++++++++++++++ 2 files changed, 146 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 86945cc7b..82ec57ab3 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3282,3 +3282,6 @@ tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD TLS 1.3 early data, discard after HRR tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR + +TLS 1.3 cli, early data status +tls13_cli_early_data_status diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d6e4c6aea..d44848fbd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3787,3 +3787,146 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_cli_early_data_status() +{ + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Go through the handshake sequence, state by state, checking the early + * data status each time. + */ + do { + int state = client_ep.ssl.state; + + /* Progress the handshake from at least one state */ + while (client_ep.ssl.state == state) { + ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + if (client_ep.ssl.state != state) { + break; + } + ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + } + + switch (client_ep.ssl.state) { + case MBEDTLS_SSL_CLIENT_HELLO: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + break; + + case MBEDTLS_SSL_SERVER_HELLO: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + + case MBEDTLS_SSL_SERVER_FINISHED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + break; + + case MBEDTLS_SSL_END_OF_EARLY_DATA: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + break; +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + + case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_OVER: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + default: + TEST_FAIL("Unexpected state."); + } + } while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER); + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + TEST_EQUAL(client_ep.ssl.handshake->ccs_count, 1); +#endif + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + PSA_DONE(); +} +/* END_CASE */ From 5c208d7dafb5457e6883c7935d0c3b4de9c7072b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 10:13:30 +0100 Subject: [PATCH 09/12] tests: ssl: Add scenario param to early data status testing function Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 8 +-- tests/suites/test_suite_ssl.function | 88 +++++++++++++++++++++------- 2 files changed, 70 insertions(+), 26 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 82ec57ab3..916849d9f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3274,8 +3274,8 @@ elliptic_curve_get_properties TLS 1.3 resume session with ticket tls13_resume_session_with_ticket -TLS 1.3 early data, reference -tls13_early_data:TEST_EARLY_DATA_REFERENCE +TLS 1.3 early data, early data accepted +tls13_early_data:TEST_EARLY_DATA_ACCEPTED TLS 1.3 early data, deprotect and discard tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD @@ -3283,5 +3283,5 @@ tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD TLS 1.3 early data, discard after HRR tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR -TLS 1.3 cli, early data status -tls13_cli_early_data_status +TLS 1.3 cli, early data status, early data accepted +tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d44848fbd..920aa2ff4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -13,7 +13,7 @@ #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } /* Mnemonics for the early data test scenarios */ -#define TEST_EARLY_DATA_REFERENCE 0 +#define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 1 #define TEST_EARLY_DATA_DISCARD_AFTER_HRR 2 @@ -3695,7 +3695,7 @@ void tls13_early_data(int scenario) * Prepare for handshake with the ticket. */ switch (scenario) { - case TEST_EARLY_DATA_REFERENCE: + case TEST_EARLY_DATA_ACCEPTED: break; case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: @@ -3757,7 +3757,7 @@ void tls13_early_data(int scenario) MBEDTLS_SSL_HANDSHAKE_WRAPUP); switch (scenario) { - case TEST_EARLY_DATA_REFERENCE: + case TEST_EARLY_DATA_ACCEPTED: TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1); TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl), @@ -3789,7 +3789,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_cli_early_data_status() +void tls13_cli_early_data_status(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; @@ -3820,6 +3820,14 @@ void tls13_cli_early_data_status() /* * Prepare for handshake with the ticket. */ + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + break; + + default: + TEST_FAIL("Unknown scenario."); + } + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); @@ -3864,52 +3872,88 @@ void tls13_cli_early_data_status() switch (client_ep.ssl.state) { case MBEDTLS_SSL_CLIENT_HELLO: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + break; + } break; case MBEDTLS_SSL_SERVER_HELLO: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + } break; case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + } break; case MBEDTLS_SSL_SERVER_FINISHED: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + break; + } break; case MBEDTLS_SSL_END_OF_EARLY_DATA: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; case MBEDTLS_SSL_CLIENT_CERTIFICATE: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; case MBEDTLS_SSL_CLIENT_FINISHED: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + break; + } break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ case MBEDTLS_SSL_HANDSHAKE_OVER: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; default: From 265273e8b38dc2eff285d18cc470521a74f80db7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 11:13:19 +0100 Subject: [PATCH 10/12] tests: early data status: Add "not sent" scenario Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 ++ tests/suites/test_suite_ssl.function | 58 +++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 916849d9f..ca4a2dcf0 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3285,3 +3285,6 @@ tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR TLS 1.3 cli, early data status, early data accepted tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED + +TLS 1.3 cli, early data status, no early data indication +tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 920aa2ff4..5bb96803b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -14,8 +14,9 @@ /* Mnemonics for the early data test scenarios */ #define TEST_EARLY_DATA_ACCEPTED 0 -#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 1 -#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 2 +#define TEST_EARLY_DATA_NO_INDICATION_SENT 1 +#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 2 +#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ @@ -3824,6 +3825,10 @@ void tls13_cli_early_data_status(int scenario) case TEST_EARLY_DATA_ACCEPTED: break; + case TEST_EARLY_DATA_NO_INDICATION_SENT: + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + default: TEST_FAIL("Unknown scenario."); } @@ -3873,7 +3878,8 @@ void tls13_cli_early_data_status(int scenario) switch (client_ep.ssl.state) { case MBEDTLS_SSL_CLIENT_HELLO: switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); break; @@ -3886,6 +3892,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; @@ -3895,6 +3906,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; @@ -3904,16 +3920,18 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; case MBEDTLS_SSL_END_OF_EARLY_DATA: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); - break; - } + TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; case MBEDTLS_SSL_CLIENT_CERTIFICATE: @@ -3922,6 +3940,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; @@ -3931,11 +3954,17 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); switch (scenario) { case TEST_EARLY_DATA_ACCEPTED: TEST_EQUAL(client_ep.ssl.early_data_status, @@ -3943,6 +3972,12 @@ void tls13_cli_early_data_status(int scenario) break; } break; + + case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: + TEST_ASSERT(scenario == TEST_EARLY_DATA_NO_INDICATION_SENT); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ @@ -3953,6 +3988,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; From d6dba675b8b65e9bde5dc16fcbd3ce82f054a00f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 12:22:24 +0100 Subject: [PATCH 11/12] tests: early data status: Add "server rejects" scenario Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 7 +++- tests/suites/test_suite_ssl.function | 57 +++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ca4a2dcf0..0b4f91138 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3277,8 +3277,8 @@ tls13_resume_session_with_ticket TLS 1.3 early data, early data accepted tls13_early_data:TEST_EARLY_DATA_ACCEPTED -TLS 1.3 early data, deprotect and discard -tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD +TLS 1.3 early data, server rejects early data +tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS TLS 1.3 early data, discard after HRR tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR @@ -3288,3 +3288,6 @@ tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED TLS 1.3 cli, early data status, no early data indication tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT + +TLS 1.3 cli, early data status, server rejects early data +tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5bb96803b..29ec9b33b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -15,7 +15,7 @@ /* Mnemonics for the early data test scenarios */ #define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_NO_INDICATION_SENT 1 -#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 2 +#define TEST_EARLY_DATA_SERVER_REJECTS 2 #define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ @@ -3699,7 +3699,7 @@ void tls13_early_data(int scenario) case TEST_EARLY_DATA_ACCEPTED: break; - case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: + case TEST_EARLY_DATA_SERVER_REJECTS: mbedtls_debug_set_threshold(3); server_pattern.pattern = "EarlyData: deprotect and discard app data records."; @@ -3766,7 +3766,7 @@ void tls13_early_data(int scenario) TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len); break; - case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ case TEST_EARLY_DATA_DISCARD_AFTER_HRR: TEST_EQUAL(ret, 0); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); @@ -3829,6 +3829,10 @@ void tls13_cli_early_data_status(int scenario) client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; break; + case TEST_EARLY_DATA_SERVER_REJECTS: + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + default: TEST_FAIL("Unknown scenario."); } @@ -3879,7 +3883,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_CLIENT_HELLO: switch (scenario) { case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_NO_INDICATION_SENT: + case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); break; @@ -3888,7 +3893,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_SERVER_HELLO: switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; @@ -3902,7 +3908,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; @@ -3925,6 +3932,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3945,6 +3957,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3959,6 +3976,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3966,7 +3988,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); break; @@ -3974,9 +3997,18 @@ void tls13_cli_early_data_status(int scenario) break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - TEST_ASSERT(scenario == TEST_EARLY_DATA_NO_INDICATION_SENT); - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED); + switch (scenario) { + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + } break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ @@ -3993,6 +4025,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; From 2261ab298f15385d3b75f9adc0e99a7cd58b3699 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 13:38:31 +0100 Subject: [PATCH 12/12] tests: early data status: Add HRR scenario Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 5 +- tests/suites/test_suite_ssl.function | 68 ++++++++++++++++++++++++---- 2 files changed, 63 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0b4f91138..69ccf26ee 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3281,7 +3281,7 @@ TLS 1.3 early data, server rejects early data tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS TLS 1.3 early data, discard after HRR -tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR +tls13_early_data:TEST_EARLY_DATA_HRR TLS 1.3 cli, early data status, early data accepted tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED @@ -3291,3 +3291,6 @@ tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT TLS 1.3 cli, early data status, server rejects early data tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS + +TLS 1.3 cli, early data status, hello retry request +tls13_cli_early_data_status:TEST_EARLY_DATA_HRR diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 29ec9b33b..2751e58c1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -16,7 +16,7 @@ #define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_NO_INDICATION_SENT 1 #define TEST_EARLY_DATA_SERVER_REJECTS 2 -#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 +#define TEST_EARLY_DATA_HRR 3 #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ @@ -3706,7 +3706,7 @@ void tls13_early_data(int scenario) server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; break; - case TEST_EARLY_DATA_DISCARD_AFTER_HRR: + case TEST_EARLY_DATA_HRR: mbedtls_debug_set_threshold(3); server_pattern.pattern = "EarlyData: Ignore application message before 2nd ClientHello"; @@ -3767,7 +3767,7 @@ void tls13_early_data(int scenario) break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_DISCARD_AFTER_HRR: + case TEST_EARLY_DATA_HRR: TEST_EQUAL(ret, 0); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); TEST_EQUAL(server_pattern.counter, 1); @@ -3797,6 +3797,11 @@ void tls13_cli_early_data_status(int scenario) mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); @@ -3813,6 +3818,10 @@ void tls13_cli_early_data_status(int scenario) client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + if (scenario == TEST_EARLY_DATA_HRR) { + client_options.group_list = group_list; + server_options.group_list = group_list; + } ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, &saved_session); @@ -3833,6 +3842,10 @@ void tls13_cli_early_data_status(int scenario) server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; break; + case TEST_EARLY_DATA_HRR: + server_options.group_list = group_list + 1; + break; + default: TEST_FAIL("Unknown scenario."); } @@ -3888,6 +3901,16 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); break; + + case TEST_EARLY_DATA_HRR: + if (client_ep.ssl.handshake->hello_retry_request_count == 0) { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + } else { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + } + break; } break; @@ -3903,6 +3926,16 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_HRR: + if (client_ep.ssl.handshake->hello_retry_request_count == 0) { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + } else { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + } + break; } break; @@ -3918,6 +3951,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3933,7 +3971,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -3958,7 +3997,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -3977,7 +4017,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -3989,13 +4030,20 @@ void tls13_cli_early_data_status(int scenario) TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); switch (scenario) { case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); break; } break; + case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: + TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED); switch (scenario) { @@ -4004,7 +4052,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -4026,7 +4075,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break;