tests: ssl: Move group list to options

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-01-26 14:55:25 +01:00
parent 5c9cc0b30f
commit fb53647b0b
3 changed files with 39 additions and 40 deletions

View file

@ -85,6 +85,7 @@ typedef struct mbedtls_test_ssl_log_pattern {
typedef struct mbedtls_test_handshake_test_options { typedef struct mbedtls_test_handshake_test_options {
const char *cipher; const char *cipher;
uint16_t *group_list;
mbedtls_ssl_protocol_version client_min_version; mbedtls_ssl_protocol_version client_min_version;
mbedtls_ssl_protocol_version client_max_version; mbedtls_ssl_protocol_version client_max_version;
mbedtls_ssl_protocol_version server_min_version; mbedtls_ssl_protocol_version server_min_version;
@ -440,8 +441,7 @@ int mbedtls_test_ssl_endpoint_init(
mbedtls_test_handshake_test_options *options, mbedtls_test_handshake_test_options *options,
mbedtls_test_message_socket_context *dtls_context, mbedtls_test_message_socket_context *dtls_context,
mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *input_queue,
mbedtls_test_ssl_message_queue *output_queue, mbedtls_test_ssl_message_queue *output_queue);
uint16_t *group_list);
/* /*
* Deinitializes endpoint represented by \p ep. * Deinitializes endpoint represented by \p ep.

View file

@ -50,6 +50,7 @@ void mbedtls_test_init_handshake_options(
rng_seed += 0xD0; rng_seed += 0xD0;
#endif #endif
opts->cipher = ""; opts->cipher = "";
opts->group_list = NULL;
opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
@ -733,8 +734,7 @@ int mbedtls_test_ssl_endpoint_init(
mbedtls_test_handshake_test_options *options, mbedtls_test_handshake_test_options *options,
mbedtls_test_message_socket_context *dtls_context, mbedtls_test_message_socket_context *dtls_context,
mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *input_queue,
mbedtls_test_ssl_message_queue *output_queue, mbedtls_test_ssl_message_queue *output_queue)
uint16_t *group_list)
{ {
int ret = -1; int ret = -1;
uintptr_t user_data_n; uintptr_t user_data_n;
@ -818,8 +818,8 @@ int mbedtls_test_ssl_endpoint_init(
} }
} }
if (group_list != NULL) { if (options->group_list != NULL) {
mbedtls_ssl_conf_groups(&(ep->conf), group_list); mbedtls_ssl_conf_groups(&(ep->conf), options->group_list);
} }
mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
@ -2006,7 +2006,7 @@ void mbedtls_test_ssl_perform_handshake(
MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_IS_CLIENT,
options, &client_context, options, &client_context,
&client_queue, &client_queue,
&server_queue, NULL) == 0); &server_queue) == 0);
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
mbedtls_timing_set_delay, mbedtls_timing_set_delay,
@ -2016,7 +2016,7 @@ void mbedtls_test_ssl_perform_handshake(
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_IS_CLIENT,
options, NULL, NULL, options, NULL, NULL,
NULL, NULL) == 0); NULL) == 0);
} }
if (strlen(options->cipher) > 0) { if (strlen(options->cipher) > 0) {
@ -2029,7 +2029,7 @@ void mbedtls_test_ssl_perform_handshake(
MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_IS_SERVER,
options, &server_context, options, &server_context,
&server_queue, &server_queue,
&client_queue, NULL) == 0); &client_queue) == 0);
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
mbedtls_timing_set_delay, mbedtls_timing_set_delay,
@ -2038,7 +2038,7 @@ void mbedtls_test_ssl_perform_handshake(
} else { } else {
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_IS_SERVER,
options, NULL, NULL, NULL, options, NULL, NULL,
NULL) == 0); NULL) == 0);
} }

View file

@ -2457,7 +2457,7 @@ void mbedtls_endpoint_sanity(int endpoint_type)
MD_OR_USE_PSA_INIT(); MD_OR_USE_PSA_INIT();
ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options,
NULL, NULL, NULL, NULL); NULL, NULL, NULL);
TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg,
@ -2465,7 +2465,7 @@ void mbedtls_endpoint_sanity(int endpoint_type)
TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options,
NULL, NULL, NULL, NULL); NULL, NULL, NULL);
TEST_ASSERT(ret == 0); TEST_ASSERT(ret == 0);
exit: exit:
@ -2509,14 +2509,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int
mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options,
NULL, NULL, NULL, NULL); NULL, NULL, NULL);
TEST_ASSERT(ret == 0); TEST_ASSERT(ret == 0);
ret = mbedtls_test_ssl_endpoint_init( ret = mbedtls_test_ssl_endpoint_init(
&second_ep, &second_ep,
(endpoint_type == MBEDTLS_SSL_IS_SERVER) ? (endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
&options, NULL, NULL, NULL, NULL); &options, NULL, NULL, NULL);
TEST_ASSERT(ret == 0); TEST_ASSERT(ret == 0);
@ -3069,11 +3069,10 @@ void force_bad_session_id_len()
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
&options, NULL, NULL, &options, NULL, NULL,
NULL, NULL) == 0); NULL) == 0);
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
&options, NULL, NULL, NULL, &options, NULL, NULL, NULL) == 0);
NULL) == 0);
mbedtls_debug_set_threshold(1); mbedtls_debug_set_threshold(1);
mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun,
@ -3248,8 +3247,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
mbedtls_test_ssl_endpoint client, server; mbedtls_test_ssl_endpoint client, server;
mbedtls_psa_stats_t stats; mbedtls_psa_stats_t stats;
size_t free_slots_before = -1; size_t free_slots_before = -1;
mbedtls_test_handshake_test_options options; mbedtls_test_handshake_test_options client_options, server_options;
mbedtls_test_init_handshake_options(&options); mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
@ -3257,21 +3257,22 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&client, sizeof(client));
mbedtls_platform_zeroize(&server, sizeof(server)); mbedtls_platform_zeroize(&server, sizeof(server));
options.pk_alg = MBEDTLS_PK_ECDSA;
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
/* Client side, force SECP256R1 to make one key bitflip fail /* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the * the raw key agreement. Flipping the first byte makes the
* required 0x04 identifier invalid. */ * required 0x04 identifier invalid. */
client_options.pk_alg = MBEDTLS_PK_ECDSA;
client_options.group_list = iana_tls_group_list;
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
&options, NULL, NULL, &client_options, NULL, NULL,
NULL, iana_tls_group_list), 0); NULL), 0);
/* Server side */ /* Server side */
server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
&options, NULL, NULL, &server_options, NULL, NULL,
NULL, NULL), 0); NULL), 0);
TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
&(server.socket), &(server.socket),
@ -3307,7 +3308,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
exit: exit:
mbedtls_test_ssl_endpoint_free(&client, NULL); mbedtls_test_ssl_endpoint_free(&client, NULL);
mbedtls_test_ssl_endpoint_free(&server, NULL); mbedtls_test_ssl_endpoint_free(&server, NULL);
mbedtls_test_free_handshake_options(&options); mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
MD_OR_USE_PSA_DONE(); MD_OR_USE_PSA_DONE();
} }
@ -3336,15 +3338,13 @@ void tls13_server_certificate_msg_invalid_vector_len()
client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL, &client_options, NULL, NULL, NULL);
NULL);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
mbedtls_test_init_handshake_options(&server_options); mbedtls_test_init_handshake_options(&server_options);
server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL, &server_options, NULL, NULL, NULL);
NULL);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
@ -3591,14 +3591,12 @@ void tls13_resume_session_with_ticket()
client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL, &client_options, NULL, NULL, NULL);
NULL);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL, &server_options, NULL, NULL, NULL);
NULL);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write, mbedtls_test_ticket_write,
mbedtls_test_ticket_parse, mbedtls_test_ticket_parse,
@ -3702,19 +3700,20 @@ void tls13_early_data(int scenario)
PSA_INIT(); PSA_INIT();
client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.pk_alg = MBEDTLS_PK_ECDSA;
client_options.group_list = group_list;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL, &client_options, NULL, NULL, NULL);
group_list);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.group_list = group_list;
server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
server_options.srv_log_obj = &server_pattern; server_options.srv_log_obj = &server_pattern;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL, &server_options, NULL, NULL, NULL);
group_list);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write, mbedtls_test_ticket_write,