Add tls CID tests

Add tests to test tls coneection id functionality, including the new 'own cid' accessor. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2025-10-01 17:40:53 -04:00 · 2022-03-16 14:32:33 +00:00 · 2022-03-16 14:32:33 +00:00 · 02758a51df
commit 02758a51df
parent 0113cf1022
2 changed files with 86 additions and 0 deletions
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@ -3213,3 +3213,6 @@ conf_group:

 Test accessor into timing_delay_context
 timing_final_delay_accessor
+
+Sanity test cid functions
+cid_sanity:
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -5452,3 +5452,86 @@ void timing_final_delay_accessor( )
    TEST_ASSERT( mbedtls_timing_get_final_delay( &delay_context ) == 100 );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID */
+void cid_sanity( )
+{
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+
+    unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+    unsigned char test_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+    int cid_enabled;
+    size_t own_cid_len;
+
+    mbedtls_test_rnd_std_rand( NULL, own_cid, sizeof( own_cid ) );
+
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_config_init( &conf );
+
+    TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
+                                              MBEDTLS_SSL_IS_CLIENT,
+                                              MBEDTLS_SSL_TRANSPORT_STREAM,
+                                              MBEDTLS_SSL_PRESET_DEFAULT )
+                 == 0 );
+
+    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+
+    /* Can't use CID functions with stream transport. */
+    TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+                                      sizeof( own_cid ) )
+                 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_ssl_get_own_cid( &ssl, &cid_enabled, test_cid,
+                                          &own_cid_len )
+                 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
+                                              MBEDTLS_SSL_IS_CLIENT,
+                                              MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                              MBEDTLS_SSL_PRESET_DEFAULT )
+                 == 0 );
+
+    /* Attempt to set config cid size too big. */
+    TEST_ASSERT( mbedtls_ssl_conf_cid( &conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1,
+                                       MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+                 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_ssl_conf_cid( &conf, sizeof( own_cid ),
+                                       MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+                 == 0 );
+
+    /* Attempt to set CID length not matching config. */
+    TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+                                      MBEDTLS_SSL_CID_IN_LEN_MAX - 1 )
+                 == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+                                      sizeof( own_cid ) )
+                 == 0 );
+
+    /* Test we get back what we put in. */
+    TEST_ASSERT( mbedtls_ssl_get_own_cid( &ssl, &cid_enabled, test_cid,
+                                          &own_cid_len )
+                 == 0 );
+
+    TEST_EQUAL( cid_enabled, MBEDTLS_SSL_CID_ENABLED );
+    ASSERT_COMPARE( own_cid, own_cid_len, test_cid, own_cid_len );
+
+    /* Test disabling works. */
+    TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_DISABLED, NULL,
+                                      0 )
+                 == 0 );
+
+    TEST_ASSERT( mbedtls_ssl_get_own_cid( &ssl, &cid_enabled, test_cid,
+                                          &own_cid_len )
+                 == 0 );
+
+    TEST_EQUAL( cid_enabled, MBEDTLS_SSL_CID_DISABLED );
+
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
+