From 5fce145d005e5bab0ad64e2abffe84a9fcc9869f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 24 Oct 2022 14:42:01 +0800 Subject: [PATCH 01/14] Create ssl_helpers.c to hold functions of TLS connection test_suite_ssl.function contains many functions that are used to set up a TLS connection. To reduce its file size, those functions would be moved to ssl_helpers.c under tests/src. As the start of this implementation, some necessary header files are moved in advance. Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 28 ++++++++++++++++++++++++++++ tests/src/ssl_helpers.c | 23 +++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 1 + 3 files changed, 52 insertions(+) create mode 100644 tests/include/test/ssl_helpers.h create mode 100644 tests/src/ssl_helpers.c diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h new file mode 100644 index 000000000..0209f4775 --- /dev/null +++ b/tests/include/test/ssl_helpers.h @@ -0,0 +1,28 @@ +/** \file ssl_helpers.h + * + * \brief This file contains helper functions to set up a TLS connection. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SSL_HELPERS_H +#define SSL_HELPERS_H + +#include + +#endif /* SSL_HELPERS_H */ diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c new file mode 100644 index 000000000..618b3ec17 --- /dev/null +++ b/tests/src/ssl_helpers.c @@ -0,0 +1,23 @@ +/** \file ssl_helpers.c + * + * \brief Helper functions to set up a TLS connection. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 39825ed96..4657df5be 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -7,6 +7,7 @@ #include #include #include +#include #include From abfdcd8ee24a4533fe16ac002a48bfdfff07b4a6 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 25 Oct 2022 16:44:13 +0800 Subject: [PATCH 02/14] Rename the typedef statements which are used for TLS connection Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 214 +++++++++++++-------------- 1 file changed, 107 insertions(+), 107 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4657df5be..8f6d24749 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -26,21 +26,21 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -typedef struct log_pattern { +typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; size_t counter; -} log_pattern; +} mbedtls_test_ssl_log_pattern; /* * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a log_pattern in the received + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received * logged messages. */ void log_analyzer(void *ctx, int level, const char *file, int line, const char *str) { - log_pattern *p = (log_pattern *) ctx; + mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; (void) level; (void) line; @@ -56,7 +56,7 @@ void log_analyzer(void *ctx, int level, /* Invalid minor version used when not specifying a min/max version or expecting a test to fail */ #define TEST_SSL_MINOR_VERSION_NONE -1 -typedef struct handshake_test_options { +typedef struct mbedtls_test_handshake_test_options { const char *cipher; int client_min_version; int client_max_version; @@ -80,9 +80,9 @@ typedef struct handshake_test_options { void (*srv_log_fun)(void *, int, const char *, int, const char *); void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; -} handshake_test_options; +} mbedtls_test_handshake_test_options; -void init_handshake_options(handshake_test_options *opts) +void init_handshake_options(mbedtls_test_handshake_test_options *opts) { opts->cipher = ""; opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; @@ -112,18 +112,18 @@ void init_handshake_options(handshake_test_options *opts) * Buffer structure for custom I/O callbacks. */ -typedef struct mbedtls_test_buffer { +typedef struct mbedtls_test_ssl_buffer { size_t start; size_t content_length; size_t capacity; unsigned char *buffer; -} mbedtls_test_buffer; +} mbedtls_test_ssl_buffer; /* * Initialises \p buf. After calling this function it is safe to call * `mbedtls_test_buffer_free()` on \p buf. */ -void mbedtls_test_buffer_init(mbedtls_test_buffer *buf) +void mbedtls_test_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } @@ -132,7 +132,7 @@ void mbedtls_test_buffer_init(mbedtls_test_buffer *buf) * Sets up \p buf. After calling this function it is safe to call * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf. */ -int mbedtls_test_buffer_setup(mbedtls_test_buffer *buf, size_t capacity) +int mbedtls_test_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { buf->buffer = (unsigned char *) mbedtls_calloc(capacity, sizeof(unsigned char)); @@ -144,7 +144,7 @@ int mbedtls_test_buffer_setup(mbedtls_test_buffer *buf, size_t capacity) return 0; } -void mbedtls_test_buffer_free(mbedtls_test_buffer *buf) +void mbedtls_test_buffer_free(mbedtls_test_ssl_buffer *buf) { if (buf->buffer != NULL) { mbedtls_free(buf->buffer); @@ -164,7 +164,7 @@ void mbedtls_test_buffer_free(mbedtls_test_buffer *buf) * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not * zero and \p input is NULL. */ -int mbedtls_test_buffer_put(mbedtls_test_buffer *buf, +int mbedtls_test_buffer_put(mbedtls_test_ssl_buffer *buf, const unsigned char *input, size_t input_len) { size_t overflow = 0; @@ -220,7 +220,7 @@ int mbedtls_test_buffer_put(mbedtls_test_buffer *buf, * \retval 0 <= value < \p output_len, if the data is not available. * \retval -1, if \buf is NULL or it hasn't been set up. */ -int mbedtls_test_buffer_get(mbedtls_test_buffer *buf, +int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, unsigned char *output, size_t output_len) { size_t overflow = 0; @@ -263,12 +263,12 @@ int mbedtls_test_buffer_get(mbedtls_test_buffer *buf, /* * Context for a message metadata queue (fifo) that is on top of the ring buffer. */ -typedef struct mbedtls_test_message_queue { +typedef struct mbedtls_test_ssl_message_queue { size_t *messages; int pos; int num; int capacity; -} mbedtls_test_message_queue; +} mbedtls_test_ssl_message_queue; /* * Setup and free functions for the message metadata queue. @@ -279,7 +279,7 @@ typedef struct mbedtls_test_message_queue { * \retval 0, if a metadata queue of a given length can be allocated. * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. */ -int mbedtls_test_message_queue_setup(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_setup(mbedtls_test_ssl_message_queue *queue, size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); @@ -294,7 +294,7 @@ int mbedtls_test_message_queue_setup(mbedtls_test_message_queue *queue, return 0; } -void mbedtls_test_message_queue_free(mbedtls_test_message_queue *queue) +void mbedtls_test_message_queue_free(mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -315,7 +315,7 @@ void mbedtls_test_message_queue_free(mbedtls_test_message_queue *queue) * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. * \retval \p len, if the push was successful. */ -int mbedtls_test_message_queue_push_info(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, size_t len) { int place; @@ -343,7 +343,7 @@ int mbedtls_test_message_queue_push_info(mbedtls_test_message_queue *queue, * \retval message length, if the pop was successful, up to the given \p buf_len. */ -int mbedtls_test_message_queue_pop_info(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, size_t buf_len) { size_t message_length; @@ -378,7 +378,7 @@ int mbedtls_test_message_queue_pop_info(mbedtls_test_message_queue *queue, * set to the full message length so that the * caller knows what portion of the message can be dropped. */ -int mbedtls_test_message_queue_peek_info(mbedtls_test_message_queue *queue, +int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, size_t buf_len, size_t *msg_len) { if (queue == NULL || msg_len == NULL) { @@ -397,17 +397,17 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_message_queue *queue, #define MBEDTLS_MOCK_SOCKET_CONNECTED 1 -typedef struct mbedtls_mock_socket { +typedef struct mbedtls_test_mock_socket { int status; - mbedtls_test_buffer *input; - mbedtls_test_buffer *output; - struct mbedtls_mock_socket *peer; -} mbedtls_mock_socket; + mbedtls_test_ssl_buffer *input; + mbedtls_test_ssl_buffer *output; + struct mbedtls_test_mock_socket *peer; +} mbedtls_test_mock_socket; /* * Setup and teardown functions for mock sockets. */ -void mbedtls_mock_socket_init(mbedtls_mock_socket *socket) +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } @@ -425,7 +425,7 @@ void mbedtls_mock_socket_init(mbedtls_mock_socket *socket) * phenomenon that when closing a UDP connection the peer is not aware of the * connection having been closed. */ -void mbedtls_mock_socket_close(mbedtls_mock_socket *socket) +void mbedtls_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { return; @@ -458,14 +458,14 @@ void mbedtls_mock_socket_close(mbedtls_mock_socket *socket) * the correct value allows for simulation of MTU, sanity testing the mock * implementation and mocking TCP connections with lower memory cost. */ -int mbedtls_mock_socket_connect(mbedtls_mock_socket *peer1, - mbedtls_mock_socket *peer2, +int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, size_t bufsize) { int ret = -1; peer1->output = - (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); if (peer1->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -476,7 +476,7 @@ int mbedtls_mock_socket_connect(mbedtls_mock_socket *peer1, } peer2->output = - (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); if (peer2->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -510,7 +510,7 @@ exit: int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -521,7 +521,7 @@ int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -536,7 +536,7 @@ int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -551,7 +551,7 @@ int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) { - mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx; + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { return -1; @@ -578,9 +578,9 @@ int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) * freed in the respective setup and free calls. */ typedef struct mbedtls_test_message_socket_context { - mbedtls_test_message_queue *queue_input; - mbedtls_test_message_queue *queue_output; - mbedtls_mock_socket *socket; + mbedtls_test_ssl_message_queue *queue_input; + mbedtls_test_ssl_message_queue *queue_output; + mbedtls_test_mock_socket *socket; } mbedtls_test_message_socket_context; void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) @@ -599,10 +599,10 @@ void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message * queue failed. */ -int mbedtls_message_socket_setup(mbedtls_test_message_queue *queue_input, - mbedtls_test_message_queue *queue_output, +int mbedtls_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, size_t queue_capacity, - mbedtls_mock_socket *socket, + mbedtls_test_mock_socket *socket, mbedtls_test_message_socket_context *ctx) { int ret = mbedtls_test_message_queue_setup(queue_input, queue_capacity); @@ -646,8 +646,8 @@ void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx) */ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { - mbedtls_test_message_queue *queue; - mbedtls_mock_socket *socket; + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; if (context == NULL || context->socket == NULL @@ -683,8 +683,8 @@ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) */ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { - mbedtls_test_message_queue *queue; - mbedtls_mock_socket *socket; + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; size_t drop_len = 0; size_t msg_len; @@ -736,31 +736,31 @@ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) /* * Structure with endpoint's certificates for SSL communication tests. */ -typedef struct mbedtls_endpoint_certificate { +typedef struct mbedtls_test_ssl_endpoint_certificate { mbedtls_x509_crt *ca_cert; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; -} mbedtls_endpoint_certificate; +} mbedtls_test_ssl_endpoint_certificate; /* * Endpoint structure for SSL communication tests. */ -typedef struct mbedtls_endpoint { +typedef struct mbedtls_test_ssl_endpoint { const char *name; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_context entropy; - mbedtls_mock_socket socket; - mbedtls_endpoint_certificate cert; -} mbedtls_endpoint; + mbedtls_test_mock_socket socket; + mbedtls_test_ssl_endpoint_certificate cert; +} mbedtls_test_ssl_endpoint; /* * Deinitializes certificates from endpoint represented by \p ep. */ -void mbedtls_endpoint_certificate_free(mbedtls_endpoint *ep) +void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) { - mbedtls_endpoint_certificate *cert = &(ep->cert); + mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); if (cert != NULL) { if (cert->ca_cert != NULL) { mbedtls_x509_crt_free(cert->ca_cert); @@ -792,11 +792,11 @@ void mbedtls_endpoint_certificate_free(mbedtls_endpoint *ep) * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_certificate_init(mbedtls_endpoint *ep, int pk_alg) +int mbedtls_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg) { int i = 0; int ret = -1; - mbedtls_endpoint_certificate *cert = NULL; + mbedtls_test_ssl_endpoint_certificate *cert = NULL; if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -896,10 +896,10 @@ exit: * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_init(mbedtls_endpoint *ep, int endpoint_type, int pk_alg, +int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_message_queue *input_queue, - mbedtls_test_message_queue *output_queue, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, const mbedtls_ecp_group_id *curves) { int ret = -1; @@ -983,7 +983,7 @@ exit: /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_endpoint_free(mbedtls_endpoint *ep, +void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { mbedtls_endpoint_certificate_free(ep); @@ -1668,12 +1668,12 @@ int exchange_data(mbedtls_ssl_context *ssl_1, defined(MBEDTLS_CERTS_C) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) -void perform_handshake(handshake_test_options *options) +void perform_handshake(mbedtls_test_handshake_test_options *options) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; enum { BUFFSIZE = 17000 }; - mbedtls_endpoint client, server; + mbedtls_test_ssl_endpoint client, server; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) const char *psk_identity = "foo"; #endif @@ -1693,7 +1693,7 @@ void perform_handshake(handshake_test_options *options) mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2031,7 +2031,7 @@ exit: void test_callback_buffer_sanity() { enum { MSGLEN = 10 }; - mbedtls_test_buffer buf; + mbedtls_test_ssl_buffer buf; unsigned char input[MSGLEN]; unsigned char output[MSGLEN]; @@ -2089,7 +2089,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_buffer` related functions is + * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is * correct and works as expected. * * That is @@ -2111,7 +2111,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, int put_ret[ROUNDS]; size_t get[ROUNDS]; int get_ret[ROUNDS]; - mbedtls_test_buffer buf; + mbedtls_test_ssl_buffer buf; unsigned char *input = NULL; size_t input_len; unsigned char *output = NULL; @@ -2201,7 +2201,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related I/O functions is + * Test if the implementation of `mbedtls_test_mock_socket` related I/O functions is * correct and works as expected on unconnected sockets. */ @@ -2211,7 +2211,7 @@ void ssl_mock_sanity() enum { MSGLEN = 105 }; unsigned char message[MSGLEN] = { 0 }; unsigned char received[MSGLEN] = { 0 }; - mbedtls_mock_socket socket; + mbedtls_test_mock_socket socket; mbedtls_mock_socket_init(&socket); TEST_ASSERT(mbedtls_mock_tcp_send_b(&socket, message, MSGLEN) < 0); @@ -2234,7 +2234,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related functions can + * Test if the implementation of `mbedtls_test_mock_socket` related functions can * send a single message from the client to the server. */ @@ -2245,8 +2245,8 @@ void ssl_mock_tcp(int blocking) enum { BUFLEN = MSGLEN / 5 }; unsigned char message[MSGLEN]; unsigned char received[MSGLEN]; - mbedtls_mock_socket client; - mbedtls_mock_socket server; + mbedtls_test_mock_socket client; + mbedtls_test_mock_socket server; size_t written, read; int send_ret, recv_ret; mbedtls_ssl_send_t *send; @@ -2327,7 +2327,7 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_mock_socket` related functions can + * Test if the implementation of `mbedtls_test_mock_socket` related functions can * send messages in both direction at the same time (with the I/O calls * interleaving). */ @@ -2340,8 +2340,8 @@ void ssl_mock_tcp_interleaving(int blocking) enum { BUFLEN = MSGLEN / 5 }; unsigned char message[ROUNDS][MSGLEN]; unsigned char received[ROUNDS][MSGLEN]; - mbedtls_mock_socket client; - mbedtls_mock_socket server; + mbedtls_test_mock_socket client; + mbedtls_test_mock_socket server; size_t written[ROUNDS]; size_t read[ROUNDS]; int send_ret[ROUNDS]; @@ -2381,7 +2381,7 @@ void ssl_mock_tcp_interleaving(int blocking) /* This loop does not stop as long as there was a successful write or read * of at least one byte on either side. */ while (progress != 0) { - mbedtls_mock_socket *socket; + mbedtls_test_mock_socket *socket; for (i = 0; i < ROUNDS; i++) { /* First sending is from the client */ @@ -2456,7 +2456,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_sanity() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; /* Trying to push/pull to an empty queue */ TEST_ASSERT(mbedtls_test_message_queue_push_info(NULL, 1) @@ -2476,7 +2476,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_basic() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); @@ -2503,7 +2503,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_overflow_underflow() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); @@ -2529,7 +2529,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_interleaved() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); @@ -2563,7 +2563,7 @@ exit: /* BEGIN_CASE */ void ssl_message_queue_insufficient_buffer() { - mbedtls_test_message_queue queue; + mbedtls_test_ssl_message_queue queue; size_t message_len = 10; size_t buffer_len = 5; @@ -2584,8 +2584,8 @@ void ssl_message_mock_uninitialized() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; - mbedtls_mock_socket client, server; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_mock_socket client, server; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2630,9 +2630,9 @@ void ssl_message_mock_basic() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2684,9 +2684,9 @@ void ssl_message_mock_queue_overflow_underflow() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2741,9 +2741,9 @@ void ssl_message_mock_socket_overflow() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2789,9 +2789,9 @@ void ssl_message_mock_truncated() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2847,9 +2847,9 @@ void ssl_message_mock_socket_read_error() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2900,9 +2900,9 @@ void ssl_message_mock_interleaved_one_way() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -2957,9 +2957,9 @@ void ssl_message_mock_interleaved_two_ways() { enum { MSGLEN = 10 }; unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_mock_socket client, server; + mbedtls_test_mock_socket client, server; unsigned i; - mbedtls_test_message_queue server_queue, client_queue; + mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init(&server_context); mbedtls_message_socket_init(&client_context); @@ -4037,7 +4037,7 @@ void ssl_session_serialize_version_check(int corrupt_major, void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; - mbedtls_endpoint ep; + mbedtls_test_ssl_endpoint ep; int ret = -1; ret = mbedtls_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA, @@ -4060,7 +4060,7 @@ exit: void move_handshake_to_state(int endpoint_type, int state, int need_pass) { enum { BUFFSIZE = 1024 }; - mbedtls_endpoint base_ep, second_ep; + mbedtls_test_ssl_endpoint base_ep, second_ep; int ret = -1; mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); @@ -4103,7 +4103,7 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.client_min_version = client_min_version; @@ -4131,7 +4131,7 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.cipher = cipher; @@ -4161,7 +4161,7 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.mfl = mfl; @@ -4204,7 +4204,7 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_serialization() { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.serialize = 1; @@ -4220,8 +4220,8 @@ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) { - handshake_test_options options; - log_pattern srv_pattern, cli_pattern; + mbedtls_test_handshake_test_options options; + mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; srv_pattern.counter = 0; @@ -4254,7 +4254,7 @@ void handshake_fragmentation(int mfl, /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.renegotiate = 1; @@ -4271,7 +4271,7 @@ void renegotiation(int legacy_renegotiation) void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { - handshake_test_options options; + mbedtls_test_handshake_test_options options; init_handshake_options(&options); options.mfl = mfl; @@ -4314,7 +4314,7 @@ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; - mbedtls_endpoint client, server; + mbedtls_test_ssl_endpoint client, server; mbedtls_psa_stats_t stats; size_t free_slots_before = -1; From 59ab276ef1c91dae13154e2739b12d92f7097672 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 26 Oct 2022 09:57:53 +0800 Subject: [PATCH 03/14] Move the renamed typedef statements to ssl_helpers.h With this change, the renamed typedef statements (commit abfdcd8) are moved from test_suite_ssl.function into ssl_helpers.h Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 120 +++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 110 ------------------------ 2 files changed, 120 insertions(+), 110 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 0209f4775..30a9823fd 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -25,4 +25,124 @@ #include +#include +#include +#include + +typedef struct mbedtls_test_ssl_log_pattern { + const char *pattern; + size_t counter; +} mbedtls_test_ssl_log_pattern; + +/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */ +#define TEST_SSL_MINOR_VERSION_NONE -1 + +typedef struct mbedtls_test_handshake_test_options { + const char *cipher; + int client_min_version; + int client_max_version; + int server_min_version; + int server_max_version; + int expected_negotiated_version; + int pk_alg; + data_t *psk_str; + int dtls; + int srv_auth_mode; + int serialize; + int mfl; + int cli_msg_len; + int srv_msg_len; + int expected_cli_fragments; + int expected_srv_fragments; + int renegotiate; + int legacy_renegotiation; + void *srv_log_obj; + void *cli_log_obj; + void (*srv_log_fun)(void *, int, const char *, int, const char *); + void (*cli_log_fun)(void *, int, const char *, int, const char *); + int resize_buffers; +} mbedtls_test_handshake_test_options; + +/* + * Buffer structure for custom I/O callbacks. + */ +typedef struct mbedtls_test_ssl_buffer { + size_t start; + size_t content_length; + size_t capacity; + unsigned char *buffer; +} mbedtls_test_ssl_buffer; + +/* + * Context for a message metadata queue (fifo) that is on top of the ring buffer. + */ +typedef struct mbedtls_test_ssl_message_queue { + size_t *messages; + int pos; + int num; + int capacity; +} mbedtls_test_ssl_message_queue; + +/* + * Context for the I/O callbacks simulating network connection. + */ + +#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 + +typedef struct mbedtls_test_mock_socket { + int status; + mbedtls_test_ssl_buffer *input; + mbedtls_test_ssl_buffer *output; + struct mbedtls_test_mock_socket *peer; +} mbedtls_test_mock_socket; + +/* Errors used in the message socket mocks */ + +#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 +#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 +#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 + +/* + * Structure used as an addon, or a wrapper, around the mocked sockets. + * Contains an input queue, to which the other socket pushes metadata, + * and an output queue, to which this one pushes metadata. This context is + * considered as an owner of the input queue only, which is initialized and + * freed in the respective setup and free calls. + */ +typedef struct mbedtls_test_message_socket_context { + mbedtls_test_ssl_message_queue *queue_input; + mbedtls_test_ssl_message_queue *queue_output; + mbedtls_test_mock_socket *socket; +} mbedtls_test_message_socket_context; + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_CERTS_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) + +/* + * Structure with endpoint's certificates for SSL communication tests. + */ +typedef struct mbedtls_test_ssl_endpoint_certificate { + mbedtls_x509_crt *ca_cert; + mbedtls_x509_crt *cert; + mbedtls_pk_context *pkey; +} mbedtls_test_ssl_endpoint_certificate; + +/* + * Endpoint structure for SSL communication tests. + */ +typedef struct mbedtls_test_ssl_endpoint { + const char *name; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_entropy_context entropy; + mbedtls_test_mock_socket socket; + mbedtls_test_ssl_endpoint_certificate cert; +} mbedtls_test_ssl_endpoint; + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + #endif /* SSL_HELPERS_H */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8f6d24749..4a6c6fbf1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1,8 +1,5 @@ /* BEGIN_HEADER */ -#include #include -#include -#include #include #include #include @@ -26,11 +23,6 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -typedef struct mbedtls_test_ssl_log_pattern { - const char *pattern; - size_t counter; -} mbedtls_test_ssl_log_pattern; - /* * This function can be passed to mbedtls to receive output logs from it. In * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received @@ -53,35 +45,6 @@ void log_analyzer(void *ctx, int level, } } -/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */ -#define TEST_SSL_MINOR_VERSION_NONE -1 - -typedef struct mbedtls_test_handshake_test_options { - const char *cipher; - int client_min_version; - int client_max_version; - int server_min_version; - int server_max_version; - int expected_negotiated_version; - int pk_alg; - data_t *psk_str; - int dtls; - int srv_auth_mode; - int serialize; - int mfl; - int cli_msg_len; - int srv_msg_len; - int expected_cli_fragments; - int expected_srv_fragments; - int renegotiate; - int legacy_renegotiation; - void *srv_log_obj; - void *cli_log_obj; - void (*srv_log_fun)(void *, int, const char *, int, const char *); - void (*cli_log_fun)(void *, int, const char *, int, const char *); - int resize_buffers; -} mbedtls_test_handshake_test_options; - void init_handshake_options(mbedtls_test_handshake_test_options *opts) { opts->cipher = ""; @@ -108,16 +71,6 @@ void init_handshake_options(mbedtls_test_handshake_test_options *opts) opts->cli_log_fun = NULL; opts->resize_buffers = 1; } -/* - * Buffer structure for custom I/O callbacks. - */ - -typedef struct mbedtls_test_ssl_buffer { - size_t start; - size_t content_length; - size_t capacity; - unsigned char *buffer; -} mbedtls_test_ssl_buffer; /* * Initialises \p buf. After calling this function it is safe to call @@ -260,16 +213,6 @@ int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, #define MBEDTLS_TEST_ERROR_ARG_NULL -11 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 -/* - * Context for a message metadata queue (fifo) that is on top of the ring buffer. - */ -typedef struct mbedtls_test_ssl_message_queue { - size_t *messages; - int pos; - int num; - int capacity; -} mbedtls_test_ssl_message_queue; - /* * Setup and free functions for the message metadata queue. * @@ -391,18 +334,6 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, *msg_len = queue->messages[queue->pos]; return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -/* - * Context for the I/O callbacks simulating network connection. - */ - -#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 - -typedef struct mbedtls_test_mock_socket { - int status; - mbedtls_test_ssl_buffer *input; - mbedtls_test_ssl_buffer *output; - struct mbedtls_test_mock_socket *peer; -} mbedtls_test_mock_socket; /* * Setup and teardown functions for mock sockets. @@ -564,25 +495,6 @@ int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_buffer_get(socket->input, buf, len); } -/* Errors used in the message socket mocks */ - -#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 -#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 -#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 - -/* - * Structure used as an addon, or a wrapper, around the mocked sockets. - * Contains an input queue, to which the other socket pushes metadata, - * and an output queue, to which this one pushes metadata. This context is - * considered as an owner of the input queue only, which is initialized and - * freed in the respective setup and free calls. - */ -typedef struct mbedtls_test_message_socket_context { - mbedtls_test_ssl_message_queue *queue_input; - mbedtls_test_ssl_message_queue *queue_output; - mbedtls_test_mock_socket *socket; -} mbedtls_test_message_socket_context; - void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; @@ -733,28 +645,6 @@ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) -/* - * Structure with endpoint's certificates for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint_certificate { - mbedtls_x509_crt *ca_cert; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint_certificate; - -/* - * Endpoint structure for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint { - const char *name; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_test_mock_socket socket; - mbedtls_test_ssl_endpoint_certificate cert; -} mbedtls_test_ssl_endpoint; - /* * Deinitializes certificates from endpoint represented by \p ep. */ From c463849598d3ebc0c77bc07f56f0e6fd2e1e269a Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 26 Oct 2022 11:51:53 +0800 Subject: [PATCH 04/14] Rename the functions which are used to set up TLS connection Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 878 +++++++++++++-------------- 1 file changed, 439 insertions(+), 439 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4a6c6fbf1..a5fdd84ba 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -28,9 +28,9 @@ enum { * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received * logged messages. */ -void log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str) { mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; @@ -45,7 +45,7 @@ void log_analyzer(void *ctx, int level, } } -void init_handshake_options(mbedtls_test_handshake_test_options *opts) +void mbedtls_test_init_handshake_options(mbedtls_test_handshake_test_options *opts) { opts->cipher = ""; opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; @@ -74,18 +74,18 @@ void init_handshake_options(mbedtls_test_handshake_test_options *opts) /* * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_buffer_free()` on \p buf. + * `mbedtls_test_ssl_buffer_free()` on \p buf. */ -void mbedtls_test_buffer_init(mbedtls_test_ssl_buffer *buf) +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } /* * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf. + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` on \p buf. */ -int mbedtls_test_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { buf->buffer = (unsigned char *) mbedtls_calloc(capacity, sizeof(unsigned char)); @@ -97,7 +97,7 @@ int mbedtls_test_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) return 0; } -void mbedtls_test_buffer_free(mbedtls_test_ssl_buffer *buf) +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) { if (buf->buffer != NULL) { mbedtls_free(buf->buffer); @@ -110,15 +110,15 @@ void mbedtls_test_buffer_free(mbedtls_test_ssl_buffer *buf) * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. * * \p buf must have been initialized and set up by calling - * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. * * \retval \p input_len, if the data fits. * \retval 0 <= value < \p input_len, if the data does not fit. * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not * zero and \p input is NULL. */ -int mbedtls_test_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len) { size_t overflow = 0; @@ -167,14 +167,14 @@ int mbedtls_test_buffer_put(mbedtls_test_ssl_buffer *buf, * ring buffer will be dropped, if the requested length is available. * * \p buf must have been initialized and set up by calling - * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`. + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. * * \retval \p output_len, if the data is available. * \retval 0 <= value < \p output_len, if the data is not available. * \retval -1, if \buf is NULL or it hasn't been set up. */ -int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len) { size_t overflow = 0; @@ -222,8 +222,8 @@ int mbedtls_test_buffer_get(mbedtls_test_ssl_buffer *buf, * \retval 0, if a metadata queue of a given length can be allocated. * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. */ -int mbedtls_test_message_queue_setup(mbedtls_test_ssl_message_queue *queue, - size_t capacity) +int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, + size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); if (NULL == queue->messages) { @@ -237,7 +237,7 @@ int mbedtls_test_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return 0; } -void mbedtls_test_message_queue_free(mbedtls_test_ssl_message_queue *queue) +void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -258,8 +258,8 @@ void mbedtls_test_message_queue_free(mbedtls_test_ssl_message_queue *queue) * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. * \retval \p len, if the push was successful. */ -int mbedtls_test_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, - size_t len) +int mbedtls_test_ssl_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, + size_t len) { int place; if (queue == NULL) { @@ -286,8 +286,8 @@ int mbedtls_test_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, * \retval message length, if the pop was successful, up to the given \p buf_len. */ -int mbedtls_test_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len) +int mbedtls_test_ssl_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, + size_t buf_len) { size_t message_length; if (queue == NULL) { @@ -356,19 +356,19 @@ void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) * phenomenon that when closing a UDP connection the peer is not aware of the * connection having been closed. */ -void mbedtls_mock_socket_close(mbedtls_test_mock_socket *socket) +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { return; } if (socket->input != NULL) { - mbedtls_test_buffer_free(socket->input); + mbedtls_test_ssl_buffer_free(socket->input); mbedtls_free(socket->input); } if (socket->output != NULL) { - mbedtls_test_buffer_free(socket->output); + mbedtls_test_ssl_buffer_free(socket->output); mbedtls_free(socket->output); } @@ -389,9 +389,9 @@ void mbedtls_mock_socket_close(mbedtls_test_mock_socket *socket) * the correct value allows for simulation of MTU, sanity testing the mock * implementation and mocking TCP connections with lower memory cost. */ -int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize) { int ret = -1; @@ -401,8 +401,8 @@ int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - mbedtls_test_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_buffer_setup(peer1->output, bufsize))) { + mbedtls_test_ssl_buffer_init(peer1->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { goto exit; } @@ -412,8 +412,8 @@ int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - mbedtls_test_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_buffer_setup(peer2->output, bufsize))) { + mbedtls_test_ssl_buffer_init(peer2->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { goto exit; } @@ -428,8 +428,8 @@ int mbedtls_mock_socket_connect(mbedtls_test_mock_socket *peer1, exit: if (ret != 0) { - mbedtls_mock_socket_close(peer1); - mbedtls_mock_socket_close(peer2); + mbedtls_test_mock_socket_close(peer1); + mbedtls_test_mock_socket_close(peer2); } return ret; @@ -439,7 +439,7 @@ exit: * Callbacks for simulating blocking I/O over connection-oriented transport. */ -int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -447,10 +447,10 @@ int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) return -1; } - return mbedtls_test_buffer_put(socket->output, buf, len); + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); } -int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -458,14 +458,14 @@ int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return -1; } - return mbedtls_test_buffer_get(socket->input, buf, len); + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } /* * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ -int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -477,10 +477,10 @@ int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) return MBEDTLS_ERR_SSL_WANT_WRITE; } - return mbedtls_test_buffer_put(socket->output, buf, len); + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); } -int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -492,10 +492,10 @@ int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return MBEDTLS_ERR_SSL_WANT_READ; } - return mbedtls_test_buffer_get(socket->input, buf, len); + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; ctx->queue_output = NULL; @@ -511,13 +511,13 @@ void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx) * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message * queue failed. */ -int mbedtls_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) +int mbedtls_test_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) { - int ret = mbedtls_test_message_queue_setup(queue_input, queue_capacity); + int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); if (ret != 0) { return ret; } @@ -533,14 +533,14 @@ int mbedtls_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, * Close a given message socket context, along with the socket itself. Free the * memory allocated by the input queue. */ -void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { return; } - mbedtls_test_message_queue_free(ctx->queue_input); - mbedtls_mock_socket_close(ctx->socket); + mbedtls_test_ssl_message_queue_free(ctx->queue_input); + mbedtls_test_mock_socket_close(ctx->socket); memset(ctx, 0, sizeof(*ctx)); } @@ -550,13 +550,13 @@ void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx) * \retval \p len, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_test_mock_tcp_send_b failed. * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. * * This function will also return any error from - * mbedtls_test_message_queue_push_info. + * mbedtls_test_ssl_message_queue_push_info. */ -int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; @@ -574,11 +574,11 @@ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) return MBEDTLS_ERR_SSL_WANT_WRITE; } - if (mbedtls_mock_tcp_send_b(socket, buf, len) != (int) len) { + if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { return MBEDTLS_TEST_ERROR_SEND_FAILED; } - return mbedtls_test_message_queue_push_info(queue, len); + return mbedtls_test_ssl_message_queue_push_info(queue, len); } /* @@ -588,12 +588,12 @@ int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) * \retval message length, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_test_mock_tcp_recv_b failed. * * This function will also return any error other than * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info. */ -int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; @@ -623,19 +623,19 @@ int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) return ret; } - if (mbedtls_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { return MBEDTLS_TEST_ERROR_RECV_FAILED; } if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Drop the remaining part of the message */ - if (mbedtls_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) { /* Inconsistent state - part of the message was read, * and a part couldn't. Not much we can do here, but it should not * happen in test environment, unless forced manually. */ } } - mbedtls_test_message_queue_pop_info(queue, buf_len); + mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); return msg_len; } @@ -682,7 +682,7 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg) +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg) { int i = 0; int ret = -1; @@ -773,7 +773,7 @@ exit: } /* - * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()` + * Initializes \p ep structure. It is important to call `mbedtls_test_ssl_endpoint_free()` * after calling this function even if it fails. * * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or @@ -786,11 +786,11 @@ exit: * * \retval 0 on success, otherwise error code. */ -int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - const mbedtls_ecp_group_id *curves) +int mbedtls_test_ssl_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + const mbedtls_ecp_group_id *curves) { int ret = -1; @@ -814,9 +814,9 @@ int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int &(ep->ctr_drbg)); mbedtls_entropy_init(&(ep->entropy)); if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context) == 0); } else { mbedtls_mock_socket_init(&(ep->socket)); } @@ -829,13 +829,13 @@ int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int /* Non-blocking callbacks without timeout */ if (dtls_context != NULL) { mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, - mbedtls_mock_tcp_send_msg, - mbedtls_mock_tcp_recv_msg, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, NULL); } else { mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_mock_tcp_send_nb, - mbedtls_mock_tcp_recv_nb, + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, NULL); } @@ -863,7 +863,7 @@ int mbedtls_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int } #endif - ret = mbedtls_endpoint_certificate_init(ep, pk_alg); + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, pk_alg); TEST_ASSERT(ret == 0); exit: @@ -873,8 +873,8 @@ exit: /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) +void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) { mbedtls_endpoint_certificate_free(ep); @@ -884,9 +884,9 @@ void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, mbedtls_entropy_free(&(ep->entropy)); if (context != NULL) { - mbedtls_message_socket_close(context); + mbedtls_test_message_socket_close(context); } else { - mbedtls_mock_socket_close(&(ep->socket)); + mbedtls_test_mock_socket_close(&(ep->socket)); } } @@ -897,9 +897,9 @@ void mbedtls_endpoint_free(mbedtls_test_ssl_endpoint *ep, * * \retval 0 on success, otherwise error code. */ -int mbedtls_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state) { enum { BUFFSIZE = 1024 }; int max_steps = 1000; @@ -1079,12 +1079,12 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX #endif -static int build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - size_t cid0_len, - size_t cid1_len) +static int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, int ver, + size_t cid0_len, + size_t cid1_len) { mbedtls_cipher_info_t const *cipher_info; int ret = 0; @@ -1330,9 +1330,9 @@ cleanup: * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. */ -static int ssl_populate_session(mbedtls_ssl_session *session, - int ticket_len, - const char *crt_file) +static int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) { #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; @@ -1558,7 +1558,7 @@ int exchange_data(mbedtls_ssl_context *ssl_1, defined(MBEDTLS_CERTS_C) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) -void perform_handshake(mbedtls_test_handshake_test_options *options) +void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *options) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; @@ -1585,24 +1585,24 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); /* Client side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options->pk_alg, &client_context, - &client_queue, - &server_queue, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + options->pk_alg, &client_context, + &client_queue, + &server_queue, NULL) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options->pk_alg, NULL, NULL, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + options->pk_alg, NULL, NULL, + NULL, NULL) == 0); } if (options->client_min_version != TEST_SSL_MINOR_VERSION_NONE) { @@ -1629,19 +1629,19 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) /* Server side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options->pk_alg, &server_context, - &server_queue, - &client_queue, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + options->pk_alg, &server_context, + &server_queue, + &client_queue, NULL) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options->pk_alg, NULL, NULL, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + options->pk_alg, NULL, NULL, + NULL, NULL) == 0); } mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); @@ -1702,9 +1702,9 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) } #endif - TEST_ASSERT(mbedtls_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE) == 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { @@ -1720,9 +1720,9 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; } - TEST_ASSERT(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) + TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER) == expected_handshake_result); if (expected_handshake_result != 0) { @@ -1788,8 +1788,8 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); mbedtls_ssl_set_bio(&(server.ssl), &server_context, - mbedtls_mock_tcp_send_msg, - mbedtls_mock_tcp_recv_msg, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, NULL); #if defined(MBEDTLS_TIMING_C) @@ -1894,8 +1894,8 @@ void perform_handshake(mbedtls_test_handshake_test_options *options) #endif /* MBEDTLS_SSL_RENEGOTIATION */ exit: - mbedtls_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL); - mbedtls_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL); + mbedtls_test_ssl_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); @@ -1928,53 +1928,53 @@ void test_callback_buffer_sanity() memset(input, 0, sizeof(input)); /* Make sure calling put and get on NULL buffer results in error. */ - TEST_ASSERT(mbedtls_test_buffer_put(NULL, input, sizeof(input)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(NULL, output, sizeof(output)) + TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(NULL, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); /* Make sure calling put and get on a buffer that hasn't been set up results * in error. */ - mbedtls_test_buffer_init(&buf); + mbedtls_test_ssl_buffer_init(&buf); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, sizeof(output)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); /* Make sure calling put and get on NULL input only results in * error if the length is not zero, and that a NULL output is valid for data * dropping. */ - TEST_ASSERT(mbedtls_test_buffer_setup(&buf, sizeof(input)) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, sizeof(output)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) == 0); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == 0); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); /* Make sure calling put several times in the row is safe */ - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input)) + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == sizeof(input)); - TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, 2) == 2); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 1) == 1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 1); - TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 0); + TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); exit: - mbedtls_test_buffer_free(&buf); + mbedtls_test_ssl_buffer_free(&buf); } /* END_CASE */ @@ -2008,8 +2008,8 @@ void test_callback_buffer(int size, int put1, int put1_ret, size_t output_len; size_t i, j, written, read; - mbedtls_test_buffer_init(&buf); - TEST_ASSERT(mbedtls_test_buffer_setup(&buf, size) == 0); + mbedtls_test_ssl_buffer_init(&buf); + TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); /* Check the sanity of input parameters and initialise local variables. That * is, ensure that the amount of data is not negative and that we are not @@ -2068,11 +2068,11 @@ void test_callback_buffer(int size, int put1, int put1_ret, written = read = 0; for (j = 0; j < ROUNDS; j++) { - TEST_ASSERT(put_ret[j] == mbedtls_test_buffer_put(&buf, - input + written, put[j])); + TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, + input + written, put[j])); written += put_ret[j]; - TEST_ASSERT(get_ret[j] == mbedtls_test_buffer_get(&buf, - output + read, get[j])); + TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, + output + read, get[j])); read += get_ret[j]; TEST_ASSERT(read <= written); if (get_ret[j] > 0) { @@ -2086,7 +2086,7 @@ exit: mbedtls_free(input); mbedtls_free(output); - mbedtls_test_buffer_free(&buf); + mbedtls_test_ssl_buffer_free(&buf); } /* END_CASE */ @@ -2104,22 +2104,22 @@ void ssl_mock_sanity() mbedtls_test_mock_socket socket; mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_send_b(&socket, message, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); mbedtls_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); - mbedtls_mock_socket_close(&socket); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); + mbedtls_test_mock_socket_close(&socket); exit: - mbedtls_mock_socket_close(&socket); + mbedtls_test_mock_socket_close(&socket); } /* END_CASE */ @@ -2144,11 +2144,11 @@ void ssl_mock_tcp(int blocking) unsigned i; if (blocking == 0) { - send = mbedtls_mock_tcp_send_nb; - recv = mbedtls_mock_tcp_recv_nb; + send = mbedtls_test_mock_tcp_send_nb; + recv = mbedtls_test_mock_tcp_recv_nb; } else { - send = mbedtls_mock_tcp_send_b; - recv = mbedtls_mock_tcp_recv_b; + send = mbedtls_test_mock_tcp_send_b; + recv = mbedtls_test_mock_tcp_recv_b; } mbedtls_mock_socket_init(&client); @@ -2161,7 +2161,7 @@ void ssl_mock_tcp(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); /* Send the message to the server */ send_ret = recv_ret = 1; @@ -2211,8 +2211,8 @@ void ssl_mock_tcp(int blocking) exit: - mbedtls_mock_socket_close(&client); - mbedtls_mock_socket_close(&server); + mbedtls_test_mock_socket_close(&client); + mbedtls_test_mock_socket_close(&server); } /* END_CASE */ @@ -2241,11 +2241,11 @@ void ssl_mock_tcp_interleaving(int blocking) mbedtls_ssl_recv_t *recv; if (blocking == 0) { - send = mbedtls_mock_tcp_send_nb; - recv = mbedtls_mock_tcp_recv_nb; + send = mbedtls_test_mock_tcp_send_nb; + recv = mbedtls_test_mock_tcp_recv_nb; } else { - send = mbedtls_mock_tcp_send_b; - recv = mbedtls_mock_tcp_recv_b; + send = mbedtls_test_mock_tcp_send_b; + recv = mbedtls_test_mock_tcp_recv_b; } mbedtls_mock_socket_init(&client); @@ -2260,7 +2260,7 @@ void ssl_mock_tcp_interleaving(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; @@ -2338,8 +2338,8 @@ void ssl_mock_tcp_interleaving(int blocking) exit: - mbedtls_mock_socket_close(&client); - mbedtls_mock_socket_close(&server); + mbedtls_test_mock_socket_close(&client); + mbedtls_test_mock_socket_close(&server); } /* END_CASE */ @@ -2349,17 +2349,17 @@ void ssl_message_queue_sanity() mbedtls_test_ssl_message_queue queue; /* Trying to push/pull to an empty queue */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(NULL, 1) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(NULL, 1) + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 0); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2368,25 +2368,25 @@ void ssl_message_queue_basic() { mbedtls_test_ssl_message_queue queue; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* Sanity test - 3 pushes and 3 pops with sufficient space */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); TEST_ASSERT(queue.capacity == 3); TEST_ASSERT(queue.num == 3); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2395,24 +2395,24 @@ void ssl_message_queue_overflow_underflow() { mbedtls_test_ssl_message_queue queue; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* 4 pushes (last one with an error), 4 pops (last one with an error) */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2421,32 +2421,32 @@ void ssl_message_queue_interleaved() { mbedtls_test_ssl_message_queue queue; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops * (to wrap around the buffer) */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3) == 3); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 8) == 8); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 3) == 3); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 5) == 5); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 8) == 8); + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2457,15 +2457,15 @@ void ssl_message_queue_insufficient_buffer() size_t message_len = 10; size_t buffer_len = 5; - TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 1) == 0); + TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); /* Popping without a sufficient buffer */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, message_len) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) == (int) message_len); - TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, buffer_len) + TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) == (int) buffer_len); exit: - mbedtls_test_message_queue_free(&queue); + mbedtls_test_ssl_message_queue_free(&queue); } /* END_CASE */ @@ -2477,41 +2477,41 @@ void ssl_message_mock_uninitialized() mbedtls_test_mock_socket client, server; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); /* Send with a NULL context */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(NULL, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(NULL, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + &client, + &client_context) == 0); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_message_queue_push_info(&server_queue, MSGLEN) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, MSGLEN) == MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2524,48 +2524,48 @@ void ssl_message_mock_basic() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send the message to the server */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); /* Read from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, MSGLEN); /* Send the message to the client */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN) == MSGLEN); /* Read from the client */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2578,51 +2578,51 @@ void ssl_message_mock_queue_overflow_underflow() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN*2)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*2)); /* Send three message to the server, last one with an error */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) == MSGLEN - 1); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN - 1) == MSGLEN - 1); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_WRITE); /* Read three messages from the server, last one with an error */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) == MSGLEN - 1); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN - 1) == MSGLEN - 1); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2635,42 +2635,42 @@ void ssl_message_mock_socket_overflow() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send two message to the server, second one with an error */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2683,16 +2683,16 @@ void ssl_message_mock_truncated() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + &client, + &client_context) == 0); memset(received, 0, MSGLEN); /* Fill up the buffer with structured data so that unwanted changes @@ -2700,17 +2700,17 @@ void ssl_message_mock_truncated() for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - 2 * MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + 2 * MSGLEN)); /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) == MSGLEN / 2); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN / 2) == MSGLEN / 2); /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) == MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ @@ -2720,15 +2720,15 @@ void ssl_message_mock_truncated() memset(received, 0, MSGLEN); /* Read a full message from the server */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) == MSGLEN / 2); /* Test that the first half of the message is valid */ TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2741,31 +2741,31 @@ void ssl_message_mock_socket_read_error() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; @@ -2774,14 +2774,14 @@ void ssl_message_mock_socket_read_error() /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2794,51 +2794,51 @@ void ssl_message_mock_interleaved_one_way() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, and then two reads * (to wrap around the buffer) */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); } - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2851,49 +2851,49 @@ void ssl_message_mock_interleaved_two_ways() unsigned i; mbedtls_test_ssl_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; - mbedtls_message_socket_init(&server_context); - mbedtls_message_socket_init(&client_context); + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3, - &server, - &server_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + &server, + &server_context) == 0); - TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3, - &client, - &client_context) == 0); + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + &client, + &client_context) == 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads * (to wrap around the buffer) both ways. */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN) == MSGLEN); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -2901,27 +2901,27 @@ void ssl_message_mock_interleaved_two_ways() } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); memset(received, 0, sizeof(received)); } - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: - mbedtls_message_socket_close(&server_context); - mbedtls_message_socket_close(&client_context); + mbedtls_test_message_socket_close(&server_context); + mbedtls_test_message_socket_close(&client_context); } /* END_CASE */ @@ -2992,10 +2992,10 @@ void ssl_crypt_record(int cipher_type, int hash_id, mbedtls_ssl_init(&ssl); mbedtls_ssl_transform_init(&t0); mbedtls_ssl_transform_init(&t1); - TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len) == 0); + TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver, + (size_t) cid0_len, + (size_t) cid1_len) == 0); TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); @@ -3141,10 +3141,10 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, mbedtls_ssl_init(&ssl); mbedtls_ssl_transform_init(&t0); mbedtls_ssl_transform_init(&t1); - TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len) == 0); + TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver, + (size_t) cid0_len, + (size_t) cid1_len) == 0); TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL); @@ -3293,10 +3293,10 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, mbedtls_ssl_transform_init(&t1); /* Set up transforms with dummy keys */ - TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id, - 0, trunc_hmac, - MBEDTLS_SSL_MINOR_VERSION_3, - 0, 0) == 0); + TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + 0, trunc_hmac, + MBEDTLS_SSL_MINOR_VERSION_3, + 0, 0) == 0); /* Determine padding/plaintext length */ TEST_ASSERT(length_selector >= -2 && length_selector <= 255); @@ -3651,7 +3651,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&restored); /* Prepare a dummy session to work on */ - TEST_ASSERT(ssl_populate_session(&original, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session(&original, ticket_len, crt_file) == 0); /* Serialize it */ TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) @@ -3749,7 +3749,7 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&session); /* Prepare a dummy session to work on */ - TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session(&session, ticket_len, crt_file) == 0); /* Get desired buffer size for serializing */ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) @@ -3799,7 +3799,7 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&session); /* Prepare dummy session and get serialized size */ - TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session(&session, ticket_len, crt_file) == 0); TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); @@ -3834,7 +3834,7 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&session); /* Prepare serialized session data */ - TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session(&session, ticket_len, crt_file) == 0); TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL); @@ -3930,19 +3930,19 @@ void mbedtls_endpoint_sanity(int endpoint_type) mbedtls_test_ssl_endpoint ep; int ret = -1; - ret = mbedtls_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA, - NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA, + NULL, NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - ret = mbedtls_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA); + ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - ret = mbedtls_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA, - NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA, + NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); exit: - mbedtls_endpoint_free(&ep, NULL); + mbedtls_test_ssl_endpoint_free(&ep, NULL); } /* END_CASE */ @@ -3956,24 +3956,24 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); - ret = mbedtls_endpoint_init(&base_ep, endpoint_type, MBEDTLS_PK_RSA, - NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, MBEDTLS_PK_RSA, + NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); - ret = mbedtls_endpoint_init(&second_ep, - (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&second_ep, + (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, + MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); - ret = mbedtls_mock_socket_connect(&(base_ep.socket), - &(second_ep.socket), - BUFFSIZE); + ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), + &(second_ep.socket), + BUFFSIZE); TEST_ASSERT(ret == 0); - ret = mbedtls_move_handshake_to_state(&(base_ep.ssl), - &(second_ep.ssl), - state); + ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), + &(second_ep.ssl), + state); if (need_pass) { TEST_ASSERT(ret == 0); TEST_ASSERT(base_ep.ssl.state == state); @@ -3983,8 +3983,8 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) } exit: - mbedtls_endpoint_free(&base_ep, NULL); - mbedtls_endpoint_free(&second_ep, NULL); + mbedtls_test_ssl_endpoint_free(&base_ep, NULL); + mbedtls_test_ssl_endpoint_free(&second_ep, NULL); } /* END_CASE */ @@ -3994,7 +3994,7 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, int expected_negotiated_version) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.client_min_version = client_min_version; options.client_max_version = client_max_version; @@ -4011,7 +4011,7 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, options.expected_cli_fragments = 2; options.expected_srv_fragments = 2; } - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; @@ -4022,14 +4022,14 @@ void handshake_version(int dtls, int client_min_version, int client_max_version, void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.cipher = cipher; options.dtls = dtls; options.psk_str = psk_str; options.pk_alg = pk_alg; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; @@ -4052,7 +4052,7 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_srv_fragments, int dtls) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.mfl = mfl; options.cli_msg_len = cli_msg_len; @@ -4061,7 +4061,7 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len, options.expected_srv_fragments = expected_srv_fragments; options.dtls = dtls; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } @@ -4095,11 +4095,11 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, void handshake_serialization() { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.serialize = 1; options.dtls = 1; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } @@ -4117,7 +4117,7 @@ void handshake_fragmentation(int mfl, srv_pattern.counter = 0; cli_pattern.counter = 0; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.dtls = 1; options.mfl = mfl; /* Set cipher to one using CBC so that record splitting can be tested */ @@ -4125,10 +4125,10 @@ void handshake_fragmentation(int mfl, options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; options.srv_log_obj = &srv_pattern; options.cli_log_obj = &cli_pattern; - options.srv_log_fun = log_analyzer; - options.cli_log_fun = log_analyzer; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + options.cli_log_fun = mbedtls_test_ssl_log_analyzer; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* Test if the server received a fragmented handshake */ if (expected_srv_hs_fragmentation) { @@ -4145,13 +4145,13 @@ void handshake_fragmentation(int mfl, void renegotiation(int legacy_renegotiation) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.renegotiate = 1; options.legacy_renegotiation = legacy_renegotiation; options.dtls = 1; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } @@ -4162,7 +4162,7 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { mbedtls_test_handshake_test_options options; - init_handshake_options(&options); + mbedtls_test_init_handshake_options(&options); options.mfl = mfl; options.cipher = cipher; @@ -4172,7 +4172,7 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, options.dtls = dtls; options.resize_buffers = 1; - perform_handshake(&options); + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } @@ -4217,22 +4217,22 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the * required 0x04 identifier invalid. */ - TEST_EQUAL(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_PK_ECDSA, NULL, NULL, - NULL, curve_list), 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_PK_ECDSA, NULL, NULL, + NULL, curve_list), 0); /* Server side */ - TEST_EQUAL(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - MBEDTLS_PK_ECDSA, NULL, NULL, - NULL, NULL), 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + MBEDTLS_PK_ECDSA, NULL, NULL, + NULL, NULL), 0); - TEST_EQUAL(mbedtls_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE), 0); + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE), 0); - TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) , 0); mbedtls_psa_get_stats(&stats); @@ -4246,9 +4246,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; } - TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); mbedtls_psa_get_stats(&stats); @@ -4260,8 +4260,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) } exit: - mbedtls_endpoint_free(&client, NULL); - mbedtls_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); USE_PSA_DONE(); } From 862ef862fdb1632458cfb7c1edb2687592f8ba5f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Mar 2023 11:05:04 +0800 Subject: [PATCH 05/14] Rewrap the lines to fit code standard in test_suite_ssl.function As the typedef statements and functions are renamed in commit abfdcd8 and commit c463849 respectively. This commit aims to align code lines to fit code standard and improve code readability. Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 349 +++++++++++++++++---------- 1 file changed, 216 insertions(+), 133 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a5fdd84ba..d199d106f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -25,8 +25,8 @@ enum { /* * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern in the received - * logged messages. + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. */ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, @@ -45,7 +45,8 @@ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, } } -void mbedtls_test_init_handshake_options(mbedtls_test_handshake_test_options *opts) +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts) { opts->cipher = ""; opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; @@ -83,9 +84,11 @@ void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) /* * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` on \p buf. + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity) { buf->buffer = (unsigned char *) mbedtls_calloc(capacity, sizeof(unsigned char)); @@ -222,8 +225,8 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, * \retval 0, if a metadata queue of a given length can be allocated. * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. */ -int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, - size_t capacity) +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); if (NULL == queue->messages) { @@ -237,7 +240,8 @@ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return 0; } -void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -258,8 +262,8 @@ void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. * \retval \p len, if the push was successful. */ -int mbedtls_test_ssl_message_queue_push_info(mbedtls_test_ssl_message_queue *queue, - size_t len) +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len) { int place; if (queue == NULL) { @@ -286,8 +290,8 @@ int mbedtls_test_ssl_message_queue_push_info(mbedtls_test_ssl_message_queue *que * \retval message length, if the pop was successful, up to the given \p buf_len. */ -int mbedtls_test_ssl_message_queue_pop_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len) +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len) { size_t message_length; if (queue == NULL) { @@ -396,7 +400,8 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, int ret = -1; peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); if (peer1->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -407,7 +412,8 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, } peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_ssl_buffer)); + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); if (peer2->output == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -439,7 +445,8 @@ exit: * Callbacks for simulating blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -465,7 +472,8 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -495,7 +503,8 @@ int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; ctx->queue_output = NULL; @@ -511,11 +520,12 @@ void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message * queue failed. */ -int mbedtls_test_message_socket_setup(mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) { int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); if (ret != 0) { @@ -533,7 +543,8 @@ int mbedtls_test_message_socket_setup(mbedtls_test_ssl_message_queue *queue_inpu * Close a given message socket context, along with the socket itself. Free the * memory allocated by the input queue. */ -void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { return; @@ -550,17 +561,20 @@ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) * \retval \p len, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. * * This function will also return any error from * mbedtls_test_ssl_message_queue_push_info. */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; if (context == NULL || context->socket == NULL || context->queue_output == NULL) { @@ -588,16 +602,20 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t l * \retval message length, if everything succeeds. * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_test_mock_tcp_recv_b failed. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. * * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info. + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; size_t drop_len = 0; size_t msg_len; int ret; @@ -629,7 +647,8 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != + (int) drop_len) { /* Inconsistent state - part of the message was read, * and a part couldn't. Not much we can do here, but it should not * happen in test environment, unless forced manually. */ @@ -682,7 +701,8 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) * * \retval 0 on success, otherwise error code. */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg) +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg) { int i = 0; int ret = -1; @@ -773,8 +793,9 @@ exit: } /* - * Initializes \p ep structure. It is important to call `mbedtls_test_ssl_endpoint_free()` - * after calling this function even if it fails. + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. * * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or * MBEDTLS_SSL_IS_CLIENT. @@ -786,11 +807,12 @@ exit: * * \retval 0 on success, otherwise error code. */ -int mbedtls_test_ssl_endpoint_init(mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - const mbedtls_ecp_group_id *curves) +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + const mbedtls_ecp_group_id *curves) { int ret = -1; @@ -873,8 +895,9 @@ exit: /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) { mbedtls_endpoint_certificate_free(ep); @@ -939,8 +962,9 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, /* * Write application data. Increase write counter if necessary. */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *written, +int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *written, const int expected_fragments) { /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is @@ -983,9 +1007,10 @@ exit: /* * Read application data and increase read counter and fragments counter if necessary. */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *read, - int *fragments, const int expected_fragments) +int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *read, int *fragments, + const int expected_fragments) { /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ @@ -1079,12 +1104,12 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX #endif -static int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - size_t cid0_len, - size_t cid1_len) +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, int ver, + size_t cid0_len, + size_t cid1_len) { mbedtls_cipher_info_t const *cipher_info; int ret = 0; @@ -1330,9 +1355,9 @@ cleanup: * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. */ -static int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, - int ticket_len, - const char *crt_file) +int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) { #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; @@ -1558,7 +1583,8 @@ int exchange_data(mbedtls_ssl_context *ssl_1, defined(MBEDTLS_CERTS_C) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) -void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *options) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options) { /* forced_ciphersuite needs to last until the end of the handshake */ int forced_ciphersuite[2]; @@ -1590,8 +1616,10 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt /* Client side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options->pk_alg, &client_context, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options->pk_alg, + &client_context, &client_queue, &server_queue, NULL) == 0); #if defined(MBEDTLS_TIMING_C) @@ -1600,7 +1628,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, options->pk_alg, NULL, NULL, NULL, NULL) == 0); } @@ -1629,8 +1658,10 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt /* Server side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options->pk_alg, &server_context, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options->pk_alg, + &server_context, &server_queue, &client_queue, NULL) == 0); #if defined(MBEDTLS_TIMING_C) @@ -1639,7 +1670,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, options->pk_alg, NULL, NULL, NULL, NULL) == 0); } @@ -1720,9 +1752,8 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; } - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER) == expected_handshake_result); if (expected_handshake_result != 0) { @@ -1894,8 +1925,10 @@ void mbedtls_test_ssl_perform_handshake(mbedtls_test_handshake_test_options *opt #endif /* MBEDTLS_SSL_RENEGOTIATION */ exit: - mbedtls_test_ssl_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL); + mbedtls_test_ssl_endpoint_free(&client, + options->dtls != 0 ? &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, + options->dtls != 0 ? &server_context : NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); @@ -1932,7 +1965,8 @@ void test_callback_buffer_sanity() == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); @@ -1941,10 +1975,12 @@ void test_callback_buffer_sanity() * in error. */ mbedtls_test_ssl_buffer_init(&buf); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); @@ -1956,7 +1992,8 @@ void test_callback_buffer_sanity() TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) == -1); + TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) + == -1); TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) == 0); TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); @@ -2091,8 +2128,8 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_mock_socket` related I/O functions is - * correct and works as expected on unconnected sockets. + * Test if the implementation of `mbedtls_test_mock_socket` related + * I/O functions is correct and works as expected on unconnected sockets. */ /* BEGIN_CASE */ @@ -2124,8 +2161,8 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_mock_socket` related functions can - * send a single message from the client to the server. + * Test if the implementation of `mbedtls_test_mock_socket` related functions + * can send a single message from the client to the server. */ /* BEGIN_CASE */ @@ -2217,8 +2254,8 @@ exit: /* END_CASE */ /* - * Test if the implementation of `mbedtls_test_mock_socket` related functions can - * send messages in both direction at the same time (with the I/O calls + * Test if the implementation of `mbedtls_test_mock_socket` related functions + * can send messages in both direction at the same time (with the I/O calls * interleaving). */ @@ -2260,7 +2297,8 @@ void ssl_mock_tcp_interleaving(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN)); + TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; @@ -2487,27 +2525,33 @@ void ssl_message_mock_uninitialized() TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, &client, &client_context) == 0); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, MSGLEN) + TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, + MSGLEN) == MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); exit: mbedtls_test_message_socket_close(&server_context); @@ -2527,11 +2571,13 @@ void ssl_message_mock_basic() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, &client, &client_context) == 0); @@ -2545,10 +2591,12 @@ void ssl_message_mock_basic() /* Send the message to the server */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); /* Read from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -2559,7 +2607,8 @@ void ssl_message_mock_basic() MSGLEN) == MSGLEN); /* Read from the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -2581,11 +2630,13 @@ void ssl_message_mock_queue_overflow_underflow() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, &client, &client_context) == 0); @@ -2599,10 +2650,12 @@ void ssl_message_mock_queue_overflow_underflow() /* Send three message to the server, last one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) == MSGLEN - 1); + MSGLEN - 1) + == MSGLEN - 1); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) @@ -2610,14 +2663,17 @@ void ssl_message_mock_queue_overflow_underflow() /* Read three messages from the server, last one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) == MSGLEN - 1); + MSGLEN - 1) + == MSGLEN - 1); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: @@ -2638,11 +2694,13 @@ void ssl_message_mock_socket_overflow() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, &client, &client_context) == 0); @@ -2656,14 +2714,16 @@ void ssl_message_mock_socket_overflow() /* Send two message to the server, second one with an error */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, MSGLEN) == MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -2686,11 +2746,13 @@ void ssl_message_mock_truncated() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 2, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, &client, &client_context) == 0); @@ -2706,11 +2768,14 @@ void ssl_message_mock_truncated() /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) == MSGLEN / 2); + MSGLEN / 2) + == MSGLEN / 2); /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2) == MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ @@ -2720,7 +2785,8 @@ void ssl_message_mock_truncated() memset(received, 0, MSGLEN); /* Read a full message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN/2) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2) == MSGLEN / 2); /* Test that the first half of the message is valid */ @@ -2744,11 +2810,13 @@ void ssl_message_mock_socket_read_error() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 1, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, &client, &client_context) == 0); @@ -2761,11 +2829,13 @@ void ssl_message_mock_socket_read_error() MSGLEN)); TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + MSGLEN) + == MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; @@ -2774,7 +2844,8 @@ void ssl_message_mock_socket_read_error() /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MSGLEN); TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); @@ -2797,11 +2868,13 @@ void ssl_message_mock_interleaved_one_way() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, &client, &client_context) == 0); @@ -2834,7 +2907,8 @@ void ssl_message_mock_interleaved_one_way() TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); @@ -2854,11 +2928,13 @@ void ssl_message_mock_interleaved_two_ways() mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, &client_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, &server, &server_context) == 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, &server_queue, 3, + TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, &client, &client_context) == 0); @@ -2914,10 +2990,12 @@ void ssl_message_mock_interleaved_two_ways() memset(received, 0, sizeof(received)); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, MSGLEN) + TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN) == MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); @@ -3651,7 +3729,8 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&restored); /* Prepare a dummy session to work on */ - TEST_ASSERT(mbedtls_test_ssl_populate_session(&original, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session( + &original, ticket_len, crt_file) == 0); /* Serialize it */ TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) @@ -3749,7 +3828,8 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&session); /* Prepare a dummy session to work on */ - TEST_ASSERT(mbedtls_test_ssl_populate_session(&session, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session( + &session, ticket_len, crt_file) == 0); /* Get desired buffer size for serializing */ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) @@ -3799,7 +3879,8 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&session); /* Prepare dummy session and get serialized size */ - TEST_ASSERT(mbedtls_test_ssl_populate_session(&session, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session( + &session, ticket_len, crt_file) == 0); TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); @@ -3834,7 +3915,8 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file) mbedtls_ssl_session_init(&session); /* Prepare serialized session data */ - TEST_ASSERT(mbedtls_test_ssl_populate_session(&session, ticket_len, crt_file) == 0); + TEST_ASSERT(mbedtls_test_ssl_populate_session( + &session, ticket_len, crt_file) == 0); TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL); @@ -3956,14 +4038,16 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); - ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, MBEDTLS_PK_RSA, + ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, + MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); - ret = mbedtls_test_ssl_endpoint_init(&second_ep, - (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init( + &second_ep, + (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, + MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL); TEST_ASSERT(ret == 0); ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), @@ -4230,9 +4314,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) &(server.socket), BUFFSIZE), 0); - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), + MBEDTLS_SSL_CLIENT_KEY_EXCHANGE) , 0); mbedtls_psa_get_stats(&stats); @@ -4246,9 +4330,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; } - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); mbedtls_psa_get_stats(&stats); From 82b414938e0084169ac9a2dd69148efcc021a492 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Mar 2023 12:26:44 +0800 Subject: [PATCH 06/14] Improve code readability for test_suite_ssl.function Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 146 ++++++++++++++++----------- 1 file changed, 85 insertions(+), 61 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d199d106f..4949572b0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -724,9 +724,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, /* Load the trusted CA */ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der(cert->ca_cert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); + ret = mbedtls_x509_crt_parse_der( + cert->ca_cert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i]); TEST_ASSERT(ret == 0); } @@ -734,46 +735,54 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } else { if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { - ret = mbedtls_x509_crt_parse(cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); TEST_ASSERT(ret == 0); - ret = mbedtls_pk_parse_key(cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0); + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } @@ -816,7 +825,8 @@ int mbedtls_test_ssl_endpoint_init( { int ret = -1; - if (dtls_context != NULL && (input_queue == NULL || output_queue == NULL)) { + if (dtls_context != NULL && + (input_queue == NULL || output_queue == NULL)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -844,7 +854,8 @@ int mbedtls_test_ssl_endpoint_init( } ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func, - &(ep->entropy), (const unsigned char *) (ep->name), + &(ep->entropy), + (const unsigned char *) (ep->name), strlen(ep->name)); TEST_ASSERT(ret == 0); @@ -957,7 +968,8 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, } #endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ /* * Write application data. Increase write counter if necessary. @@ -1005,7 +1017,8 @@ exit: } /* - * Read application data and increase read counter and fragments counter if necessary. + * Read application data and increase read counter and fragments counter + * if necessary. */ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, int buf_len, @@ -1050,10 +1063,10 @@ exit: * and version. */ -#define CHK(x) \ +#define CHK(x) \ do \ { \ - if (!(x)) \ + if (!(x)) \ { \ ret = -1; \ goto cleanup; \ @@ -1448,13 +1461,15 @@ int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, * message was sent in the correct number of fragments. * * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected beforehand. + * of them must be initialized and connected + * beforehand. * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. * /p expected_fragments_1 and /p expected_fragments_2 determine in how many * fragments the message should be sent. * expected_fragments is 0: can be used for DTLS testing while the message * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second endpoint. + * cannot be fragmented and sent to the second + * endpoint. * This value can be used for negative tests. * expected_fragments is 1: can be used for TLS/DTLS testing while the * message size is below MFL @@ -1690,24 +1705,28 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) == 0); + (unsigned char) options->mfl) + == 0); TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) == 0); + (unsigned char) options->mfl) + == 0); #else TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk(&client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); + TEST_ASSERT(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); + TEST_ASSERT(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); } @@ -1811,7 +1830,8 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, context_buf_len, - &context_buf_len) == 0); + &context_buf_len) + == 0); mbedtls_ssl_free(&(server.ssl)); mbedtls_ssl_init(&(server.ssl)); @@ -1849,12 +1869,13 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), - options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), - options->srv_msg_len, - options->expected_srv_fragments) + TEST_ASSERT(mbedtls_exchange_data( + &(client.ssl), + options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), + options->srv_msg_len, + options->expected_srv_fragments) == 0); } } @@ -1882,11 +1903,12 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(client.ssl.renego_status == MBEDTLS_SSL_RENEGOTIATION_DONE); - /* After calling mbedtls_ssl_renegotiate for the client all renegotiation - * should happen inside this function. However in this test, we cannot - * perform simultaneous communication between client and server so this - * function will return waiting error on the socket. All rest of - * renegotiation should happen during data exchanging */ + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ ret = mbedtls_ssl_renegotiate(&(client.ssl)); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { @@ -3595,10 +3617,12 @@ void ssl_tls1_3_traffic_key_generation(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT(client_secret->len == server_secret->len); - TEST_ASSERT(expected_client_write_iv->len == expected_server_write_iv->len && - expected_client_write_iv->len == (size_t) desired_iv_len); - TEST_ASSERT(expected_client_write_key->len == expected_server_write_key->len && - expected_client_write_key->len == (size_t) desired_key_len); + TEST_ASSERT( + expected_client_write_iv->len == expected_server_write_iv->len && + expected_client_write_iv->len == (size_t) desired_iv_len); + TEST_ASSERT( + expected_client_write_key->len == expected_server_write_key->len && + expected_client_write_key->len == (size_t) desired_key_len); TEST_ASSERT(mbedtls_ssl_tls1_3_make_traffic_keys( (mbedtls_md_type_t) hash_alg, From bd56b035f16e9e044eb404838364f144995b64f2 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Mar 2023 14:36:48 +0800 Subject: [PATCH 07/14] Move TLS connection related functions to ssl_helpers.c Some functions are renamed in commit c463849. This change moves all those functions which are used to set up a TLS connection from test_suite_ssl.function into ssl_helpers.c. Signed-off-by: Yanray Wang --- tests/src/ssl_helpers.c | 1943 ++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 1942 ------------------------- 2 files changed, 1943 insertions(+), 1942 deletions(-) diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c index 618b3ec17..a55664415 100644 --- a/tests/src/ssl_helpers.c +++ b/tests/src/ssl_helpers.c @@ -21,3 +21,1946 @@ */ #include + +/* + * This function can be passed to mbedtls to receive output logs from it. In + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. + */ +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str) +{ + mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; + + (void) level; + (void) line; + (void) file; + + if (NULL != p && + NULL != p->pattern && + NULL != strstr(str, p->pattern)) { + p->counter++; + } +} + +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts) +{ + opts->cipher = ""; + opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; + opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE; + opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE; + opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE; + opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3; + opts->pk_alg = MBEDTLS_PK_RSA; + opts->psk_str = NULL; + opts->dtls = 0; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->serialize = 0; + opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; + opts->cli_msg_len = 100; + opts->srv_msg_len = 100; + opts->expected_cli_fragments = 1; + opts->expected_srv_fragments = 1; + opts->renegotiate = 0; + opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + opts->srv_log_obj = NULL; + opts->srv_log_obj = NULL; + opts->srv_log_fun = NULL; + opts->cli_log_fun = NULL; + opts->resize_buffers = 1; +} + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_free()` on \p buf. + */ +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) +{ + memset(buf, 0, sizeof(*buf)); +} + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. + */ +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity) +{ + buf->buffer = (unsigned char *) mbedtls_calloc(capacity, + sizeof(unsigned char)); + if (NULL == buf->buffer) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + buf->capacity = capacity; + + return 0; +} + +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) +{ + if (buf->buffer != NULL) { + mbedtls_free(buf->buffer); + } + + memset(buf, 0, sizeof(*buf)); +} + +/* + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len) +{ + size_t overflow = 0; + + if ((buf == NULL) || (buf->buffer == NULL)) { + return -1; + } + + /* Reduce input_len to a number that fits in the buffer. */ + if ((buf->content_length + input_len) > buf->capacity) { + input_len = buf->capacity - buf->content_length; + } + + if (input == NULL) { + return (input_len == 0) ? 0 : -1; + } + + /* Check if the buffer has not come full circle and free space is not in + * the middle */ + if (buf->start + buf->content_length < buf->capacity) { + + /* Calculate the number of bytes that need to be placed at lower memory + * address */ + if (buf->start + buf->content_length + input_len + > buf->capacity) { + overflow = (buf->start + buf->content_length + input_len) + % buf->capacity; + } + + memcpy(buf->buffer + buf->start + buf->content_length, input, + input_len - overflow); + memcpy(buf->buffer, input + input_len - overflow, overflow); + + } else { + /* The buffer has come full circle and free space is in the middle */ + memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, + input, input_len); + } + + buf->content_length += input_len; + return input_len; +} + +/* + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL or it hasn't been set up. + */ +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len) +{ + size_t overflow = 0; + + if ((buf == NULL) || (buf->buffer == NULL)) { + return -1; + } + + if (output == NULL && output_len == 0) { + return 0; + } + + if (buf->content_length < output_len) { + output_len = buf->content_length; + } + + /* Calculate the number of bytes that need to be drawn from lower memory + * address */ + if (buf->start + output_len > buf->capacity) { + overflow = (buf->start + output_len) % buf->capacity; + } + + if (output != NULL) { + memcpy(output, buf->buffer + buf->start, output_len - overflow); + memcpy(output + output_len - overflow, buf->buffer, overflow); + } + + buf->content_length -= output_len; + buf->start = (buf->start + output_len) % buf->capacity; + + return output_len; +} + +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity) +{ + queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); + if (NULL == queue->messages) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + queue->capacity = capacity; + queue->pos = 0; + queue->num = 0; + + return 0; +} + +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue) +{ + if (queue == NULL) { + return; + } + + if (queue->messages != NULL) { + mbedtls_free(queue->messages); + } + + memset(queue, 0, sizeof(*queue)); +} + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len) +{ + int place; + if (queue == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + + if (queue->num >= queue->capacity) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + place = (queue->pos + queue->num) % queue->capacity; + queue->messages[place] = len; + queue->num++; + return len; +} + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len) +{ + size_t message_length; + if (queue == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + if (queue->num == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + message_length = queue->messages[queue->pos]; + queue->messages[queue->pos] = 0; + queue->num--; + queue->pos++; + queue->pos %= queue->capacity; + if (queue->pos < 0) { + queue->pos += queue->capacity; + } + + return (message_length > buf_len) ? buf_len : message_length; +} + +/* + * Take a peek on the info about the next message length from the queue. + * This will be the oldest inserted message length(fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval 0, if the peek was successful. + * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is + * too small to fit the message. In this case the \p msg_len will be + * set to the full message length so that the + * caller knows what portion of the message can be dropped. + */ +int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, + size_t buf_len, size_t *msg_len) +{ + if (queue == NULL || msg_len == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + if (queue->num == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + *msg_len = queue->messages[queue->pos]; + return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; +} + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) +{ + memset(socket, 0, sizeof(*socket)); +} + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) +{ + if (socket == NULL) { + return; + } + + if (socket->input != NULL) { + mbedtls_test_ssl_buffer_free(socket->input); + mbedtls_free(socket->input); + } + + if (socket->output != NULL) { + mbedtls_test_ssl_buffer_free(socket->output); + mbedtls_free(socket->output); + } + + if (socket->peer != NULL) { + memset(socket->peer, 0, sizeof(*socket->peer)); + } + + memset(socket, 0, sizeof(*socket)); +} + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacities of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize) +{ + int ret = -1; + + peer1->output = + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); + if (peer1->output == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_ssl_buffer_init(peer1->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { + goto exit; + } + + peer2->output = + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); + if (peer2->output == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_ssl_buffer_init(peer2->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { + goto exit; + } + + peer1->peer = peer2; + peer2->peer = peer1; + peer1->input = peer2->output; + peer2->input = peer1->output; + + peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; + ret = 0; + +exit: + + if (ret != 0) { + mbedtls_test_mock_socket_close(peer1); + mbedtls_test_mock_socket_close(peer2); + } + + return ret; +} + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); +} + +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); +} + +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + if (socket->output->capacity == socket->output->content_length) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); +} + +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + if (socket->input->content_length == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); +} + +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx) +{ + ctx->queue_input = NULL; + ctx->queue_output = NULL; + ctx->socket = NULL; +} + +/* + * Setup a given message socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) +{ + int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); + if (ret != 0) { + return ret; + } + ctx->queue_input = queue_input; + ctx->queue_output = queue_output; + ctx->socket = socket; + mbedtls_mock_socket_init(socket); + + return 0; +} + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx) +{ + if (ctx == NULL) { + return; + } + + mbedtls_test_ssl_message_queue_free(ctx->queue_input); + mbedtls_test_mock_socket_close(ctx->socket); + memset(ctx, 0, sizeof(*ctx)); +} + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_ssl_message_queue_push_info. + */ +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len) +{ + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; + + if (context == NULL || context->socket == NULL + || context->queue_output == NULL) { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_output; + socket = context->socket; + + if (queue->num >= queue->capacity) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { + return MBEDTLS_TEST_ERROR_SEND_FAILED; + } + + return mbedtls_test_ssl_message_queue_push_info(queue, len); +} + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. + */ +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len) +{ + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; + size_t drop_len = 0; + size_t msg_len; + int ret; + + if (context == NULL || context->socket == NULL + || context->queue_input == NULL) { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_input; + socket = context->socket; + + /* Peek first, so that in case of a socket error the data remains in + * the queue. */ + ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); + if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { + /* Calculate how much to drop */ + drop_len = msg_len - buf_len; + + /* Set the requested message len to be buffer length */ + msg_len = buf_len; + } else if (ret != 0) { + return ret; + } + + if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { + return MBEDTLS_TEST_ERROR_RECV_FAILED; + } + + if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { + /* Drop the remaining part of the message */ + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != + (int) drop_len) { + /* Inconsistent state - part of the message was read, + * and a part couldn't. Not much we can do here, but it should not + * happen in test environment, unless forced manually. */ + } + } + mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); + + return msg_len; +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_CERTS_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) + +/* + * Deinitializes certificates from endpoint represented by \p ep. + */ +void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) +{ + mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); + if (cert != NULL) { + if (cert->ca_cert != NULL) { + mbedtls_x509_crt_free(cert->ca_cert); + mbedtls_free(cert->ca_cert); + cert->ca_cert = NULL; + } + if (cert->cert != NULL) { + mbedtls_x509_crt_free(cert->cert); + mbedtls_free(cert->cert); + cert->cert = NULL; + } + if (cert->pkey != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { + mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; + psa_destroy_key(*key_slot); + } +#endif + mbedtls_pk_free(cert->pkey); + mbedtls_free(cert->pkey); + cert->pkey = NULL; + } + } +} + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg) +{ + int i = 0; + int ret = -1; + mbedtls_test_ssl_endpoint_certificate *cert = NULL; + + if (ep == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + cert = &(ep->cert); + ASSERT_ALLOC(cert->ca_cert, 1); + ASSERT_ALLOC(cert->cert, 1); + ASSERT_ALLOC(cert->pkey, 1); + + mbedtls_x509_crt_init(cert->ca_cert); + mbedtls_x509_crt_init(cert->cert); + mbedtls_pk_init(cert->pkey); + + /* Load the trusted CA */ + + for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { + ret = mbedtls_x509_crt_parse_der( + cert->ca_cert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i]); + TEST_ASSERT(ret == 0); + } + + /* Load own certificate and private key */ + + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + if (pk_alg == MBEDTLS_PK_RSA) { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0); + TEST_ASSERT(ret == 0); + } else { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0); + TEST_ASSERT(ret == 0); + } + } else { + if (pk_alg == MBEDTLS_PK_RSA) { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0); + TEST_ASSERT(ret == 0); + } else { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0); + TEST_ASSERT(ret == 0); + } + } + + mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, + cert->pkey); + TEST_ASSERT(ret == 0); + +exit: + if (ret != 0) { + mbedtls_endpoint_certificate_free(ep); + } + + return ret; +} + +/* + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and + * MBEDTLS_PK_ECDSA are supported. + * \p dtls_context - in case of DTLS - this is the context handling metadata. + * \p input_queue - used only in case of DTLS. + * \p output_queue - used only in case of DTLS. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + const mbedtls_ecp_group_id *curves) +{ + int ret = -1; + + if (dtls_context != NULL && + (input_queue == NULL || output_queue == NULL)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + if (ep == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + memset(ep, 0, sizeof(*ep)); + + ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; + + mbedtls_ssl_init(&(ep->ssl)); + mbedtls_ssl_config_init(&(ep->conf)); + mbedtls_ctr_drbg_init(&(ep->ctr_drbg)); + mbedtls_ssl_conf_rng(&(ep->conf), + mbedtls_ctr_drbg_random, + &(ep->ctr_drbg)); + mbedtls_entropy_init(&(ep->entropy)); + if (dtls_context != NULL) { + TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context) == 0); + } else { + mbedtls_mock_socket_init(&(ep->socket)); + } + + ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func, + &(ep->entropy), + (const unsigned char *) (ep->name), + strlen(ep->name)); + TEST_ASSERT(ret == 0); + + /* Non-blocking callbacks without timeout */ + if (dtls_context != NULL) { + mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + } else { + mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, + NULL); + } + + ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, + (dtls_context != NULL) ? + MBEDTLS_SSL_TRANSPORT_DATAGRAM : + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); + TEST_ASSERT(ret == 0); + +#if defined(MBEDTLS_ECP_C) + if (curves != NULL) { + mbedtls_ssl_conf_curves(&(ep->conf), curves); + } +#else + (void) curves; +#endif + + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); + TEST_ASSERT(ret == 0); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { + mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); + } +#endif + + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, pk_alg); + TEST_ASSERT(ret == 0); + +exit: + return ret; +} + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) +{ + mbedtls_endpoint_certificate_free(ep); + + mbedtls_ssl_free(&(ep->ssl)); + mbedtls_ssl_config_free(&(ep->conf)); + mbedtls_ctr_drbg_free(&(ep->ctr_drbg)); + mbedtls_entropy_free(&(ep->entropy)); + + if (context != NULL) { + mbedtls_test_message_socket_close(context); + } else { + mbedtls_test_mock_socket_close(&(ep->socket)); + } +} + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state) +{ + enum { BUFFSIZE = 1024 }; + int max_steps = 1000; + int ret = 0; + + if (ssl == NULL || second_ssl == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + /* Perform communication via connected sockets */ + while ((ssl->state != state) && (--max_steps >= 0)) { + /* If /p second_ssl ends the handshake procedure before /p ssl then + * there is no need to call the next step */ + if (second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + ret = mbedtls_ssl_handshake_step(second_ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + + /* We only care about the \p ssl state and returns, so we call it last, + * to leave the iteration as soon as the state is as expected. */ + ret = mbedtls_ssl_handshake_step(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + + return (max_steps >= 0) ? ret : -1; +} + +#endif \ + /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + +/* + * Write application data. Increase write counter if necessary. + */ +int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *written, + const int expected_fragments) +{ + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); + } + + int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); + if (ret > 0) { + *written += ret; + } + + if (expected_fragments == 0) { + /* Used for DTLS and the message size larger than MFL. In that case + * the message can not be fragmented and the library should return + * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned + * to prevent a dead loop inside mbedtls_exchange_data(). */ + return ret; + } else if (expected_fragments == 1) { + /* Used for TLS/DTLS and the message size lower than MFL */ + TEST_ASSERT(ret == buf_len || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } else { + /* Used for TLS and the message size larger than MFL */ + TEST_ASSERT(expected_fragments > 1); + TEST_ASSERT((ret >= 0 && ret <= buf_len) || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } + + return 0; + +exit: + /* Some of the tests failed */ + return -1; +} + +/* + * Read application data and increase read counter and fragments counter + * if necessary. + */ +int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *read, int *fragments, + const int expected_fragments) +{ + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); + } + + int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); + if (ret > 0) { + (*fragments)++; + *read += ret; + } + + if (expected_fragments == 0) { + TEST_ASSERT(ret == 0); + } else if (expected_fragments == 1) { + TEST_ASSERT(ret == buf_len || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } else { + TEST_ASSERT(expected_fragments > 1); + TEST_ASSERT((ret >= 0 && ret <= buf_len) || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } + + return 0; + +exit: + /* Some of the tests failed */ + return -1; +} + +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ + +#define CHK(x) \ + do \ + { \ + if (!(x)) \ + { \ + ret = -1; \ + goto cleanup; \ + } \ + } while (0) + +void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, + int *forced_ciphersuite) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + forced_ciphersuite[1] = 0; + + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); + + TEST_ASSERT(ciphersuite_info != NULL); + TEST_ASSERT(ciphersuite_info->min_minor_ver <= conf->max_minor_ver); + TEST_ASSERT(ciphersuite_info->max_minor_ver >= conf->min_minor_ver); + + if (conf->max_minor_ver > ciphersuite_info->max_minor_ver) { + conf->max_minor_ver = ciphersuite_info->max_minor_ver; + } + if (conf->min_minor_ver < ciphersuite_info->min_minor_ver) { + conf->min_minor_ver = ciphersuite_info->min_minor_ver; + } + + mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); + +exit: + return; +} + +int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) +{ + (void) p_info; + (void) ssl; + (void) name; + (void) name_len; + + return 0; +} + +#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX +#else +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX +#endif + +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, int ver, + size_t cid0_len, + size_t cid1_len) +{ + mbedtls_cipher_info_t const *cipher_info; + int ret = 0; + + size_t keylen, maclen, ivlen; + unsigned char *key0 = NULL, *key1 = NULL; + unsigned char *md0 = NULL, *md1 = NULL; + unsigned char iv_enc[16], iv_dec[16]; + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + unsigned char cid0[SSL_CID_LEN_MIN]; + unsigned char cid1[SSL_CID_LEN_MIN]; + + mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); + mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); +#else + ((void) cid0_len); + ((void) cid1_len); +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + maclen = 0; + + /* Pick cipher */ + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + CHK(cipher_info != NULL); + CHK(cipher_info->iv_size <= 16); + CHK(cipher_info->key_bitlen % 8 == 0); + + /* Pick keys */ + keylen = cipher_info->key_bitlen / 8; + /* Allocate `keylen + 1` bytes to ensure that we get + * a non-NULL pointers from `mbedtls_calloc` even if + * `keylen == 0` in the case of the NULL cipher. */ + CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); + CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); + memset(key0, 0x1, keylen); + memset(key1, 0x2, keylen); + + /* Setup cipher contexts */ + CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + if (cipher_info->mode == MBEDTLS_MODE_CBC) { + CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, + MBEDTLS_PADDING_NONE) == 0); + } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + + CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, + keylen << 3, MBEDTLS_ENCRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, + keylen << 3, MBEDTLS_DECRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, + keylen << 3, MBEDTLS_ENCRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, + keylen << 3, MBEDTLS_DECRYPT) == 0); + + /* Setup MAC contexts */ +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + if (cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_STREAM) { + mbedtls_md_info_t const *md_info; + + /* Pick hash */ + md_info = mbedtls_md_info_from_type(hash_id); + CHK(md_info != NULL); + + /* Pick hash keys */ + maclen = mbedtls_md_get_size(md_info); + CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); + CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); + memset(md0, 0x5, maclen); + memset(md1, 0x6, maclen); + + CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); + + if (ver > MBEDTLS_SSL_MINOR_VERSION_0) { + CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, + md0, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, + md1, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, + md1, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, + md0, maclen) == 0); + } +#if defined(MBEDTLS_SSL_PROTO_SSL3) + else { + memcpy(&t_in->mac_enc, md0, maclen); + memcpy(&t_in->mac_dec, md1, maclen); + memcpy(&t_out->mac_enc, md1, maclen); + memcpy(&t_out->mac_dec, md0, maclen); + } +#endif + } +#else + ((void) hash_id); +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ + + + /* Pick IV's (regardless of whether they + * are being used by the transform). */ + ivlen = cipher_info->iv_size; + memset(iv_enc, 0x3, sizeof(iv_enc)); + memset(iv_dec, 0x4, sizeof(iv_dec)); + + /* + * Setup transforms + */ + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + t_out->encrypt_then_mac = etm; + t_in->encrypt_then_mac = etm; +#else + ((void) etm); +#endif + + t_out->minor_ver = ver; + t_in->minor_ver = ver; + t_out->ivlen = ivlen; + t_in->ivlen = ivlen; + + switch (cipher_info->mode) { + case MBEDTLS_MODE_GCM: + case MBEDTLS_MODE_CCM: +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if (ver == MBEDTLS_SSL_MINOR_VERSION_4) { + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + } else +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + { + t_out->fixed_ivlen = 4; + t_in->fixed_ivlen = 4; + } + t_out->maclen = 0; + t_in->maclen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + ret = 1; + goto cleanup; + } + break; + + case MBEDTLS_MODE_CHACHAPOLY: + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + t_out->maclen = 0; + t_in->maclen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + ret = 1; + goto cleanup; + } + break; + + case MBEDTLS_MODE_STREAM: + case MBEDTLS_MODE_CBC: + t_out->fixed_ivlen = 0; /* redundant, must be 0 */ + t_in->fixed_ivlen = 0; /* redundant, must be 0 */ + t_out->taglen = 0; + t_in->taglen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->maclen = maclen; + t_in->maclen = maclen; + break; + case 1: /* Partial tag */ + t_out->maclen = 10; + t_in->maclen = 10; + break; + default: + ret = 1; + goto cleanup; + } + break; + default: + ret = 1; + goto cleanup; + break; + } + + /* Setup IV's */ + + memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); + memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); + memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); + memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* Add CID */ + memcpy(&t_in->in_cid, cid0, cid0_len); + memcpy(&t_in->out_cid, cid1, cid1_len); + t_in->in_cid_len = cid0_len; + t_in->out_cid_len = cid1_len; + memcpy(&t_out->in_cid, cid1, cid1_len); + memcpy(&t_out->out_cid, cid0, cid0_len); + t_out->in_cid_len = cid1_len; + t_out->out_cid_len = cid0_len; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + +cleanup: + + mbedtls_free(key0); + mbedtls_free(key1); + + mbedtls_free(md0); + mbedtls_free(md1); + + return ret; +} + +/* + * Populate a session structure for serialization tests. + * Choose dummy values, mostly non-0 to distinguish from the init default. + */ +int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) +{ +#if defined(MBEDTLS_HAVE_TIME) + session->start = mbedtls_time(NULL) - 42; +#endif + session->ciphersuite = 0xabcd; + session->compression = 1; + session->id_len = sizeof(session->id); + memset(session->id, 66, session->id_len); + memset(session->master, 17, sizeof(session->master)); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_CERTS_C) && \ + defined(MBEDTLS_FS_IO) + if (strlen(crt_file) != 0) { + mbedtls_x509_crt tmp_crt; + int ret; + + mbedtls_x509_crt_init(&tmp_crt); + ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); + if (ret != 0) { + return ret; + } + +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + /* Move temporary CRT. */ + session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); + if (session->peer_cert == NULL) { + return -1; + } + *session->peer_cert = tmp_crt; + memset(&tmp_crt, 0, sizeof(tmp_crt)); +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* Calculate digest of temporary CRT. */ + session->peer_cert_digest = + mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); + if (session->peer_cert_digest == NULL) { + return -1; + } + ret = mbedtls_md(mbedtls_md_info_from_type( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), + tmp_crt.raw.p, tmp_crt.raw.len, + session->peer_cert_digest); + if (ret != 0) { + return ret; + } + session->peer_cert_digest_type = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; + session->peer_cert_digest_len = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + + mbedtls_x509_crt_free(&tmp_crt); + } +#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */ + (void) crt_file; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */ + session->verify_result = 0xdeadbeef; + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + if (ticket_len != 0) { + session->ticket = mbedtls_calloc(1, ticket_len); + if (session->ticket == NULL) { + return -1; + } + memset(session->ticket, 33, ticket_len); + } + session->ticket_len = ticket_len; + session->ticket_lifetime = 86401; +#else + (void) ticket_len; +#endif + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + session->mfl_code = 1; +#endif +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) + session->trunc_hmac = 1; +#endif +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + session->encrypt_then_mac = 1; +#endif + + return 0; +} + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the + * message was sent in the correct number of fragments. + * + * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both + * of them must be initialized and connected + * beforehand. + * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. + * /p expected_fragments_1 and /p expected_fragments_2 determine in how many + * fragments the message should be sent. + * expected_fragments is 0: can be used for DTLS testing while the message + * size is larger than MFL. In that case the message + * cannot be fragmented and sent to the second + * endpoint. + * This value can be used for negative tests. + * expected_fragments is 1: can be used for TLS/DTLS testing while the + * message size is below MFL + * expected_fragments > 1: can be used for TLS testing while the message + * size is larger than MFL + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2) +{ + unsigned char *msg_buf_1 = malloc(msg_len_1); + unsigned char *msg_buf_2 = malloc(msg_len_2); + unsigned char *in_buf_1 = malloc(msg_len_2); + unsigned char *in_buf_2 = malloc(msg_len_1); + int msg_type, ret = -1; + + /* Perform this test with two message types. At first use a message + * consisting of only 0x00 for the client and only 0xFF for the server. + * At the second time use message with generated data */ + for (msg_type = 0; msg_type < 2; msg_type++) { + int written_1 = 0; + int written_2 = 0; + int read_1 = 0; + int read_2 = 0; + int fragments_1 = 0; + int fragments_2 = 0; + + if (msg_type == 0) { + memset(msg_buf_1, 0x00, msg_len_1); + memset(msg_buf_2, 0xff, msg_len_2); + } else { + int i, j = 0; + for (i = 0; i < msg_len_1; i++) { + msg_buf_1[i] = j++ & 0xFF; + } + for (i = 0; i < msg_len_2; i++) { + msg_buf_2[i] = (j -= 5) & 0xFF; + } + } + + while (read_1 < msg_len_2 || read_2 < msg_len_1) { + /* ssl_1 sending */ + if (msg_len_1 > written_1) { + ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, + msg_len_1, &written_1, + expected_fragments_1); + if (expected_fragments_1 == 0) { + /* This error is expected when the message is too large and + * cannot be fragmented */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + msg_len_1 = 0; + } else { + TEST_ASSERT(ret == 0); + } + } + + /* ssl_2 sending */ + if (msg_len_2 > written_2) { + ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, + msg_len_2, &written_2, + expected_fragments_2); + if (expected_fragments_2 == 0) { + /* This error is expected when the message is too large and + * cannot be fragmented */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + msg_len_2 = 0; + } else { + TEST_ASSERT(ret == 0); + } + } + + /* ssl_1 reading */ + if (read_1 < msg_len_2) { + ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, + msg_len_2, &read_1, + &fragments_2, + expected_fragments_2); + TEST_ASSERT(ret == 0); + } + + /* ssl_2 reading */ + if (read_2 < msg_len_1) { + ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, + msg_len_1, &read_2, + &fragments_1, + expected_fragments_1); + TEST_ASSERT(ret == 0); + } + } + + ret = -1; + TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); + TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); + TEST_ASSERT(fragments_1 == expected_fragments_1); + TEST_ASSERT(fragments_2 == expected_fragments_2); + } + + ret = 0; + +exit: + free(msg_buf_1); + free(in_buf_1); + free(msg_buf_2); + free(in_buf_2); + + return ret; +} + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints + * must be initialized and connected beforehand. + * + * \retval 0 on success, otherwise error code. + */ +int exchange_data(mbedtls_ssl_context *ssl_1, + mbedtls_ssl_context *ssl_2) +{ + return mbedtls_exchange_data(ssl_1, 256, 1, + ssl_2, 256, 1); +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_CERTS_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options) +{ + /* forced_ciphersuite needs to last until the end of the handshake */ + int forced_ciphersuite[2]; + enum { BUFFSIZE = 17000 }; + mbedtls_test_ssl_endpoint client, server; +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif +#if defined(MBEDTLS_TIMING_C) + mbedtls_timing_delay_context timer_client, timer_server; +#endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + unsigned char *context_buf = NULL; + size_t context_buf_len; +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + int ret = -1; +#endif + int expected_handshake_result = 0; + + USE_PSA_INIT(); + mbedtls_platform_zeroize(&client, sizeof(client)); + mbedtls_platform_zeroize(&server, sizeof(server)); + + mbedtls_test_ssl_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); + + /* Client side */ + if (options->dtls != 0) { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options->pk_alg, + &client_context, + &client_queue, + &server_queue, NULL) == 0); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options->pk_alg, NULL, NULL, + NULL, NULL) == 0); + } + + if (options->client_min_version != TEST_SSL_MINOR_VERSION_NONE) { + mbedtls_ssl_conf_min_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->client_min_version); + } + + if (options->client_max_version != TEST_SSL_MINOR_VERSION_NONE) { + mbedtls_ssl_conf_max_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->client_max_version); + } + + if (strlen(options->cipher) > 0) { + set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); + } + +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun) { + mbedtls_debug_set_threshold(4); + mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, + options->cli_log_obj); + } +#endif + + /* Server side */ + if (options->dtls != 0) { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options->pk_alg, + &server_context, + &server_queue, + &client_queue, NULL) == 0); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options->pk_alg, NULL, NULL, + NULL, NULL) == 0); + } + + mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + + if (options->server_min_version != TEST_SSL_MINOR_VERSION_NONE) { + mbedtls_ssl_conf_min_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->server_min_version); + } + + if (options->server_max_version != TEST_SSL_MINOR_VERSION_NONE) { + mbedtls_ssl_conf_max_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->server_max_version); + } + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), + (unsigned char) options->mfl) + == 0); + TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), + (unsigned char) options->mfl) + == 0); +#else + TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_ASSERT(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); + + TEST_ASSERT(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); + + mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); + } +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&(server.conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_renegotiation(&(client.conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + + mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), + options->legacy_renegotiation); + mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + +#if defined(MBEDTLS_DEBUG_C) + if (options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, + options->srv_log_obj); + } +#endif + + TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE) == 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + + if (options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE) { + expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; + } + + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER) + == expected_handshake_result); + + if (expected_handshake_result != 0) { + /* Connection will have failed by this point, skip to cleanup */ + goto exit; + } + + TEST_ASSERT(client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER); + TEST_ASSERT(server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER); + + /* Check that we agree on the version... */ + TEST_ASSERT(client.ssl.minor_ver == server.ssl.minor_ver); + + /* And check that the version negotiated is the expected one. */ + TEST_EQUAL(client.ssl.minor_ver, options->expected_negotiated_version); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + if (options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 && + options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1) { + /* A server, when using DTLS, might delay a buffer resize to happen + * after it receives a message, so we force it. */ + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + + TEST_ASSERT(client.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_ASSERT(client.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } + } +#endif + + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + /* Start data exchanging test */ + TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments) + == 0); + } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if (options->serialize == 1) { + TEST_ASSERT(options->dtls == 1); + + TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, + 0, &context_buf_len) + == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + + context_buf = mbedtls_calloc(1, context_buf_len); + TEST_ASSERT(context_buf != NULL); + + TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, + context_buf_len, + &context_buf_len) + == 0); + + mbedtls_ssl_free(&(server.ssl)); + mbedtls_ssl_init(&(server.ssl)); + + TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); + + mbedtls_ssl_set_bio(&(server.ssl), &server_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, + context_buf_len) == 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after context deserialization */ + if (options->resize_buffers != 0) { + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif + /* Retest writing/reading */ + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + TEST_ASSERT(mbedtls_exchange_data( + &(client.ssl), + options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), + options->srv_msg_len, + options->expected_srv_fragments) + == 0); + } + } +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + /* Start test with renegotiation */ + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + /* After calling this function for the server, it only sends a handshake + * request. All renegotiation should happen during data exchanging */ + TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ + ret = mbedtls_ssl_renegotiate(&(client.ssl)); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(ret == 0 || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after renegotiation */ + if (options->resize_buffers != 0) { + TEST_ASSERT(client.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_ASSERT(client.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + +exit: + mbedtls_test_ssl_endpoint_free(&client, + options->dtls != 0 ? &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, + options->dtls != 0 ? &server_context : NULL); +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(0); + } +#endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if (context_buf != NULL) { + mbedtls_free(context_buf); + } +#endif +} +#endif \ + /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4949572b0..b765af086 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -23,1948 +23,6 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) -{ - mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; - - (void) level; - (void) line; - (void) file; - - if (NULL != p && - NULL != p->pattern && - NULL != strstr(str, p->pattern)) { - p->counter++; - } -} - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ - opts->cipher = ""; - opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; - opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE; - opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE; - opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE; - opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3; - opts->pk_alg = MBEDTLS_PK_RSA; - opts->psk_str = NULL; - opts->dtls = 0; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->serialize = 0; - opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; - opts->cli_msg_len = 100; - opts->srv_msg_len = 100; - opts->expected_cli_fragments = 1; - opts->expected_srv_fragments = 1; - opts->renegotiate = 0; - opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->srv_log_obj = NULL; - opts->srv_log_obj = NULL; - opts->srv_log_fun = NULL; - opts->cli_log_fun = NULL; - opts->resize_buffers = 1; -} - -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) -{ - memset(buf, 0, sizeof(*buf)); -} - -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity) -{ - buf->buffer = (unsigned char *) mbedtls_calloc(capacity, - sizeof(unsigned char)); - if (NULL == buf->buffer) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - buf->capacity = capacity; - - return 0; -} - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) -{ - if (buf->buffer != NULL) { - mbedtls_free(buf->buffer); - } - - memset(buf, 0, sizeof(*buf)); -} - -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - /* Reduce input_len to a number that fits in the buffer. */ - if ((buf->content_length + input_len) > buf->capacity) { - input_len = buf->capacity - buf->content_length; - } - - if (input == NULL) { - return (input_len == 0) ? 0 : -1; - } - - /* Check if the buffer has not come full circle and free space is not in - * the middle */ - if (buf->start + buf->content_length < buf->capacity) { - - /* Calculate the number of bytes that need to be placed at lower memory - * address */ - if (buf->start + buf->content_length + input_len - > buf->capacity) { - overflow = (buf->start + buf->content_length + input_len) - % buf->capacity; - } - - memcpy(buf->buffer + buf->start + buf->content_length, input, - input_len - overflow); - memcpy(buf->buffer, input + input_len - overflow, overflow); - - } else { - /* The buffer has come full circle and free space is in the middle */ - memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, - input, input_len); - } - - buf->content_length += input_len; - return input_len; -} - -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - if (output == NULL && output_len == 0) { - return 0; - } - - if (buf->content_length < output_len) { - output_len = buf->content_length; - } - - /* Calculate the number of bytes that need to be drawn from lower memory - * address */ - if (buf->start + output_len > buf->capacity) { - overflow = (buf->start + output_len) % buf->capacity; - } - - if (output != NULL) { - memcpy(output, buf->buffer + buf->start, output_len - overflow); - memcpy(output + output_len - overflow, buf->buffer, overflow); - } - - buf->content_length -= output_len; - buf->start = (buf->start + output_len) % buf->capacity; - - return output_len; -} - -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity) -{ - queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); - if (NULL == queue->messages) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - queue->capacity = capacity; - queue->pos = 0; - queue->num = 0; - - return 0; -} - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue) -{ - if (queue == NULL) { - return; - } - - if (queue->messages != NULL) { - mbedtls_free(queue->messages); - } - - memset(queue, 0, sizeof(*queue)); -} - -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len) -{ - int place; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - place = (queue->pos + queue->num) % queue->capacity; - queue->messages[place] = len; - queue->num++; - return len; -} - -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len) -{ - size_t message_length; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - message_length = queue->messages[queue->pos]; - queue->messages[queue->pos] = 0; - queue->num--; - queue->pos++; - queue->pos %= queue->capacity; - if (queue->pos < 0) { - queue->pos += queue->capacity; - } - - return (message_length > buf_len) ? buf_len : message_length; -} - -/* - * Take a peek on the info about the next message length from the queue. - * This will be the oldest inserted message length(fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval 0, if the peek was successful. - * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is - * too small to fit the message. In this case the \p msg_len will be - * set to the full message length so that the - * caller knows what portion of the message can be dropped. - */ -int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) -{ - if (queue == NULL || msg_len == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - *msg_len = queue->messages[queue->pos]; - return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; -} - -/* - * Setup and teardown functions for mock sockets. - */ -void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) -{ - memset(socket, 0, sizeof(*socket)); -} - -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) -{ - if (socket == NULL) { - return; - } - - if (socket->input != NULL) { - mbedtls_test_ssl_buffer_free(socket->input); - mbedtls_free(socket->input); - } - - if (socket->output != NULL) { - mbedtls_test_ssl_buffer_free(socket->output); - mbedtls_free(socket->output); - } - - if (socket->peer != NULL) { - memset(socket->peer, 0, sizeof(*socket->peer)); - } - - memset(socket, 0, sizeof(*socket)); -} - -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) -{ - int ret = -1; - - peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer1->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { - goto exit; - } - - peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer2->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { - goto exit; - } - - peer1->peer = peer2; - peer2->peer = peer1; - peer1->input = peer2->output; - peer2->input = peer1->output; - - peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; - ret = 0; - -exit: - - if (ret != 0) { - mbedtls_test_mock_socket_close(peer1); - mbedtls_test_mock_socket_close(peer2); - } - - return ret; -} - -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ - -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ - -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->output->capacity == socket->output->content_length) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->input->content_length == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx) -{ - ctx->queue_input = NULL; - ctx->queue_output = NULL; - ctx->socket = NULL; -} - -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) -{ - int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); - if (ret != 0) { - return ret; - } - ctx->queue_input = queue_input; - ctx->queue_output = queue_output; - ctx->socket = socket; - mbedtls_mock_socket_init(socket); - - return 0; -} - -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_test_ssl_message_queue_free(ctx->queue_input); - mbedtls_test_mock_socket_close(ctx->socket); - memset(ctx, 0, sizeof(*ctx)); -} - -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - - if (context == NULL || context->socket == NULL - || context->queue_output == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_output; - socket = context->socket; - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { - return MBEDTLS_TEST_ERROR_SEND_FAILED; - } - - return mbedtls_test_ssl_message_queue_push_info(queue, len); -} - -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. - */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - size_t drop_len = 0; - size_t msg_len; - int ret; - - if (context == NULL || context->socket == NULL - || context->queue_input == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_input; - socket = context->socket; - - /* Peek first, so that in case of a socket error the data remains in - * the queue. */ - ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Calculate how much to drop */ - drop_len = msg_len - buf_len; - - /* Set the requested message len to be buffer length */ - msg_len = buf_len; - } else if (ret != 0) { - return ret; - } - - if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { - return MBEDTLS_TEST_ERROR_RECV_FAILED; - } - - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != - (int) drop_len) { - /* Inconsistent state - part of the message was read, - * and a part couldn't. Not much we can do here, but it should not - * happen in test environment, unless forced manually. */ - } - } - mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - - return msg_len; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_CERTS_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - -/* - * Deinitializes certificates from endpoint represented by \p ep. - */ -void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) -{ - mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); - if (cert != NULL) { - if (cert->ca_cert != NULL) { - mbedtls_x509_crt_free(cert->ca_cert); - mbedtls_free(cert->ca_cert); - cert->ca_cert = NULL; - } - if (cert->cert != NULL) { - mbedtls_x509_crt_free(cert->cert); - mbedtls_free(cert->cert); - cert->cert = NULL; - } - if (cert->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; - psa_destroy_key(*key_slot); - } -#endif - mbedtls_pk_free(cert->pkey); - mbedtls_free(cert->pkey); - cert->pkey = NULL; - } - } -} - -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg) -{ - int i = 0; - int ret = -1; - mbedtls_test_ssl_endpoint_certificate *cert = NULL; - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert = &(ep->cert); - ASSERT_ALLOC(cert->ca_cert, 1); - ASSERT_ALLOC(cert->cert, 1); - ASSERT_ALLOC(cert->pkey, 1); - - mbedtls_x509_crt_init(cert->ca_cert); - mbedtls_x509_crt_init(cert->cert); - mbedtls_pk_init(cert->pkey); - - /* Load the trusted CA */ - - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der( - cert->ca_cert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - TEST_ASSERT(ret == 0); - } - - /* Load own certificate and private key */ - - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0); - TEST_ASSERT(ret == 0); - } - } else { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0); - TEST_ASSERT(ret == 0); - } - } - - mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - -exit: - if (ret != 0) { - mbedtls_endpoint_certificate_free(ep); - } - - return ret; -} - -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - const mbedtls_ecp_group_id *curves) -{ - int ret = -1; - - if (dtls_context != NULL && - (input_queue == NULL || output_queue == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(ep, 0, sizeof(*ep)); - - ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; - - mbedtls_ssl_init(&(ep->ssl)); - mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ctr_drbg_init(&(ep->ctr_drbg)); - mbedtls_ssl_conf_rng(&(ep->conf), - mbedtls_ctr_drbg_random, - &(ep->ctr_drbg)); - mbedtls_entropy_init(&(ep->entropy)); - if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); - } else { - mbedtls_mock_socket_init(&(ep->socket)); - } - - ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func, - &(ep->entropy), - (const unsigned char *) (ep->name), - strlen(ep->name)); - TEST_ASSERT(ret == 0); - - /* Non-blocking callbacks without timeout */ - if (dtls_context != NULL) { - mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - (dtls_context != NULL) ? - MBEDTLS_SSL_TRANSPORT_DATAGRAM : - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - TEST_ASSERT(ret == 0); - -#if defined(MBEDTLS_ECP_C) - if (curves != NULL) { - mbedtls_ssl_conf_curves(&(ep->conf), curves); - } -#else - (void) curves; -#endif - - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_ASSERT(ret == 0); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { - mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); - } -#endif - - ret = mbedtls_test_ssl_endpoint_certificate_init(ep, pk_alg); - TEST_ASSERT(ret == 0); - -exit: - return ret; -} - -/* - * Deinitializes endpoint represented by \p ep. - */ -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) -{ - mbedtls_endpoint_certificate_free(ep); - - mbedtls_ssl_free(&(ep->ssl)); - mbedtls_ssl_config_free(&(ep->conf)); - mbedtls_ctr_drbg_free(&(ep->ctr_drbg)); - mbedtls_entropy_free(&(ep->entropy)); - - if (context != NULL) { - mbedtls_test_message_socket_close(context); - } else { - mbedtls_test_mock_socket_close(&(ep->socket)); - } -} - -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) -{ - enum { BUFFSIZE = 1024 }; - int max_steps = 1000; - int ret = 0; - - if (ssl == NULL || second_ssl == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Perform communication via connected sockets */ - while ((ssl->state != state) && (--max_steps >= 0)) { - /* If /p second_ssl ends the handshake procedure before /p ssl then - * there is no need to call the next step */ - if (second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake_step(second_ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - /* We only care about the \p ssl state and returns, so we call it last, - * to leave the iteration as soon as the state is as expected. */ - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - return (max_steps >= 0) ? ret : -1; -} - -#endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - -/* - * Write application data. Increase write counter if necessary. - */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *written, - const int expected_fragments) -{ - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); - } - - int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); - if (ret > 0) { - *written += ret; - } - - if (expected_fragments == 0) { - /* Used for DTLS and the message size larger than MFL. In that case - * the message can not be fragmented and the library should return - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_exchange_data(). */ - return ret; - } else if (expected_fragments == 1) { - /* Used for TLS/DTLS and the message size lower than MFL */ - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - /* Used for TLS and the message size larger than MFL */ - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Read application data and increase read counter and fragments counter - * if necessary. - */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *read, int *fragments, - const int expected_fragments) -{ - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); - } - - int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); - if (ret > 0) { - (*fragments)++; - *read += ret; - } - - if (expected_fragments == 0) { - TEST_ASSERT(ret == 0); - } else if (expected_fragments == 1) { - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ - -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - -void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - forced_ciphersuite[1] = 0; - - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_minor_ver <= conf->max_minor_ver); - TEST_ASSERT(ciphersuite_info->max_minor_ver >= conf->min_minor_ver); - - if (conf->max_minor_ver > ciphersuite_info->max_minor_ver) { - conf->max_minor_ver = ciphersuite_info->max_minor_ver; - } - if (conf->min_minor_ver < ciphersuite_info->min_minor_ver) { - conf->min_minor_ver = ciphersuite_info->min_minor_ver; - } - - mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); - -exit: - return; -} - -int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} - -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - size_t cid0_len, - size_t cid1_len) -{ - mbedtls_cipher_info_t const *cipher_info; - int ret = 0; - - size_t keylen, maclen, ivlen; - unsigned char *key0 = NULL, *key1 = NULL; - unsigned char *md0 = NULL, *md1 = NULL; - unsigned char iv_enc[16], iv_dec[16]; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid0[SSL_CID_LEN_MIN]; - unsigned char cid1[SSL_CID_LEN_MIN]; - - mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); - mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); -#else - ((void) cid0_len); - ((void) cid1_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - maclen = 0; - - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type(cipher_type); - CHK(cipher_info != NULL); - CHK(cipher_info->iv_size <= 16); - CHK(cipher_info->key_bitlen % 8 == 0); - - /* Pick keys */ - keylen = cipher_info->key_bitlen / 8; - /* Allocate `keylen + 1` bytes to ensure that we get - * a non-NULL pointers from `mbedtls_calloc` even if - * `keylen == 0` in the case of the NULL cipher. */ - CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); - CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); - memset(key0, 0x1, keylen); - memset(key1, 0x2, keylen); - - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_info->mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - keylen << 3, MBEDTLS_ENCRYPT) == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - keylen << 3, MBEDTLS_DECRYPT) == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - keylen << 3, MBEDTLS_ENCRYPT) == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - keylen << 3, MBEDTLS_DECRYPT) == 0); - - /* Setup MAC contexts */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if (cipher_info->mode == MBEDTLS_MODE_CBC || - cipher_info->mode == MBEDTLS_MODE_STREAM) { - mbedtls_md_info_t const *md_info; - - /* Pick hash */ - md_info = mbedtls_md_info_from_type(hash_id); - CHK(md_info != NULL); - - /* Pick hash keys */ - maclen = mbedtls_md_get_size(md_info); - CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); - CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); - memset(md0, 0x5, maclen); - memset(md1, 0x6, maclen); - - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - if (ver > MBEDTLS_SSL_MINOR_VERSION_0) { - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); - } -#if defined(MBEDTLS_SSL_PROTO_SSL3) - else { - memcpy(&t_in->mac_enc, md0, maclen); - memcpy(&t_in->mac_dec, md1, maclen); - memcpy(&t_out->mac_enc, md1, maclen); - memcpy(&t_out->mac_dec, md0, maclen); - } -#endif - } -#else - ((void) hash_id); -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ - - - /* Pick IV's (regardless of whether they - * are being used by the transform). */ - ivlen = cipher_info->iv_size; - memset(iv_enc, 0x3, sizeof(iv_enc)); - memset(iv_dec, 0x4, sizeof(iv_dec)); - - /* - * Setup transforms - */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - t_out->encrypt_then_mac = etm; - t_in->encrypt_then_mac = etm; -#else - ((void) etm); -#endif - - t_out->minor_ver = ver; - t_in->minor_ver = ver; - t_out->ivlen = ivlen; - t_in->ivlen = ivlen; - - switch (cipher_info->mode) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if (ver == MBEDTLS_SSL_MINOR_VERSION_4) { - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ - { - t_out->fixed_ivlen = 4; - t_in->fixed_ivlen = 4; - } - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_CHACHAPOLY: - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_STREAM: - case MBEDTLS_MODE_CBC: - t_out->fixed_ivlen = 0; /* redundant, must be 0 */ - t_in->fixed_ivlen = 0; /* redundant, must be 0 */ - t_out->taglen = 0; - t_in->taglen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->maclen = maclen; - t_in->maclen = maclen; - break; - case 1: /* Partial tag */ - t_out->maclen = 10; - t_in->maclen = 10; - break; - default: - ret = 1; - goto cleanup; - } - break; - default: - ret = 1; - goto cleanup; - break; - } - - /* Setup IV's */ - - memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); - memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Add CID */ - memcpy(&t_in->in_cid, cid0, cid0_len); - memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = cid0_len; - t_in->out_cid_len = cid1_len; - memcpy(&t_out->in_cid, cid1, cid1_len); - memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = cid1_len; - t_out->out_cid_len = cid0_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -cleanup: - - mbedtls_free(key0); - mbedtls_free(key1); - - mbedtls_free(md0); - mbedtls_free(md1); - - return ret; -} - -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ -int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, - int ticket_len, - const char *crt_file) -{ -#if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_time(NULL) - 42; -#endif - session->ciphersuite = 0xabcd; - session->compression = 1; - session->id_len = sizeof(session->id); - memset(session->id, 66, session->id_len); - memset(session->master, 17, sizeof(session->master)); - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_CERTS_C) && \ - defined(MBEDTLS_FS_IO) - if (strlen(crt_file) != 0) { - mbedtls_x509_crt tmp_crt; - int ret; - - mbedtls_x509_crt_init(&tmp_crt); - ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); - if (ret != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Move temporary CRT. */ - session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); - if (session->peer_cert == NULL) { - return -1; - } - *session->peer_cert = tmp_crt; - memset(&tmp_crt, 0, sizeof(tmp_crt)); -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Calculate digest of temporary CRT. */ - session->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (session->peer_cert_digest == NULL) { - return -1; - } - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); - if (ret != 0) { - return ret; - } - session->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - session->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_x509_crt_free(&tmp_crt); - } -#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */ - (void) crt_file; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */ - session->verify_result = 0xdeadbeef; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } - session->ticket_len = ticket_len; - session->ticket_lifetime = 86401; -#else - (void) ticket_len; -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - session->mfl_code = 1; -#endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - session->trunc_hmac = 1; -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - session->encrypt_then_mac = 1; -#endif - - return 0; -} - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) -{ - unsigned char *msg_buf_1 = malloc(msg_len_1); - unsigned char *msg_buf_2 = malloc(msg_len_2); - unsigned char *in_buf_1 = malloc(msg_len_2); - unsigned char *in_buf_2 = malloc(msg_len_1); - int msg_type, ret = -1; - - /* Perform this test with two message types. At first use a message - * consisting of only 0x00 for the client and only 0xFF for the server. - * At the second time use message with generated data */ - for (msg_type = 0; msg_type < 2; msg_type++) { - int written_1 = 0; - int written_2 = 0; - int read_1 = 0; - int read_2 = 0; - int fragments_1 = 0; - int fragments_2 = 0; - - if (msg_type == 0) { - memset(msg_buf_1, 0x00, msg_len_1); - memset(msg_buf_2, 0xff, msg_len_2); - } else { - int i, j = 0; - for (i = 0; i < msg_len_1; i++) { - msg_buf_1[i] = j++ & 0xFF; - } - for (i = 0; i < msg_len_2; i++) { - msg_buf_2[i] = (j -= 5) & 0xFF; - } - } - - while (read_1 < msg_len_2 || read_2 < msg_len_1) { - /* ssl_1 sending */ - if (msg_len_1 > written_1) { - ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, - msg_len_1, &written_1, - expected_fragments_1); - if (expected_fragments_1 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_1 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_2 sending */ - if (msg_len_2 > written_2) { - ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, - msg_len_2, &written_2, - expected_fragments_2); - if (expected_fragments_2 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_2 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_1 reading */ - if (read_1 < msg_len_2) { - ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, - msg_len_2, &read_1, - &fragments_2, - expected_fragments_2); - TEST_ASSERT(ret == 0); - } - - /* ssl_2 reading */ - if (read_2 < msg_len_1) { - ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, - msg_len_1, &read_2, - &fragments_1, - expected_fragments_1); - TEST_ASSERT(ret == 0); - } - } - - ret = -1; - TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_ASSERT(fragments_1 == expected_fragments_1); - TEST_ASSERT(fragments_2 == expected_fragments_2); - } - - ret = 0; - -exit: - free(msg_buf_1); - free(in_buf_1); - free(msg_buf_2); - free(in_buf_2); - - return ret; -} - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints - * must be initialized and connected beforehand. - * - * \retval 0 on success, otherwise error code. - */ -int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) -{ - return mbedtls_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); -} - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_CERTS_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options) -{ - /* forced_ciphersuite needs to last until the end of the handshake */ - int forced_ciphersuite[2]; - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int ret = -1; -#endif - int expected_handshake_result = 0; - - USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - - /* Client side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options->pk_alg, - &client_context, - &client_queue, - &server_queue, NULL) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options->pk_alg, NULL, NULL, - NULL, NULL) == 0); - } - - if (options->client_min_version != TEST_SSL_MINOR_VERSION_NONE) { - mbedtls_ssl_conf_min_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->client_min_version); - } - - if (options->client_max_version != TEST_SSL_MINOR_VERSION_NONE) { - mbedtls_ssl_conf_max_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->client_max_version); - } - - if (strlen(options->cipher) > 0) { - set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); - } - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, - options->cli_log_obj); - } -#endif - - /* Server side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options->pk_alg, - &server_context, - &server_queue, - &client_queue, NULL) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options->pk_alg, NULL, NULL, - NULL, NULL) == 0); - } - - mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); - - if (options->server_min_version != TEST_SSL_MINOR_VERSION_NONE) { - mbedtls_ssl_conf_min_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->server_min_version); - } - - if (options->server_max_version != TEST_SSL_MINOR_VERSION_NONE) { - mbedtls_ssl_conf_max_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->server_max_version); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) - == 0); -#else - TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - TEST_ASSERT(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_DEBUG_C) - if (options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, - options->srv_log_obj); - } -#endif - - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - - if (options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE) { - expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; - } - - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER) - == expected_handshake_result); - - if (expected_handshake_result != 0) { - /* Connection will have failed by this point, skip to cleanup */ - goto exit; - } - - TEST_ASSERT(client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER); - TEST_ASSERT(server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER); - - /* Check that we agree on the version... */ - TEST_ASSERT(client.ssl.minor_ver == server.ssl.minor_ver); - - /* And check that the version negotiated is the expected one. */ - TEST_EQUAL(client.ssl.minor_ver, options->expected_negotiated_version); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - if (options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 && - options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1) { - /* A server, when using DTLS, might delay a buffer resize to happen - * after it receives a message, so we force it. */ - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } - } -#endif - - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (options->serialize == 1) { - TEST_ASSERT(options->dtls == 1); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, - 0, &context_buf_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, - context_buf_len, - &context_buf_len) - == 0); - - mbedtls_ssl_free(&(server.ssl)); - mbedtls_ssl_init(&(server.ssl)); - - TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); - - mbedtls_ssl_set_bio(&(server.ssl), &server_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, - context_buf_len) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_exchange_data( - &(client.ssl), - options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), - options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - /* Start test with renegotiation */ - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client.ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -exit: - mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? &server_context : NULL); -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(0); - } -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_free(context_buf); - } -#endif -} -#endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - /* END_HEADER */ /* BEGIN_DEPENDENCIES From 4323e459e99fd2cfc2cc0df0420c523c9fb2d97b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Mar 2023 16:52:06 +0800 Subject: [PATCH 08/14] Resolve build errors for ssl_helpers.c and test_suite_ssl.c Since we move many functions from test_suite_ssl.function to ssl_helpers.c in commit bd56b03. This causes various of build errors. This commit fixes all the build errors by - including header files - providing function definition - adding guards for typedef statements and functions Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 339 ++++++++++++++++++++++++++- tests/src/ssl_helpers.c | 9 +- tests/suites/test_suite_ssl.function | 5 - 3 files changed, 340 insertions(+), 13 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 30a9823fd..7141a8403 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -23,11 +23,25 @@ #ifndef SSL_HELPERS_H #define SSL_HELPERS_H -#include +#include -#include +#include +#include +#include +#include + +#if defined(MBEDTLS_SSL_TLS_C) +#include #include #include +#include +#include +#include +#include + +#if defined(MBEDTLS_SSL_CACHE_C) +#include "mbedtls/ssl_cache.h" +#endif typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; @@ -145,4 +159,325 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +/* + * This function can be passed to mbedtls to receive output logs from it. In + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. + */ +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str); + +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts); + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_free()` on \p buf. + */ +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. + */ +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity); + +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); + +/* + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len); + +/* + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL or it hasn't been set up. + */ +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len); + +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity); + +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue); + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len); + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len); + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket); + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacities of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize); + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len); + +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); + +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len); + +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); + +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx); + +/* + * Setup a given message socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx); + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx); + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_ssl_message_queue_push_info. + */ +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len); + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. + */ +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_CERTS_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg); + +/* + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and + * MBEDTLS_PK_ECDSA are supported. + * \p dtls_context - in case of DTLS - this is the context handling metadata. + * \p input_queue - used only in case of DTLS. + * \p output_queue - used only in case of DTLS. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + const mbedtls_ecp_group_id *curves); + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context); + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state); + +#endif \ + /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, int ver, + size_t cid0_len, + size_t cid1_len); + +/* + * Populate a session structure for serialization tests. + * Choose dummy values, mostly non-0 to distinguish from the init default. + */ +int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file); + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the + * message was sent in the correct number of fragments. + * + * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both + * of them must be initialized and connected + * beforehand. + * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. + * /p expected_fragments_1 and /p expected_fragments_2 determine in how many + * fragments the message should be sent. + * expected_fragments is 0: can be used for DTLS testing while the message + * size is larger than MFL. In that case the message + * cannot be fragmented and sent to the second + * endpoint. + * This value can be used for negative tests. + * expected_fragments is 1: can be used for TLS/DTLS testing while the + * message size is below MFL + * expected_fragments > 1: can be used for TLS testing while the message + * size is larger than MFL + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_CERTS_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options); +#endif \ + /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_TLS_C */ + #endif /* SSL_HELPERS_H */ diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c index a55664415..242751fbe 100644 --- a/tests/src/ssl_helpers.c +++ b/tests/src/ssl_helpers.c @@ -22,6 +22,8 @@ #include +#if defined(MBEDTLS_SSL_TLS_C) + /* * This function can be passed to mbedtls to receive output logs from it. In * this case, it will count the instances of a mbedtls_test_ssl_log_pattern @@ -209,12 +211,6 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return output_len; } -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - /* * Setup and free functions for the message metadata queue. * @@ -1964,3 +1960,4 @@ exit: #endif \ /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b765af086..0b30f8d23 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1,9 +1,4 @@ /* BEGIN_HEADER */ -#include -#include -#include -#include -#include #include #include From 1ef77c01c47aa7baf88a35b5934acc23eb1ce9c1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Mar 2023 16:59:00 +0800 Subject: [PATCH 09/14] ssl_helpers.c: remove duplicate comments for some functions Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 25 +++- tests/src/ssl_helpers.c | 220 +------------------------------ 2 files changed, 24 insertions(+), 221 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 7141a8403..9880b4e23 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -424,9 +424,24 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, mbedtls_ssl_context *second_ssl, int state); -#endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ + +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ + +#define CHK(x) \ + do \ + { \ + if (!(x)) \ + { \ + ret = -1; \ + goto cleanup; \ + } \ + } while (0) int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, @@ -476,8 +491,8 @@ int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, defined(MBEDTLS_CTR_DRBG_C) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options); -#endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ #endif /* MBEDTLS_SSL_TLS_C */ #endif /* SSL_HELPERS_H */ diff --git a/tests/src/ssl_helpers.c b/tests/src/ssl_helpers.c index 242751fbe..c7e6304c7 100644 --- a/tests/src/ssl_helpers.c +++ b/tests/src/ssl_helpers.c @@ -24,11 +24,6 @@ #if defined(MBEDTLS_SSL_TLS_C) -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, const char *str) @@ -74,20 +69,11 @@ void mbedtls_test_init_handshake_options( opts->resize_buffers = 1; } -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { @@ -110,17 +96,6 @@ void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) memset(buf, 0, sizeof(*buf)); } -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, const unsigned char *input, size_t input_len) { @@ -165,18 +140,6 @@ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, return input_len; } -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, unsigned char *output, size_t output_len) { @@ -211,15 +174,6 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return output_len; } -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ int mbedtls_test_ssl_message_queue_setup( mbedtls_test_ssl_message_queue *queue, size_t capacity) { @@ -249,14 +203,6 @@ void mbedtls_test_ssl_message_queue_free( memset(queue, 0, sizeof(*queue)); } -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ int mbedtls_test_ssl_message_queue_push_info( mbedtls_test_ssl_message_queue *queue, size_t len) { @@ -275,16 +221,6 @@ int mbedtls_test_ssl_message_queue_push_info( return len; } -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ int mbedtls_test_ssl_message_queue_pop_info( mbedtls_test_ssl_message_queue *queue, size_t buf_len) { @@ -334,27 +270,11 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -/* - * Setup and teardown functions for mock sockets. - */ void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { @@ -378,16 +298,6 @@ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) memset(socket, 0, sizeof(*socket)); } -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, mbedtls_test_mock_socket *peer2, size_t bufsize) @@ -436,10 +346,6 @@ exit: return ret; } -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ - int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { @@ -463,10 +369,6 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ - int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { @@ -506,15 +408,6 @@ void mbedtls_test_message_socket_init( ctx->socket = NULL; } -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ int mbedtls_test_message_socket_setup( mbedtls_test_ssl_message_queue *queue_input, mbedtls_test_ssl_message_queue *queue_output, @@ -534,10 +427,6 @@ int mbedtls_test_message_socket_setup( return 0; } -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ void mbedtls_test_message_socket_close( mbedtls_test_message_socket_context *ctx) { @@ -550,19 +439,6 @@ void mbedtls_test_message_socket_close( memset(ctx, 0, sizeof(*ctx)); } -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { @@ -590,20 +466,6 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, return mbedtls_test_ssl_message_queue_push_info(queue, len); } -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. - */ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { @@ -690,12 +552,6 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) } } -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg) { @@ -796,21 +652,6 @@ exit: return ret; } -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg, mbedtls_test_message_socket_context *dtls_context, @@ -898,9 +739,6 @@ exit: return ret; } -/* - * Deinitializes endpoint represented by \p ep. - */ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) @@ -919,13 +757,6 @@ void mbedtls_test_ssl_endpoint_free( } } -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, mbedtls_ssl_context *second_ssl, int state) @@ -962,9 +793,8 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, return (max_steps >= 0) ? ret : -1; } -#endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ /* * Write application data. Increase write counter if necessary. @@ -1052,22 +882,6 @@ exit: return -1; } -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ - -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, int *forced_ciphersuite) { @@ -1359,10 +1173,6 @@ cleanup: return ret; } -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) @@ -1451,28 +1261,6 @@ int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session, return 0; } -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, int msg_len_1, const int expected_fragments_1, mbedtls_ssl_context *ssl_2, @@ -1957,7 +1745,7 @@ exit: } #endif } -#endif \ - /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ #endif /* MBEDTLS_SSL_TLS_C */ From 3742b1211d0ca5e17d43122a5bc073315cc83509 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 28 Oct 2022 11:49:33 +0800 Subject: [PATCH 10/14] Fix build errors in CMake tests/src/ssl_helpers.c depends on functions defined in library/*.c. If it's complied as an OBJECT with other c files, cmake complains undefined reference in link stage under programs/. Therefore, tests/src/test_helpers/ is created to hold c files with dependency of library/*.c. Besides, tests/src/test_helper/*.c is separated into another OBJECT, mbedtls_test_helpers, as sources to build all test suite executables. In addition, everest header directory is included in case MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is enabled. Signed-off-by: Yanray Wang --- CMakeLists.txt | 13 ++++++++++++- tests/CMakeLists.txt | 4 +++- tests/Makefile | 9 +++++++-- tests/src/{ => test_helpers}/ssl_helpers.c | 0 4 files changed, 22 insertions(+), 4 deletions(-) rename tests/src/{ => test_helpers}/ssl_helpers.c (100%) diff --git a/CMakeLists.txt b/CMakeLists.txt index ddeb115e8..a40f737ad 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -287,12 +287,23 @@ add_subdirectory(library) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) + file(GLOB MBEDTLS_TEST_FILES + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library) + + file(GLOB MBEDTLS_TEST_HELPER_FILES + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c) + add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES}) + target_include_directories(mbedtls_test_helpers + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include) endif() if(ENABLE_PROGRAMS) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ca477aced..10de8c702 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -50,7 +50,9 @@ function(add_test_suite suite_name) DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) - add_executable(test_suite_${data_name} test_suite_${data_name}.c $) + add_executable(test_suite_${data_name} test_suite_${data_name}.c + $ + $) target_link_libraries(test_suite_${data_name} ${libs}) # Include test-specific header files from ./include and private header # files (used by some invasive tests) from ../library. Public header diff --git a/tests/Makefile b/tests/Makefile index 44ff43c67..27dcacb16 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -86,7 +86,7 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c)) +MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c src/test_helpers/*.c)) mbedtls_test: $(MBEDTLS_TEST_OBJS) @@ -107,6 +107,10 @@ src/drivers/%.o : src/drivers/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< +src/test_helpers/%.o : src/test_helpers/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) c: $(C_FILES) @@ -143,7 +147,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax - rm -f src/*.o src/drivers/*.o src/libmbed* + rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* rm -f include/test/instrument_record_status.h rm -rf libtestdriver1 else @@ -152,6 +156,7 @@ else if exist *.datax del /Q /F *.datax if exist src/*.o del /Q /F src/*.o if exist src/drivers/*.o del /Q /F src/drivers/*.o + if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o if exist src/libmbed* del /Q /F src/libmed* if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h endif diff --git a/tests/src/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c similarity index 100% rename from tests/src/ssl_helpers.c rename to tests/src/test_helpers/ssl_helpers.c From 89b4d12d4ad540057751aac0cbfab286536a3589 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 28 Oct 2022 18:12:01 +0800 Subject: [PATCH 11/14] Fix build error in CI about test_fail_if_psa_leaking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit During test of component build_arm_linux_gnueabi_gcc_arm5vte and build_arm_none_eabi_gcc_m0plus. It fails with - error: implicit declaration of function ‘test_fail_if_psa_leaking’ It happens because test_fail_if_psa_leaking is defined in helpers.function. This block of code is not converted into C code while compiling ssl_helpers.c. The function has been moved to psa_crypto_helpers.c in order to fix this build error. Signed-off-by: Yanray Wang --- tests/include/test/psa_crypto_helpers.h | 22 +++++++++++++++------- tests/src/psa_crypto_helpers.c | 11 +++++++++++ tests/suites/helpers.function | 19 ------------------- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 08179e2b0..f8b98c07b 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -104,11 +104,11 @@ const char *mbedtls_test_helper_is_psa_leaking(void); * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` * but with a more informative message. */ -#define ASSERT_PSA_PRISTINE() \ +#define ASSERT_PSA_PRISTINE() \ do \ { \ - if (test_fail_if_psa_leaking(__LINE__, __FILE__)) \ - goto exit; \ + if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \ + goto exit; \ } \ while (0) @@ -122,12 +122,12 @@ const char *mbedtls_test_helper_is_psa_leaking(void); * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before * creating them. */ -#define PSA_DONE() \ +#define PSA_DONE() \ do \ { \ - test_fail_if_psa_leaking(__LINE__, __FILE__); \ - mbedtls_test_psa_purge_key_storage(); \ - mbedtls_psa_crypto_free(); \ + mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ + mbedtls_test_psa_purge_key_storage(); \ + mbedtls_psa_crypto_free(); \ } \ while (0) @@ -193,6 +193,14 @@ psa_status_t mbedtls_test_record_status(psa_status_t status, */ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags); +/** Check that no PSA Crypto key slots are in use. + * + * If any slots are in use, mark the current test as failed. + * + * \return 0 if the key store is empty, 1 otherwise. + */ +int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); + /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or * alternative implementation. diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 06274d388..77c2f8976 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -138,4 +138,15 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) return updated_usage; } +int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) +{ + const char *msg = mbedtls_test_helper_is_psa_leaking(); + if (msg == NULL) { + return 0; + } else { + mbedtls_test_fail(msg, line_no, filename); + return 1; + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index eb0dc03fb..efe840870 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -80,25 +80,6 @@ jmp_buf jmp_tmp; /*----------------------------------------------------------------------------*/ /* Helper Functions */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -/** Check that no PSA Crypto key slots are in use. - * - * If any slots are in use, mark the current test as failed. - * - * \return 0 if the key store is empty, 1 otherwise. - */ -int test_fail_if_psa_leaking(int line_no, const char *filename) -{ - const char *msg = mbedtls_test_helper_is_psa_leaking(); - if (msg == NULL) { - return 0; - } else { - mbedtls_test_fail(msg, line_no, filename); - return 1; - } -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) */ - #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output(FILE *out_stream, const char *path) { From d2696f2aa29e61936d7e9bce5a7834150e138b7f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 3 Nov 2022 11:51:59 +0800 Subject: [PATCH 12/14] Fix issue of conversion from size_t to int ssl_helpers.c is treated with W3 warning level in MSVC complier. So that it's reported as error for warning of conversion from size_t to int. This change fixes all this type of warning seen in Microsoft Visual Studio 12.0. Besides, some potential problems of type conversion are also handled. Signed-off-by: Yanray Wang --- tests/src/test_helpers/ssl_helpers.c | 37 +++++++++++++++++----------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index c7e6304c7..b7a7e86ee 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -137,7 +137,7 @@ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, } buf->content_length += input_len; - return input_len; + return (input_len > INT_MAX) ? INT_MAX : (int) input_len; } int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, @@ -171,7 +171,7 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, buf->content_length -= output_len; buf->start = (buf->start + output_len) % buf->capacity; - return output_len; + return (output_len > INT_MAX) ? INT_MAX : (int) output_len; } int mbedtls_test_ssl_message_queue_setup( @@ -182,7 +182,7 @@ int mbedtls_test_ssl_message_queue_setup( return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - queue->capacity = capacity; + queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; queue->pos = 0; queue->num = 0; @@ -218,7 +218,7 @@ int mbedtls_test_ssl_message_queue_push_info( place = (queue->pos + queue->num) % queue->capacity; queue->messages[place] = len; queue->num++; - return len; + return (len > INT_MAX) ? INT_MAX : (int) len; } int mbedtls_test_ssl_message_queue_pop_info( @@ -241,7 +241,8 @@ int mbedtls_test_ssl_message_queue_pop_info( queue->pos += queue->capacity; } - return (message_length > buf_len) ? buf_len : message_length; + return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : + (message_length > buf_len) ? (int) buf_len : (int) message_length; } /* @@ -513,7 +514,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, } mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - return msg_len; + return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ @@ -990,13 +991,21 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, #endif /* MBEDTLS_CIPHER_MODE_CBC */ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - keylen << 3, MBEDTLS_ENCRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_ENCRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - keylen << 3, MBEDTLS_DECRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_DECRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - keylen << 3, MBEDTLS_ENCRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_ENCRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - keylen << 3, MBEDTLS_DECRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_DECRYPT) + == 0); /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) @@ -1154,12 +1163,12 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Add CID */ memcpy(&t_in->in_cid, cid0, cid0_len); memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = cid0_len; - t_in->out_cid_len = cid1_len; + t_in->in_cid_len = (uint8_t) cid0_len; + t_in->out_cid_len = (uint8_t) cid1_len; memcpy(&t_out->in_cid, cid1, cid1_len); memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = cid1_len; - t_out->out_cid_len = cid0_len; + t_out->in_cid_len = (uint8_t) cid1_len; + t_out->out_cid_len = (uint8_t) cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ cleanup: From e16808cddca7501f965624f58455e83c44eafd40 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Mar 2023 18:08:56 +0800 Subject: [PATCH 13/14] Move #define Directive into ssl_helpers.h Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 13 +++++++++++++ tests/suites/test_suite_ssl.function | 13 ------------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 9880b4e23..195704383 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -43,6 +43,19 @@ #include "mbedtls/ssl_cache.h" #endif +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +#endif + +enum { +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ + tls1_3_label_ ## name, + MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL +}; + typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; size_t counter; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0b30f8d23..996ba98f2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5,19 +5,6 @@ #include -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -#endif - -enum { -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - tls1_3_label_ ## name, - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL -}; - /* END_HEADER */ /* BEGIN_DEPENDENCIES From 3d1d418f9eb8f39a65e0d151db31d6553817e7a1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 15 Mar 2023 12:10:50 +0800 Subject: [PATCH 14/14] Fix failure in check_generated_files Signed-off-by: Yanray Wang --- visualc/VS2010/mbedTLS.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 88ffe1b2e..b6df742e8 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -246,6 +246,7 @@ +