From 534ff400d49889f29651c81d83802497a877d6fe Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 14 Jul 2022 16:43:43 +0800 Subject: [PATCH] Add serialize_version_check for tls13 Add population session also Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 40 +++++++++++++-- tests/suites/test_suite_ssl.function | 73 +++++++++++++++++++++++++--- 2 files changed, 102 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 34f4d66c4..76e67e27e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -796,19 +796,51 @@ ssl_set_hostname_twice:"server0":"server1" SSL session serialization: Wrong major version depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:1:0:0:0 +ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 SSL session serialization: Wrong minor version depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:1:0:0 +ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 SSL session serialization: Wrong patch version depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:1:0 +ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 SSL session serialization: Wrong config depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:0:1 +ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2 + +TLS 1.3: CLI: session serialization: Wrong major version +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: CLI: session serialization: Wrong minor version +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: CLI: session serialization: Wrong patch version +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: CLI: session serialization: Wrong config +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: SRV: session serialization: Wrong major version +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: SRV: session serialization: Wrong minor version +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: SRV: session serialization: Wrong patch version +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3: SRV: session serialization: Wrong config +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 Record crypt, AES-128-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9a031b65c..3f3833d83 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1724,7 +1724,7 @@ cleanup: * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. */ -static int ssl_populate_session_tls12( mbedtls_ssl_session *session, +static int ssl_tls12_populate_session( mbedtls_ssl_session *session, int ticket_len, const char *crt_file ) { @@ -1805,6 +1805,52 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session, return( 0 ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +static int ssl_tls13_populate_session( mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type ) +{ + ((void) ticket_len); + session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; + session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; + session->ciphersuite = 0xabcd; + session->ticket_age_add = 0x87654321; + session->ticket_flags = 0x7; + + session->key_len = 32; + memset( session->key, 0x99, sizeof( session->key ) ); + +#if defined(MBEDTLS_HAVE_TIME) + if( session->endpoint == MBEDTLS_SSL_IS_SERVER ) + { + session->start = mbedtls_time( NULL ) - 42; + } +#endif + +#if defined(MBEDTLS_SSL_CLI_C) + if( session->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { +#if defined(MBEDTLS_HAVE_TIME) + session->ticket_received = mbedtls_time( NULL ) - 40; +#endif + session->ticket_lifetime = 0xfedcba98; + + session->ticket_len = ticket_len; + if( ticket_len != 0 ) + { + session->ticket = mbedtls_calloc( 1, ticket_len ); + if( session->ticket == NULL ) + return( -1 ); + memset( session->ticket, 33, ticket_len ); + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + + return( 0 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + /* * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the * message was sent in the correct number of fragments. @@ -4638,7 +4684,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) mbedtls_ssl_session_init( &restored ); /* Prepare a dummy session to work on */ - TEST_ASSERT( ssl_populate_session_tls12( &original, ticket_len, crt_file ) == 0 ); + TEST_ASSERT( ssl_tls12_populate_session( &original, ticket_len, crt_file ) == 0 ); /* Serialize it */ TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len ) @@ -4735,7 +4781,7 @@ void ssl_serialize_session_load_save( int ticket_len, char *crt_file ) mbedtls_ssl_session_init( &session ); /* Prepare a dummy session to work on */ - TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 ); + TEST_ASSERT( ssl_tls12_populate_session( &session, ticket_len, crt_file ) == 0 ); /* Get desired buffer size for serializing */ TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 ) @@ -4785,7 +4831,7 @@ void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file ) mbedtls_ssl_session_init( &session ); /* Prepare dummy session and get serialized size */ - TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 ); + TEST_ASSERT( ssl_tls12_populate_session( &session, ticket_len, crt_file ) == 0 ); TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len ) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); @@ -4821,7 +4867,7 @@ void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file ) mbedtls_ssl_session_init( &session ); /* Prepare serialized session data */ - TEST_ASSERT( ssl_populate_session_tls12( &session, ticket_len, crt_file ) == 0 ); + TEST_ASSERT( ssl_tls12_populate_session( &session, ticket_len, crt_file ) == 0 ); TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len ) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL ); @@ -4853,7 +4899,9 @@ exit: void ssl_session_serialize_version_check( int corrupt_major, int corrupt_minor, int corrupt_patch, - int corrupt_config ) + int corrupt_config, + int endpoint_type, + int tls_version ) { unsigned char serialized_session[ 2048 ]; size_t serialized_session_len; @@ -4866,7 +4914,18 @@ void ssl_session_serialize_version_check( int corrupt_major, corrupt_config == 1 }; mbedtls_ssl_session_init( &session ); - TEST_ASSERT( ssl_populate_session_tls12( &session, 0, NULL ) == 0 ); + ((void) endpoint_type); + ((void) tls_version); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if(tls_version == MBEDTLS_SSL_VERSION_TLS1_3) + { + TEST_ASSERT( ssl_tls13_populate_session( + &session, 0, endpoint_type ) == 0 ); + } + else +#endif + TEST_ASSERT( ssl_tls12_populate_session( &session, 0, NULL ) == 0 ); + /* Infer length of serialized session. */ TEST_ASSERT( mbedtls_ssl_session_save( &session,