2014-09-24 11:13:44 +02:00
|
|
|
/* BEGIN_HEADER */
|
2015-03-09 18:05:11 +01:00
|
|
|
#include <mbedtls/ssl.h>
|
2015-05-26 11:57:05 +02:00
|
|
|
#include <mbedtls/ssl_internal.h>
|
2014-09-24 11:13:44 +02:00
|
|
|
/* END_HEADER */
|
|
|
|
|
|
|
|
/* BEGIN_DEPENDENCIES
|
2015-04-08 12:49:31 +02:00
|
|
|
* depends_on:MBEDTLS_SSL_TLS_C
|
2014-09-24 11:13:44 +02:00
|
|
|
* END_DEPENDENCIES
|
|
|
|
*/
|
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
2018-06-29 12:05:32 +02:00
|
|
|
void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
|
2014-09-24 11:13:44 +02:00
|
|
|
{
|
2017-06-09 05:32:58 +02:00
|
|
|
uint32_t len = 0;
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ssl_context ssl;
|
2015-05-04 14:56:36 +02:00
|
|
|
mbedtls_ssl_config conf;
|
2014-09-24 11:13:44 +02:00
|
|
|
|
2015-04-29 00:48:22 +02:00
|
|
|
mbedtls_ssl_init( &ssl );
|
2015-05-04 14:56:36 +02:00
|
|
|
mbedtls_ssl_config_init( &conf );
|
2015-04-29 00:48:22 +02:00
|
|
|
|
2015-05-04 19:32:36 +02:00
|
|
|
TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
|
|
|
|
MBEDTLS_SSL_IS_CLIENT,
|
2015-06-17 13:53:47 +02:00
|
|
|
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
|
|
|
MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
|
2015-05-04 14:56:36 +02:00
|
|
|
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
2014-09-24 11:13:44 +02:00
|
|
|
|
|
|
|
/* Read previous record numbers */
|
2017-06-09 05:32:58 +02:00
|
|
|
for( len = 0; len < prevs->len; len += 6 )
|
2014-09-24 11:13:44 +02:00
|
|
|
{
|
2017-06-09 05:32:58 +02:00
|
|
|
memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ssl_dtls_replay_update( &ssl );
|
2014-09-24 11:13:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Check new number */
|
2017-06-09 05:32:58 +02:00
|
|
|
memcpy( ssl.in_ctr + 2, new->x, 6 );
|
2015-04-08 12:49:31 +02:00
|
|
|
TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
|
2014-09-24 11:13:44 +02:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_ssl_free( &ssl );
|
2015-05-04 14:56:36 +02:00
|
|
|
mbedtls_ssl_config_free( &conf );
|
2014-09-24 11:13:44 +02:00
|
|
|
}
|
|
|
|
/* END_CASE */
|
2017-05-05 12:24:30 +02:00
|
|
|
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
|
|
|
void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
|
|
|
|
{
|
|
|
|
mbedtls_ssl_context ssl;
|
|
|
|
mbedtls_ssl_init( &ssl );
|
|
|
|
|
|
|
|
TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
|
|
|
|
|
|
|
|
mbedtls_ssl_free( &ssl );
|
|
|
|
}
|
2018-03-13 16:22:58 +01:00
|
|
|
/* END_CASE */
|
2020-07-28 10:19:45 +02:00
|
|
|
|
2020-07-28 11:35:39 +02:00
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
|
2020-07-28 10:19:45 +02:00
|
|
|
void ssl_cf_hmac( int hash )
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Test the function mbedtls_ssl_cf_hmac() against a reference
|
|
|
|
* implementation.
|
|
|
|
*/
|
|
|
|
mbedtls_md_context_t ctx, ref_ctx;
|
|
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
size_t out_len, block_size;
|
|
|
|
size_t min_in_len, in_len, max_in_len, i;
|
|
|
|
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
|
|
|
|
unsigned char add_data[13];
|
|
|
|
unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
|
|
|
|
unsigned char *data = NULL;
|
|
|
|
unsigned char *out = NULL;
|
|
|
|
unsigned char rec_num = 0;
|
|
|
|
|
|
|
|
mbedtls_md_init( &ctx );
|
|
|
|
mbedtls_md_init( &ref_ctx );
|
|
|
|
|
|
|
|
md_info = mbedtls_md_info_from_type( hash );
|
|
|
|
TEST_ASSERT( md_info != NULL );
|
|
|
|
out_len = mbedtls_md_get_size( md_info );
|
|
|
|
TEST_ASSERT( out_len != 0 );
|
|
|
|
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
|
|
|
|
|
|
|
|
/* Use allocated out buffer to catch overwrites */
|
|
|
|
out = mbedtls_calloc( 1, out_len );
|
|
|
|
TEST_ASSERT( out != NULL );
|
|
|
|
|
|
|
|
/* Set up contexts with the given hash and a dummy key */
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
|
|
|
|
memset( ref_out, 42, sizeof( ref_out ) );
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
|
|
|
|
memset( ref_out, 0, sizeof( ref_out ) );
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Test all possible lengths up to a point. The difference between
|
|
|
|
* max_in_len and min_in_len is at most 255, and make sure they both vary
|
|
|
|
* by at least one block size.
|
|
|
|
*/
|
|
|
|
for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
|
|
|
|
{
|
|
|
|
/* Use allocated in buffer to catch overreads */
|
|
|
|
data = mbedtls_calloc( 1, max_in_len );
|
|
|
|
TEST_ASSERT( data != NULL || max_in_len == 0 );
|
|
|
|
|
|
|
|
min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
|
|
|
|
for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
|
|
|
|
{
|
|
|
|
/* Set up dummy data and add_data */
|
|
|
|
rec_num++;
|
|
|
|
memset( add_data, rec_num, sizeof( add_data ) );
|
|
|
|
for( i = 0; i < in_len; i++ )
|
|
|
|
data[i] = ( i & 0xff ) ^ rec_num;
|
|
|
|
|
|
|
|
/* Get the function's result */
|
2020-07-28 11:02:57 +02:00
|
|
|
TEST_CF_SECRET( &in_len, sizeof( in_len ) );
|
2020-07-28 10:19:45 +02:00
|
|
|
TEST_ASSERT( 0 == mbedtls_ssl_cf_hmac( &ctx, add_data, sizeof( add_data ),
|
|
|
|
data, in_len,
|
|
|
|
min_in_len, max_in_len,
|
|
|
|
out ) );
|
2020-07-28 11:02:57 +02:00
|
|
|
TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
|
|
|
|
TEST_CF_PUBLIC( out, out_len );
|
2020-07-28 10:19:45 +02:00
|
|
|
|
|
|
|
/* Compute the reference result */
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_hmac_update( &ref_ctx, add_data,
|
|
|
|
sizeof( add_data ) ) );
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
|
|
|
|
TEST_ASSERT( 0 == mbedtls_md_hmac_reset( &ref_ctx ) );
|
|
|
|
|
|
|
|
/* Compare */
|
|
|
|
TEST_ASSERT( 0 == memcmp( out, ref_out, out_len ) );
|
|
|
|
}
|
|
|
|
|
|
|
|
mbedtls_free( data );
|
|
|
|
data = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
exit:
|
|
|
|
mbedtls_md_free( &ref_ctx );
|
|
|
|
mbedtls_md_free( &ctx );
|
|
|
|
|
|
|
|
mbedtls_free( data );
|
|
|
|
mbedtls_free( out );
|
|
|
|
}
|
|
|
|
/* END_CASE */
|
2020-08-25 11:18:11 +02:00
|
|
|
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
|
|
|
|
void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
|
|
|
|
{
|
|
|
|
unsigned char *dst = NULL;
|
|
|
|
unsigned char *src = NULL;
|
|
|
|
size_t src_len = offset_max + len;
|
|
|
|
size_t secret;
|
|
|
|
|
|
|
|
dst = mbedtls_calloc( 1, len );
|
|
|
|
TEST_ASSERT( dst != NULL );
|
|
|
|
src = mbedtls_calloc( 1, src_len );
|
|
|
|
TEST_ASSERT( src != NULL );
|
|
|
|
|
|
|
|
/* Fill src in a way that we can detect if we copied the right bytes */
|
|
|
|
rnd_std_rand( NULL, src, src_len );
|
|
|
|
|
|
|
|
for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
|
|
|
|
{
|
|
|
|
TEST_CF_SECRET( &secret, sizeof( secret ) );
|
|
|
|
mbedtls_ssl_cf_memcpy_offset( dst, src, secret,
|
|
|
|
offset_min, offset_max, len );
|
|
|
|
TEST_CF_PUBLIC( &secret, sizeof( secret ) );
|
|
|
|
TEST_CF_PUBLIC( dst, len );
|
|
|
|
|
|
|
|
TEST_ASSERT( memcmp( dst, src + secret, len ) == 0 );
|
|
|
|
}
|
|
|
|
|
|
|
|
exit:
|
|
|
|
mbedtls_free( dst );
|
|
|
|
mbedtls_free( src );
|
|
|
|
}
|
|
|
|
/* END_CASE */
|