Skip to content

Commit 04d82b1

Browse files
ronald-cron-armronald-cron-arm
committed
tests: write early data: Add HRR scenario
Signed-off-by: Ronald Cron <[email protected]>
1 parent a4c41dd commit 04d82b1

File tree

2 files changed

+79
-7
lines changed

2 files changed

+79
-7
lines changed

tests/suites/test_suite_ssl.data

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3297,3 +3297,6 @@ tls13_write_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT
32973297

32983298
TLS 1.3 write early data, server rejects early data
32993299
tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS
3300+
3301+
TLS 1.3 write early data, hello retry request
3302+
tls13_write_early_data:TEST_EARLY_DATA_HRR

tests/suites/test_suite_ssl.function

Lines changed: 76 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4059,7 +4059,12 @@ void tls13_write_early_data(int scenario)
40594059
mbedtls_test_handshake_test_options client_options;
40604060
mbedtls_test_handshake_test_options server_options;
40614061
mbedtls_ssl_session saved_session;
4062-
int client_state, previous_client_state;
4062+
uint16_t group_list[3] = {
4063+
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
4064+
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
4065+
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
4066+
};
4067+
int client_state, previous_client_state, beyond_first_hello = 0;
40634068
const char *early_data_string = "This is early data.";
40644069
const unsigned char *early_data = (const unsigned char *) early_data_string;
40654070
size_t early_data_len = strlen(early_data_string);
@@ -4080,12 +4085,15 @@ void tls13_write_early_data(int scenario)
40804085
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
40814086
server_options.pk_alg = MBEDTLS_PK_ECDSA;
40824087
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
4088+
if (scenario == TEST_EARLY_DATA_HRR) {
4089+
client_options.group_list = group_list;
4090+
server_options.group_list = group_list;
4091+
}
40834092

40844093
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
40854094
&saved_session);
40864095
TEST_EQUAL(ret, 0);
40874096

4088-
40894097
/*
40904098
* Prepare for handshake with the ticket.
40914099
*/
@@ -4101,6 +4109,10 @@ void tls13_write_early_data(int scenario)
41014109
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
41024110
break;
41034111

4112+
case TEST_EARLY_DATA_HRR:
4113+
server_options.group_list = group_list + 1;
4114+
break;
4115+
41044116
default:
41054117
TEST_FAIL("Unknown scenario.");
41064118
}
@@ -4133,6 +4145,19 @@ void tls13_write_early_data(int scenario)
41334145
client_state = MBEDTLS_SSL_HELLO_REQUEST;
41344146

41354147
while (client_state != MBEDTLS_SSL_HANDSHAKE_OVER) {
4148+
/* In case of HRR scenario, once we have been through it, move over
4149+
* the first ClientHello and ServerHello otherwise we just keep playing
4150+
* this first part of the handshake with HRR.
4151+
*/
4152+
if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) {
4153+
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
4154+
&(client_ep.ssl), &(server_ep.ssl),
4155+
MBEDTLS_SSL_SERVER_HELLO) == 0);
4156+
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
4157+
&(client_ep.ssl), &(server_ep.ssl),
4158+
MBEDTLS_SSL_CLIENT_HELLO) == 0);
4159+
}
4160+
41364161
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
41374162
&(client_ep.ssl), &(server_ep.ssl),
41384163
previous_client_state), 0);
@@ -4170,6 +4195,18 @@ void tls13_write_early_data(int scenario)
41704195
TEST_EQUAL(write_early_data_ret, early_data_len);
41714196
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
41724197
break;
4198+
4199+
case TEST_EARLY_DATA_HRR:
4200+
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
4201+
TEST_EQUAL(write_early_data_ret, early_data_len);
4202+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
4203+
} else {
4204+
beyond_first_hello = 1;
4205+
TEST_EQUAL(write_early_data_ret,
4206+
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4207+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO);
4208+
}
4209+
break;
41734210
}
41744211
break;
41754212

@@ -4180,6 +4217,17 @@ void tls13_write_early_data(int scenario)
41804217
TEST_EQUAL(write_early_data_ret, early_data_len);
41814218
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
41824219
break;
4220+
4221+
case TEST_EARLY_DATA_HRR:
4222+
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
4223+
TEST_EQUAL(write_early_data_ret, early_data_len);
4224+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
4225+
} else {
4226+
TEST_EQUAL(write_early_data_ret,
4227+
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4228+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
4229+
}
4230+
break;
41834231
}
41844232
break;
41854233

@@ -4190,6 +4238,11 @@ void tls13_write_early_data(int scenario)
41904238
TEST_EQUAL(write_early_data_ret, early_data_len);
41914239
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
41924240
break;
4241+
4242+
case TEST_EARLY_DATA_HRR:
4243+
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4244+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
4245+
break;
41934246
}
41944247
break;
41954248

@@ -4204,6 +4257,11 @@ void tls13_write_early_data(int scenario)
42044257
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
42054258
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
42064259
break;
4260+
4261+
case TEST_EARLY_DATA_HRR:
4262+
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4263+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
4264+
break;
42074265
}
42084266
break;
42094267

@@ -4217,19 +4275,29 @@ void tls13_write_early_data(int scenario)
42174275
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
42184276
switch (scenario) {
42194277
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
4220-
case TEST_EARLY_DATA_SERVER_REJECTS:
4278+
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
4279+
case TEST_EARLY_DATA_HRR:
42214280
TEST_EQUAL(write_early_data_ret, early_data_len);
42224281
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
42234282
break;
42244283
}
42254284
break;
42264285

4286+
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
4287+
TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR);
4288+
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4289+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO);
4290+
break;
4291+
42274292
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
42284293
TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
42294294
switch (scenario) {
4230-
case TEST_EARLY_DATA_SERVER_REJECTS:
4231-
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4232-
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
4295+
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
4296+
case TEST_EARLY_DATA_HRR:
4297+
TEST_EQUAL(write_early_data_ret,
4298+
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4299+
TEST_EQUAL(client_ep.ssl.state,
4300+
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
42334301
break;
42344302
}
42354303
break;
@@ -4242,7 +4310,8 @@ void tls13_write_early_data(int scenario)
42424310
case MBEDTLS_SSL_HANDSHAKE_OVER:
42434311
switch (scenario) {
42444312
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
4245-
case TEST_EARLY_DATA_SERVER_REJECTS:
4313+
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
4314+
case TEST_EARLY_DATA_HRR:
42464315
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
42474316
TEST_EQUAL(client_ep.ssl.state, client_state);
42484317
break;

0 commit comments

Comments
 (0)