Skip to content

Commit 32b504f

Browse files
ronald-cron-armronald-cron-arm
committed
tests: write early data: Add HRR scenario
Signed-off-by: Ronald Cron <[email protected]>
1 parent afa2091 commit 32b504f

File tree

2 files changed

+78
-7
lines changed

2 files changed

+78
-7
lines changed

tests/suites/test_suite_ssl.data

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3297,3 +3297,6 @@ tls13_write_early_data:"not sent"
32973297

32983298
TLS 1.3 write early data, server rejects early data
32993299
tls13_write_early_data:"server rejects"
3300+
3301+
TLS 1.3 write early data, hello retry request
3302+
tls13_write_early_data:"hrr"

tests/suites/test_suite_ssl.function

Lines changed: 75 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4060,7 +4060,12 @@ void tls13_write_early_data(char *scenario_string)
40604060
mbedtls_test_handshake_test_options client_options;
40614061
mbedtls_test_handshake_test_options server_options;
40624062
mbedtls_ssl_session saved_session;
4063-
int client_state, previous_client_state;
4063+
uint16_t group_list[3] = {
4064+
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
4065+
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
4066+
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
4067+
};
4068+
int client_state, previous_client_state, beyond_first_hello = 0;
40644069
const char *early_data_string = "This is early data.";
40654070
const unsigned char *early_data = (const unsigned char *) early_data_string;
40664071
size_t early_data_len = strlen(early_data_string);
@@ -4084,6 +4089,8 @@ void tls13_write_early_data(char *scenario_string)
40844089
scenario = 1;
40854090
} else if (strcmp(scenario_string, "server rejects") == 0) {
40864091
scenario = 2;
4092+
} else if (strcmp(scenario_string, "hrr") == 0) {
4093+
scenario = 3;
40874094
} else {
40884095
TEST_FAIL("Unknown scenario.");
40894096
}
@@ -4095,12 +4102,15 @@ void tls13_write_early_data(char *scenario_string)
40954102
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
40964103
server_options.pk_alg = MBEDTLS_PK_ECDSA;
40974104
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
4105+
if (scenario == 3) {
4106+
client_options.group_list = group_list;
4107+
server_options.group_list = group_list;
4108+
}
40984109

40994110
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
41004111
&saved_session);
41014112
TEST_EQUAL(ret, 0);
41024113

4103-
41044114
/*
41054115
* Prepare for handshake with the ticket.
41064116
*/
@@ -4112,6 +4122,10 @@ void tls13_write_early_data(char *scenario_string)
41124122
case 2:
41134123
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
41144124
break;
4125+
4126+
case 3:
4127+
server_options.group_list = group_list + 1;
4128+
break;
41154129
}
41164130

41174131
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
@@ -4142,6 +4156,19 @@ void tls13_write_early_data(char *scenario_string)
41424156
client_state = MBEDTLS_SSL_HELLO_REQUEST;
41434157

41444158
while (client_state != MBEDTLS_SSL_HANDSHAKE_OVER) {
4159+
/* In case of HRR scenario, once we have been through it, move over
4160+
* the first ClientHello and ServerHello otherwise we just keep playing
4161+
* this first part of the handshake with HRR.
4162+
*/
4163+
if ((scenario == 3) && (beyond_first_hello)) {
4164+
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
4165+
&(client_ep.ssl), &(server_ep.ssl),
4166+
MBEDTLS_SSL_SERVER_HELLO) == 0);
4167+
TEST_ASSERT(mbedtls_test_move_handshake_to_state(
4168+
&(client_ep.ssl), &(server_ep.ssl),
4169+
MBEDTLS_SSL_CLIENT_HELLO) == 0);
4170+
}
4171+
41454172
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
41464173
&(client_ep.ssl), &(server_ep.ssl),
41474174
previous_client_state), 0);
@@ -4179,6 +4206,17 @@ void tls13_write_early_data(char *scenario_string)
41794206
TEST_EQUAL(write_early_data_ret, early_data_len);
41804207
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
41814208
break;
4209+
case 3:
4210+
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
4211+
TEST_EQUAL(write_early_data_ret, early_data_len);
4212+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
4213+
} else {
4214+
beyond_first_hello = 1;
4215+
TEST_EQUAL(write_early_data_ret,
4216+
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4217+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO);
4218+
}
4219+
break;
41824220
}
41834221
break;
41844222

@@ -4189,6 +4227,16 @@ void tls13_write_early_data(char *scenario_string)
41894227
TEST_EQUAL(write_early_data_ret, early_data_len);
41904228
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
41914229
break;
4230+
case 3:
4231+
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
4232+
TEST_EQUAL(write_early_data_ret, early_data_len);
4233+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
4234+
} else {
4235+
TEST_EQUAL(write_early_data_ret,
4236+
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4237+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
4238+
}
4239+
break;
41924240
}
41934241
break;
41944242

@@ -4199,6 +4247,10 @@ void tls13_write_early_data(char *scenario_string)
41994247
TEST_EQUAL(write_early_data_ret, early_data_len);
42004248
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
42014249
break;
4250+
case 3:
4251+
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4252+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
4253+
break;
42024254
}
42034255
break;
42044256

@@ -4213,6 +4265,11 @@ void tls13_write_early_data(char *scenario_string)
42134265
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
42144266
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
42154267
break;
4268+
4269+
case 3:
4270+
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4271+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED);
4272+
break;
42164273
}
42174274
break;
42184275

@@ -4226,19 +4283,29 @@ void tls13_write_early_data(char *scenario_string)
42264283
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
42274284
switch (scenario) {
42284285
case 0: /* Intentional fallthrough */
4229-
case 2:
4286+
case 2: /* Intentional fallthrough */
4287+
case 3:
42304288
TEST_EQUAL(write_early_data_ret, early_data_len);
42314289
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
42324290
break;
42334291
}
42344292
break;
42354293

4294+
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
4295+
TEST_EQUAL(scenario, 3);
4296+
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4297+
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO);
4298+
break;
4299+
42364300
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
42374301
TEST_ASSERT(scenario != 0);
42384302
switch (scenario) {
4239-
case 2:
4240-
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4241-
TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
4303+
case 2: /* Intentional fallthrough */
4304+
case 3:
4305+
TEST_EQUAL(write_early_data_ret,
4306+
MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
4307+
TEST_EQUAL(client_ep.ssl.state,
4308+
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
42424309
break;
42434310
}
42444311
break;
@@ -4251,7 +4318,8 @@ void tls13_write_early_data(char *scenario_string)
42514318
case MBEDTLS_SSL_HANDSHAKE_OVER:
42524319
switch (scenario) {
42534320
case 0: /* Intentional fallthrough */
4254-
case 2:
4321+
case 2: /* Intentional fallthrough */
4322+
case 3:
42554323
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
42564324
TEST_EQUAL(client_ep.ssl.state, client_state);
42574325
break;

0 commit comments

Comments
 (0)