1*62c56f98SSadaf Ebrahimi /** \file ssl_helpers.h 2*62c56f98SSadaf Ebrahimi * 3*62c56f98SSadaf Ebrahimi * \brief This file contains helper functions to set up a TLS connection. 4*62c56f98SSadaf Ebrahimi */ 5*62c56f98SSadaf Ebrahimi 6*62c56f98SSadaf Ebrahimi /* 7*62c56f98SSadaf Ebrahimi * Copyright The Mbed TLS Contributors 8*62c56f98SSadaf Ebrahimi * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9*62c56f98SSadaf Ebrahimi */ 10*62c56f98SSadaf Ebrahimi 11*62c56f98SSadaf Ebrahimi #ifndef SSL_HELPERS_H 12*62c56f98SSadaf Ebrahimi #define SSL_HELPERS_H 13*62c56f98SSadaf Ebrahimi 14*62c56f98SSadaf Ebrahimi #include "mbedtls/build_info.h" 15*62c56f98SSadaf Ebrahimi 16*62c56f98SSadaf Ebrahimi #include <string.h> 17*62c56f98SSadaf Ebrahimi 18*62c56f98SSadaf Ebrahimi #include <test/helpers.h> 19*62c56f98SSadaf Ebrahimi #include <test/macros.h> 20*62c56f98SSadaf Ebrahimi #include <test/random.h> 21*62c56f98SSadaf Ebrahimi #include <test/psa_crypto_helpers.h> 22*62c56f98SSadaf Ebrahimi 23*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_TLS_C) 24*62c56f98SSadaf Ebrahimi #include <ssl_misc.h> 25*62c56f98SSadaf Ebrahimi #include <mbedtls/timing.h> 26*62c56f98SSadaf Ebrahimi #include <mbedtls/debug.h> 27*62c56f98SSadaf Ebrahimi 28*62c56f98SSadaf Ebrahimi #include "test/certs.h" 29*62c56f98SSadaf Ebrahimi 30*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_CACHE_C) 31*62c56f98SSadaf Ebrahimi #include "mbedtls/ssl_cache.h" 32*62c56f98SSadaf Ebrahimi #endif 33*62c56f98SSadaf Ebrahimi 34*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_USE_PSA_CRYPTO) 35*62c56f98SSadaf Ebrahimi #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ 36*62c56f98SSadaf Ebrahimi psa_to_ssl_errors, \ 37*62c56f98SSadaf Ebrahimi psa_generic_status_to_mbedtls) 38*62c56f98SSadaf Ebrahimi #endif 39*62c56f98SSadaf Ebrahimi 40*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 41*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_AES_C) 42*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_GCM_C) 43*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_MD_CAN_SHA384) 44*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 45*62c56f98SSadaf Ebrahimi #endif 46*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_MD_CAN_SHA256) 47*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 48*62c56f98SSadaf Ebrahimi #endif 49*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_GCM_C */ 50*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) 51*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 52*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 53*62c56f98SSadaf Ebrahimi #endif 54*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_AES_C */ 55*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) 56*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 57*62c56f98SSadaf Ebrahimi #endif 58*62c56f98SSadaf Ebrahimi 59*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384) || \ 60*62c56f98SSadaf Ebrahimi defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256) || \ 61*62c56f98SSadaf Ebrahimi defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256) || \ 62*62c56f98SSadaf Ebrahimi defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256) || \ 63*62c56f98SSadaf Ebrahimi defined(MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256) 64*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE 65*62c56f98SSadaf Ebrahimi #endif 66*62c56f98SSadaf Ebrahimi 67*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 68*62c56f98SSadaf Ebrahimi 69*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 70*62c56f98SSadaf Ebrahimi defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 71*62c56f98SSadaf Ebrahimi defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 72*62c56f98SSadaf Ebrahimi #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY 73*62c56f98SSadaf Ebrahimi #endif 74*62c56f98SSadaf Ebrahimi enum { 75*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ 76*62c56f98SSadaf Ebrahimi tls13_label_ ## name, 77*62c56f98SSadaf Ebrahimi MBEDTLS_SSL_TLS1_3_LABEL_LIST 78*62c56f98SSadaf Ebrahimi #undef MBEDTLS_SSL_TLS1_3_LABEL 79*62c56f98SSadaf Ebrahimi }; 80*62c56f98SSadaf Ebrahimi 81*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_ssl_log_pattern { 82*62c56f98SSadaf Ebrahimi const char *pattern; 83*62c56f98SSadaf Ebrahimi size_t counter; 84*62c56f98SSadaf Ebrahimi } mbedtls_test_ssl_log_pattern; 85*62c56f98SSadaf Ebrahimi 86*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_handshake_test_options { 87*62c56f98SSadaf Ebrahimi const char *cipher; 88*62c56f98SSadaf Ebrahimi mbedtls_ssl_protocol_version client_min_version; 89*62c56f98SSadaf Ebrahimi mbedtls_ssl_protocol_version client_max_version; 90*62c56f98SSadaf Ebrahimi mbedtls_ssl_protocol_version server_min_version; 91*62c56f98SSadaf Ebrahimi mbedtls_ssl_protocol_version server_max_version; 92*62c56f98SSadaf Ebrahimi mbedtls_ssl_protocol_version expected_negotiated_version; 93*62c56f98SSadaf Ebrahimi int expected_handshake_result; 94*62c56f98SSadaf Ebrahimi int expected_ciphersuite; 95*62c56f98SSadaf Ebrahimi int pk_alg; 96*62c56f98SSadaf Ebrahimi int opaque_alg; 97*62c56f98SSadaf Ebrahimi int opaque_alg2; 98*62c56f98SSadaf Ebrahimi int opaque_usage; 99*62c56f98SSadaf Ebrahimi data_t *psk_str; 100*62c56f98SSadaf Ebrahimi int dtls; 101*62c56f98SSadaf Ebrahimi int srv_auth_mode; 102*62c56f98SSadaf Ebrahimi int serialize; 103*62c56f98SSadaf Ebrahimi int mfl; 104*62c56f98SSadaf Ebrahimi int cli_msg_len; 105*62c56f98SSadaf Ebrahimi int srv_msg_len; 106*62c56f98SSadaf Ebrahimi int expected_cli_fragments; 107*62c56f98SSadaf Ebrahimi int expected_srv_fragments; 108*62c56f98SSadaf Ebrahimi int renegotiate; 109*62c56f98SSadaf Ebrahimi int legacy_renegotiation; 110*62c56f98SSadaf Ebrahimi void *srv_log_obj; 111*62c56f98SSadaf Ebrahimi void *cli_log_obj; 112*62c56f98SSadaf Ebrahimi void (*srv_log_fun)(void *, int, const char *, int, const char *); 113*62c56f98SSadaf Ebrahimi void (*cli_log_fun)(void *, int, const char *, int, const char *); 114*62c56f98SSadaf Ebrahimi int resize_buffers; 115*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_CACHE_C) 116*62c56f98SSadaf Ebrahimi mbedtls_ssl_cache_context *cache; 117*62c56f98SSadaf Ebrahimi #endif 118*62c56f98SSadaf Ebrahimi } mbedtls_test_handshake_test_options; 119*62c56f98SSadaf Ebrahimi 120*62c56f98SSadaf Ebrahimi /* 121*62c56f98SSadaf Ebrahimi * Buffer structure for custom I/O callbacks. 122*62c56f98SSadaf Ebrahimi */ 123*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_ssl_buffer { 124*62c56f98SSadaf Ebrahimi size_t start; 125*62c56f98SSadaf Ebrahimi size_t content_length; 126*62c56f98SSadaf Ebrahimi size_t capacity; 127*62c56f98SSadaf Ebrahimi unsigned char *buffer; 128*62c56f98SSadaf Ebrahimi } mbedtls_test_ssl_buffer; 129*62c56f98SSadaf Ebrahimi 130*62c56f98SSadaf Ebrahimi /* 131*62c56f98SSadaf Ebrahimi * Context for a message metadata queue (fifo) that is on top of the ring buffer. 132*62c56f98SSadaf Ebrahimi */ 133*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_ssl_message_queue { 134*62c56f98SSadaf Ebrahimi size_t *messages; 135*62c56f98SSadaf Ebrahimi int pos; 136*62c56f98SSadaf Ebrahimi int num; 137*62c56f98SSadaf Ebrahimi int capacity; 138*62c56f98SSadaf Ebrahimi } mbedtls_test_ssl_message_queue; 139*62c56f98SSadaf Ebrahimi 140*62c56f98SSadaf Ebrahimi /* 141*62c56f98SSadaf Ebrahimi * Context for the I/O callbacks simulating network connection. 142*62c56f98SSadaf Ebrahimi */ 143*62c56f98SSadaf Ebrahimi 144*62c56f98SSadaf Ebrahimi #define MBEDTLS_MOCK_SOCKET_CONNECTED 1 145*62c56f98SSadaf Ebrahimi 146*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_mock_socket { 147*62c56f98SSadaf Ebrahimi int status; 148*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_buffer *input; 149*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_buffer *output; 150*62c56f98SSadaf Ebrahimi struct mbedtls_test_mock_socket *peer; 151*62c56f98SSadaf Ebrahimi } mbedtls_test_mock_socket; 152*62c56f98SSadaf Ebrahimi 153*62c56f98SSadaf Ebrahimi /* Errors used in the message socket mocks */ 154*62c56f98SSadaf Ebrahimi 155*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 156*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_ERROR_SEND_FAILED -66 157*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_ERROR_RECV_FAILED -77 158*62c56f98SSadaf Ebrahimi 159*62c56f98SSadaf Ebrahimi /* 160*62c56f98SSadaf Ebrahimi * Structure used as an addon, or a wrapper, around the mocked sockets. 161*62c56f98SSadaf Ebrahimi * Contains an input queue, to which the other socket pushes metadata, 162*62c56f98SSadaf Ebrahimi * and an output queue, to which this one pushes metadata. This context is 163*62c56f98SSadaf Ebrahimi * considered as an owner of the input queue only, which is initialized and 164*62c56f98SSadaf Ebrahimi * freed in the respective setup and free calls. 165*62c56f98SSadaf Ebrahimi */ 166*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_message_socket_context { 167*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue_input; 168*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue_output; 169*62c56f98SSadaf Ebrahimi mbedtls_test_mock_socket *socket; 170*62c56f98SSadaf Ebrahimi } mbedtls_test_message_socket_context; 171*62c56f98SSadaf Ebrahimi 172*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 173*62c56f98SSadaf Ebrahimi 174*62c56f98SSadaf Ebrahimi /* 175*62c56f98SSadaf Ebrahimi * Structure with endpoint's certificates for SSL communication tests. 176*62c56f98SSadaf Ebrahimi */ 177*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_ssl_endpoint_certificate { 178*62c56f98SSadaf Ebrahimi mbedtls_x509_crt *ca_cert; 179*62c56f98SSadaf Ebrahimi mbedtls_x509_crt *cert; 180*62c56f98SSadaf Ebrahimi mbedtls_pk_context *pkey; 181*62c56f98SSadaf Ebrahimi } mbedtls_test_ssl_endpoint_certificate; 182*62c56f98SSadaf Ebrahimi 183*62c56f98SSadaf Ebrahimi /* 184*62c56f98SSadaf Ebrahimi * Endpoint structure for SSL communication tests. 185*62c56f98SSadaf Ebrahimi */ 186*62c56f98SSadaf Ebrahimi typedef struct mbedtls_test_ssl_endpoint { 187*62c56f98SSadaf Ebrahimi const char *name; 188*62c56f98SSadaf Ebrahimi mbedtls_ssl_context ssl; 189*62c56f98SSadaf Ebrahimi mbedtls_ssl_config conf; 190*62c56f98SSadaf Ebrahimi mbedtls_test_mock_socket socket; 191*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_endpoint_certificate cert; 192*62c56f98SSadaf Ebrahimi } mbedtls_test_ssl_endpoint; 193*62c56f98SSadaf Ebrahimi 194*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 195*62c56f98SSadaf Ebrahimi 196*62c56f98SSadaf Ebrahimi /* 197*62c56f98SSadaf Ebrahimi * This function can be passed to mbedtls to receive output logs from it. In 198*62c56f98SSadaf Ebrahimi * this case, it will count the instances of a mbedtls_test_ssl_log_pattern 199*62c56f98SSadaf Ebrahimi * in the received logged messages. 200*62c56f98SSadaf Ebrahimi */ 201*62c56f98SSadaf Ebrahimi void mbedtls_test_ssl_log_analyzer(void *ctx, int level, 202*62c56f98SSadaf Ebrahimi const char *file, int line, 203*62c56f98SSadaf Ebrahimi const char *str); 204*62c56f98SSadaf Ebrahimi 205*62c56f98SSadaf Ebrahimi void mbedtls_test_init_handshake_options( 206*62c56f98SSadaf Ebrahimi mbedtls_test_handshake_test_options *opts); 207*62c56f98SSadaf Ebrahimi 208*62c56f98SSadaf Ebrahimi void mbedtls_test_free_handshake_options( 209*62c56f98SSadaf Ebrahimi mbedtls_test_handshake_test_options *opts); 210*62c56f98SSadaf Ebrahimi 211*62c56f98SSadaf Ebrahimi /* 212*62c56f98SSadaf Ebrahimi * Initialises \p buf. After calling this function it is safe to call 213*62c56f98SSadaf Ebrahimi * `mbedtls_test_ssl_buffer_free()` on \p buf. 214*62c56f98SSadaf Ebrahimi */ 215*62c56f98SSadaf Ebrahimi void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); 216*62c56f98SSadaf Ebrahimi 217*62c56f98SSadaf Ebrahimi /* 218*62c56f98SSadaf Ebrahimi * Sets up \p buf. After calling this function it is safe to call 219*62c56f98SSadaf Ebrahimi * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` 220*62c56f98SSadaf Ebrahimi * on \p buf. 221*62c56f98SSadaf Ebrahimi */ 222*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, 223*62c56f98SSadaf Ebrahimi size_t capacity); 224*62c56f98SSadaf Ebrahimi 225*62c56f98SSadaf Ebrahimi void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); 226*62c56f98SSadaf Ebrahimi 227*62c56f98SSadaf Ebrahimi /* 228*62c56f98SSadaf Ebrahimi * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. 229*62c56f98SSadaf Ebrahimi * 230*62c56f98SSadaf Ebrahimi * \p buf must have been initialized and set up by calling 231*62c56f98SSadaf Ebrahimi * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. 232*62c56f98SSadaf Ebrahimi * 233*62c56f98SSadaf Ebrahimi * \retval \p input_len, if the data fits. 234*62c56f98SSadaf Ebrahimi * \retval 0 <= value < \p input_len, if the data does not fit. 235*62c56f98SSadaf Ebrahimi * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not 236*62c56f98SSadaf Ebrahimi * zero and \p input is NULL. 237*62c56f98SSadaf Ebrahimi */ 238*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, 239*62c56f98SSadaf Ebrahimi const unsigned char *input, size_t input_len); 240*62c56f98SSadaf Ebrahimi 241*62c56f98SSadaf Ebrahimi /* 242*62c56f98SSadaf Ebrahimi * Gets \p output_len bytes from the ring buffer \p buf into the 243*62c56f98SSadaf Ebrahimi * \p output buffer. The output buffer can be NULL, in this case a part of the 244*62c56f98SSadaf Ebrahimi * ring buffer will be dropped, if the requested length is available. 245*62c56f98SSadaf Ebrahimi * 246*62c56f98SSadaf Ebrahimi * \p buf must have been initialized and set up by calling 247*62c56f98SSadaf Ebrahimi * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. 248*62c56f98SSadaf Ebrahimi * 249*62c56f98SSadaf Ebrahimi * \retval \p output_len, if the data is available. 250*62c56f98SSadaf Ebrahimi * \retval 0 <= value < \p output_len, if the data is not available. 251*62c56f98SSadaf Ebrahimi * \retval -1, if \buf is NULL or it hasn't been set up. 252*62c56f98SSadaf Ebrahimi */ 253*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, 254*62c56f98SSadaf Ebrahimi unsigned char *output, size_t output_len); 255*62c56f98SSadaf Ebrahimi 256*62c56f98SSadaf Ebrahimi /* 257*62c56f98SSadaf Ebrahimi * Errors used in the message transport mock tests 258*62c56f98SSadaf Ebrahimi */ 259*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_ERROR_ARG_NULL -11 260*62c56f98SSadaf Ebrahimi #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 261*62c56f98SSadaf Ebrahimi 262*62c56f98SSadaf Ebrahimi /* 263*62c56f98SSadaf Ebrahimi * Setup and free functions for the message metadata queue. 264*62c56f98SSadaf Ebrahimi * 265*62c56f98SSadaf Ebrahimi * \p capacity describes the number of message metadata chunks that can be held 266*62c56f98SSadaf Ebrahimi * within the queue. 267*62c56f98SSadaf Ebrahimi * 268*62c56f98SSadaf Ebrahimi * \retval 0, if a metadata queue of a given length can be allocated. 269*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. 270*62c56f98SSadaf Ebrahimi */ 271*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_message_queue_setup( 272*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue, size_t capacity); 273*62c56f98SSadaf Ebrahimi 274*62c56f98SSadaf Ebrahimi void mbedtls_test_ssl_message_queue_free( 275*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue); 276*62c56f98SSadaf Ebrahimi 277*62c56f98SSadaf Ebrahimi /* 278*62c56f98SSadaf Ebrahimi * Push message length information onto the message metadata queue. 279*62c56f98SSadaf Ebrahimi * This will become the last element to leave it (fifo). 280*62c56f98SSadaf Ebrahimi * 281*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. 282*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. 283*62c56f98SSadaf Ebrahimi * \retval \p len, if the push was successful. 284*62c56f98SSadaf Ebrahimi */ 285*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_message_queue_push_info( 286*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue, size_t len); 287*62c56f98SSadaf Ebrahimi 288*62c56f98SSadaf Ebrahimi /* 289*62c56f98SSadaf Ebrahimi * Pop information about the next message length from the queue. This will be 290*62c56f98SSadaf Ebrahimi * the oldest inserted message length(fifo). \p msg_len can be null, in which 291*62c56f98SSadaf Ebrahimi * case the data will be popped from the queue but not copied anywhere. 292*62c56f98SSadaf Ebrahimi * 293*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. 294*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. 295*62c56f98SSadaf Ebrahimi * \retval message length, if the pop was successful, up to the given 296*62c56f98SSadaf Ebrahimi \p buf_len. 297*62c56f98SSadaf Ebrahimi */ 298*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_message_queue_pop_info( 299*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue, size_t buf_len); 300*62c56f98SSadaf Ebrahimi 301*62c56f98SSadaf Ebrahimi /* 302*62c56f98SSadaf Ebrahimi * Setup and teardown functions for mock sockets. 303*62c56f98SSadaf Ebrahimi */ 304*62c56f98SSadaf Ebrahimi void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); 305*62c56f98SSadaf Ebrahimi 306*62c56f98SSadaf Ebrahimi /* 307*62c56f98SSadaf Ebrahimi * Closes the socket \p socket. 308*62c56f98SSadaf Ebrahimi * 309*62c56f98SSadaf Ebrahimi * \p socket must have been previously initialized by calling 310*62c56f98SSadaf Ebrahimi * mbedtls_test_mock_socket_init(). 311*62c56f98SSadaf Ebrahimi * 312*62c56f98SSadaf Ebrahimi * This function frees all allocated resources and both sockets are aware of the 313*62c56f98SSadaf Ebrahimi * new connection state. 314*62c56f98SSadaf Ebrahimi * 315*62c56f98SSadaf Ebrahimi * That is, this function does not simulate half-open TCP connections and the 316*62c56f98SSadaf Ebrahimi * phenomenon that when closing a UDP connection the peer is not aware of the 317*62c56f98SSadaf Ebrahimi * connection having been closed. 318*62c56f98SSadaf Ebrahimi */ 319*62c56f98SSadaf Ebrahimi void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); 320*62c56f98SSadaf Ebrahimi 321*62c56f98SSadaf Ebrahimi /* 322*62c56f98SSadaf Ebrahimi * Establishes a connection between \p peer1 and \p peer2. 323*62c56f98SSadaf Ebrahimi * 324*62c56f98SSadaf Ebrahimi * \p peer1 and \p peer2 must have been previously initialized by calling 325*62c56f98SSadaf Ebrahimi * mbedtls_test_mock_socket_init(). 326*62c56f98SSadaf Ebrahimi * 327*62c56f98SSadaf Ebrahimi * The capacities of the internal buffers are set to \p bufsize. Setting this to 328*62c56f98SSadaf Ebrahimi * the correct value allows for simulation of MTU, sanity testing the mock 329*62c56f98SSadaf Ebrahimi * implementation and mocking TCP connections with lower memory cost. 330*62c56f98SSadaf Ebrahimi */ 331*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, 332*62c56f98SSadaf Ebrahimi mbedtls_test_mock_socket *peer2, 333*62c56f98SSadaf Ebrahimi size_t bufsize); 334*62c56f98SSadaf Ebrahimi 335*62c56f98SSadaf Ebrahimi 336*62c56f98SSadaf Ebrahimi /* 337*62c56f98SSadaf Ebrahimi * Callbacks for simulating blocking I/O over connection-oriented transport. 338*62c56f98SSadaf Ebrahimi */ 339*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_tcp_send_b(void *ctx, 340*62c56f98SSadaf Ebrahimi const unsigned char *buf, size_t len); 341*62c56f98SSadaf Ebrahimi 342*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); 343*62c56f98SSadaf Ebrahimi 344*62c56f98SSadaf Ebrahimi /* 345*62c56f98SSadaf Ebrahimi * Callbacks for simulating non-blocking I/O over connection-oriented transport. 346*62c56f98SSadaf Ebrahimi */ 347*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_tcp_send_nb(void *ctx, 348*62c56f98SSadaf Ebrahimi const unsigned char *buf, size_t len); 349*62c56f98SSadaf Ebrahimi 350*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); 351*62c56f98SSadaf Ebrahimi 352*62c56f98SSadaf Ebrahimi void mbedtls_test_message_socket_init( 353*62c56f98SSadaf Ebrahimi mbedtls_test_message_socket_context *ctx); 354*62c56f98SSadaf Ebrahimi 355*62c56f98SSadaf Ebrahimi /* 356*62c56f98SSadaf Ebrahimi * Setup a given message socket context including initialization of 357*62c56f98SSadaf Ebrahimi * input/output queues to a chosen capacity of messages. Also set the 358*62c56f98SSadaf Ebrahimi * corresponding mock socket. 359*62c56f98SSadaf Ebrahimi * 360*62c56f98SSadaf Ebrahimi * \retval 0, if everything succeeds. 361*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message 362*62c56f98SSadaf Ebrahimi * queue failed. 363*62c56f98SSadaf Ebrahimi */ 364*62c56f98SSadaf Ebrahimi int mbedtls_test_message_socket_setup( 365*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue_input, 366*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *queue_output, 367*62c56f98SSadaf Ebrahimi size_t queue_capacity, 368*62c56f98SSadaf Ebrahimi mbedtls_test_mock_socket *socket, 369*62c56f98SSadaf Ebrahimi mbedtls_test_message_socket_context *ctx); 370*62c56f98SSadaf Ebrahimi 371*62c56f98SSadaf Ebrahimi /* 372*62c56f98SSadaf Ebrahimi * Close a given message socket context, along with the socket itself. Free the 373*62c56f98SSadaf Ebrahimi * memory allocated by the input queue. 374*62c56f98SSadaf Ebrahimi */ 375*62c56f98SSadaf Ebrahimi void mbedtls_test_message_socket_close( 376*62c56f98SSadaf Ebrahimi mbedtls_test_message_socket_context *ctx); 377*62c56f98SSadaf Ebrahimi 378*62c56f98SSadaf Ebrahimi /* 379*62c56f98SSadaf Ebrahimi * Send one message through a given message socket context. 380*62c56f98SSadaf Ebrahimi * 381*62c56f98SSadaf Ebrahimi * \retval \p len, if everything succeeds. 382*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context 383*62c56f98SSadaf Ebrahimi * elements or the context itself is null. 384*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if 385*62c56f98SSadaf Ebrahimi * mbedtls_test_mock_tcp_send_b failed. 386*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. 387*62c56f98SSadaf Ebrahimi * 388*62c56f98SSadaf Ebrahimi * This function will also return any error from 389*62c56f98SSadaf Ebrahimi * mbedtls_test_ssl_message_queue_push_info. 390*62c56f98SSadaf Ebrahimi */ 391*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_tcp_send_msg(void *ctx, 392*62c56f98SSadaf Ebrahimi const unsigned char *buf, size_t len); 393*62c56f98SSadaf Ebrahimi 394*62c56f98SSadaf Ebrahimi /* 395*62c56f98SSadaf Ebrahimi * Receive one message from a given message socket context and return message 396*62c56f98SSadaf Ebrahimi * length or an error. 397*62c56f98SSadaf Ebrahimi * 398*62c56f98SSadaf Ebrahimi * \retval message length, if everything succeeds. 399*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context 400*62c56f98SSadaf Ebrahimi * elements or the context itself is null. 401*62c56f98SSadaf Ebrahimi * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if 402*62c56f98SSadaf Ebrahimi * mbedtls_test_mock_tcp_recv_b failed. 403*62c56f98SSadaf Ebrahimi * 404*62c56f98SSadaf Ebrahimi * This function will also return any error other than 405*62c56f98SSadaf Ebrahimi * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. 406*62c56f98SSadaf Ebrahimi */ 407*62c56f98SSadaf Ebrahimi int mbedtls_test_mock_tcp_recv_msg(void *ctx, 408*62c56f98SSadaf Ebrahimi unsigned char *buf, size_t buf_len); 409*62c56f98SSadaf Ebrahimi 410*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 411*62c56f98SSadaf Ebrahimi 412*62c56f98SSadaf Ebrahimi /* 413*62c56f98SSadaf Ebrahimi * Initializes \p ep_cert structure and assigns it to endpoint 414*62c56f98SSadaf Ebrahimi * represented by \p ep. 415*62c56f98SSadaf Ebrahimi * 416*62c56f98SSadaf Ebrahimi * \retval 0 on success, otherwise error code. 417*62c56f98SSadaf Ebrahimi */ 418*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, 419*62c56f98SSadaf Ebrahimi int pk_alg, 420*62c56f98SSadaf Ebrahimi int opaque_alg, int opaque_alg2, 421*62c56f98SSadaf Ebrahimi int opaque_usage); 422*62c56f98SSadaf Ebrahimi 423*62c56f98SSadaf Ebrahimi /* 424*62c56f98SSadaf Ebrahimi * Initializes \p ep structure. It is important to call 425*62c56f98SSadaf Ebrahimi * `mbedtls_test_ssl_endpoint_free()` after calling this function 426*62c56f98SSadaf Ebrahimi * even if it fails. 427*62c56f98SSadaf Ebrahimi * 428*62c56f98SSadaf Ebrahimi * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or 429*62c56f98SSadaf Ebrahimi * MBEDTLS_SSL_IS_CLIENT. 430*62c56f98SSadaf Ebrahimi * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and 431*62c56f98SSadaf Ebrahimi * MBEDTLS_PK_ECDSA are supported. 432*62c56f98SSadaf Ebrahimi * \p dtls_context - in case of DTLS - this is the context handling metadata. 433*62c56f98SSadaf Ebrahimi * \p input_queue - used only in case of DTLS. 434*62c56f98SSadaf Ebrahimi * \p output_queue - used only in case of DTLS. 435*62c56f98SSadaf Ebrahimi * 436*62c56f98SSadaf Ebrahimi * \retval 0 on success, otherwise error code. 437*62c56f98SSadaf Ebrahimi */ 438*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_endpoint_init( 439*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_endpoint *ep, int endpoint_type, 440*62c56f98SSadaf Ebrahimi mbedtls_test_handshake_test_options *options, 441*62c56f98SSadaf Ebrahimi mbedtls_test_message_socket_context *dtls_context, 442*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *input_queue, 443*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_message_queue *output_queue, 444*62c56f98SSadaf Ebrahimi uint16_t *group_list); 445*62c56f98SSadaf Ebrahimi 446*62c56f98SSadaf Ebrahimi /* 447*62c56f98SSadaf Ebrahimi * Deinitializes endpoint represented by \p ep. 448*62c56f98SSadaf Ebrahimi */ 449*62c56f98SSadaf Ebrahimi void mbedtls_test_ssl_endpoint_free( 450*62c56f98SSadaf Ebrahimi mbedtls_test_ssl_endpoint *ep, 451*62c56f98SSadaf Ebrahimi mbedtls_test_message_socket_context *context); 452*62c56f98SSadaf Ebrahimi 453*62c56f98SSadaf Ebrahimi /* 454*62c56f98SSadaf Ebrahimi * This function moves ssl handshake from \p ssl to prescribed \p state. 455*62c56f98SSadaf Ebrahimi * /p second_ssl is used as second endpoint and their sockets have to be 456*62c56f98SSadaf Ebrahimi * connected before calling this function. 457*62c56f98SSadaf Ebrahimi * 458*62c56f98SSadaf Ebrahimi * \retval 0 on success, otherwise error code. 459*62c56f98SSadaf Ebrahimi */ 460*62c56f98SSadaf Ebrahimi int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, 461*62c56f98SSadaf Ebrahimi mbedtls_ssl_context *second_ssl, 462*62c56f98SSadaf Ebrahimi int state); 463*62c56f98SSadaf Ebrahimi 464*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 465*62c56f98SSadaf Ebrahimi 466*62c56f98SSadaf Ebrahimi /* 467*62c56f98SSadaf Ebrahimi * Helper function setting up inverse record transformations 468*62c56f98SSadaf Ebrahimi * using given cipher, hash, EtM mode, authentication tag length, 469*62c56f98SSadaf Ebrahimi * and version. 470*62c56f98SSadaf Ebrahimi */ 471*62c56f98SSadaf Ebrahimi #define CHK(x) \ 472*62c56f98SSadaf Ebrahimi do \ 473*62c56f98SSadaf Ebrahimi { \ 474*62c56f98SSadaf Ebrahimi if (!(x)) \ 475*62c56f98SSadaf Ebrahimi { \ 476*62c56f98SSadaf Ebrahimi ret = -1; \ 477*62c56f98SSadaf Ebrahimi goto cleanup; \ 478*62c56f98SSadaf Ebrahimi } \ 479*62c56f98SSadaf Ebrahimi } while (0) 480*62c56f98SSadaf Ebrahimi 481*62c56f98SSadaf Ebrahimi #if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX 482*62c56f98SSadaf Ebrahimi #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX 483*62c56f98SSadaf Ebrahimi #else 484*62c56f98SSadaf Ebrahimi #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX 485*62c56f98SSadaf Ebrahimi #endif 486*62c56f98SSadaf Ebrahimi 487*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 488*62c56f98SSadaf Ebrahimi defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) 489*62c56f98SSadaf Ebrahimi int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, 490*62c56f98SSadaf Ebrahimi const unsigned char *iv, 491*62c56f98SSadaf Ebrahimi size_t iv_len, 492*62c56f98SSadaf Ebrahimi const unsigned char *input, 493*62c56f98SSadaf Ebrahimi size_t ilen, 494*62c56f98SSadaf Ebrahimi unsigned char *output, 495*62c56f98SSadaf Ebrahimi size_t *olen); 496*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && 497*62c56f98SSadaf Ebrahimi MBEDTLS_AES_C */ 498*62c56f98SSadaf Ebrahimi 499*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, 500*62c56f98SSadaf Ebrahimi mbedtls_ssl_transform *t_out, 501*62c56f98SSadaf Ebrahimi int cipher_type, int hash_id, 502*62c56f98SSadaf Ebrahimi int etm, int tag_mode, 503*62c56f98SSadaf Ebrahimi mbedtls_ssl_protocol_version tls_version, 504*62c56f98SSadaf Ebrahimi size_t cid0_len, 505*62c56f98SSadaf Ebrahimi size_t cid1_len); 506*62c56f98SSadaf Ebrahimi 507*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 508*62c56f98SSadaf Ebrahimi /** 509*62c56f98SSadaf Ebrahimi * \param[in,out] record The record to prepare. 510*62c56f98SSadaf Ebrahimi * It must contain the data to MAC at offset 511*62c56f98SSadaf Ebrahimi * `record->data_offset`, of length 512*62c56f98SSadaf Ebrahimi * `record->data_length`. 513*62c56f98SSadaf Ebrahimi * On success, write the MAC immediately 514*62c56f98SSadaf Ebrahimi * after the data and increment 515*62c56f98SSadaf Ebrahimi * `record->data_length` accordingly. 516*62c56f98SSadaf Ebrahimi * \param[in,out] transform_out The out transform, typically prepared by 517*62c56f98SSadaf Ebrahimi * mbedtls_test_ssl_build_transforms(). 518*62c56f98SSadaf Ebrahimi * Its HMAC context may be used. Other than that 519*62c56f98SSadaf Ebrahimi * it is treated as an input parameter. 520*62c56f98SSadaf Ebrahimi * 521*62c56f98SSadaf Ebrahimi * \return 0 on success, an `MBEDTLS_ERR_xxx` error code 522*62c56f98SSadaf Ebrahimi * or -1 on error. 523*62c56f98SSadaf Ebrahimi */ 524*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, 525*62c56f98SSadaf Ebrahimi mbedtls_ssl_transform *transform_out); 526*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ 527*62c56f98SSadaf Ebrahimi 528*62c56f98SSadaf Ebrahimi /* 529*62c56f98SSadaf Ebrahimi * Populate a session structure for serialization tests. 530*62c56f98SSadaf Ebrahimi * Choose dummy values, mostly non-0 to distinguish from the init default. 531*62c56f98SSadaf Ebrahimi */ 532*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, 533*62c56f98SSadaf Ebrahimi int ticket_len, 534*62c56f98SSadaf Ebrahimi const char *crt_file); 535*62c56f98SSadaf Ebrahimi 536*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 537*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, 538*62c56f98SSadaf Ebrahimi int ticket_len, 539*62c56f98SSadaf Ebrahimi int endpoint_type); 540*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 541*62c56f98SSadaf Ebrahimi 542*62c56f98SSadaf Ebrahimi /* 543*62c56f98SSadaf Ebrahimi * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the 544*62c56f98SSadaf Ebrahimi * message was sent in the correct number of fragments. 545*62c56f98SSadaf Ebrahimi * 546*62c56f98SSadaf Ebrahimi * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both 547*62c56f98SSadaf Ebrahimi * of them must be initialized and connected 548*62c56f98SSadaf Ebrahimi * beforehand. 549*62c56f98SSadaf Ebrahimi * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. 550*62c56f98SSadaf Ebrahimi * /p expected_fragments_1 and /p expected_fragments_2 determine in how many 551*62c56f98SSadaf Ebrahimi * fragments the message should be sent. 552*62c56f98SSadaf Ebrahimi * expected_fragments is 0: can be used for DTLS testing while the message 553*62c56f98SSadaf Ebrahimi * size is larger than MFL. In that case the message 554*62c56f98SSadaf Ebrahimi * cannot be fragmented and sent to the second 555*62c56f98SSadaf Ebrahimi * endpoint. 556*62c56f98SSadaf Ebrahimi * This value can be used for negative tests. 557*62c56f98SSadaf Ebrahimi * expected_fragments is 1: can be used for TLS/DTLS testing while the 558*62c56f98SSadaf Ebrahimi * message size is below MFL 559*62c56f98SSadaf Ebrahimi * expected_fragments > 1: can be used for TLS testing while the message 560*62c56f98SSadaf Ebrahimi * size is larger than MFL 561*62c56f98SSadaf Ebrahimi * 562*62c56f98SSadaf Ebrahimi * \retval 0 on success, otherwise error code. 563*62c56f98SSadaf Ebrahimi */ 564*62c56f98SSadaf Ebrahimi int mbedtls_test_ssl_exchange_data( 565*62c56f98SSadaf Ebrahimi mbedtls_ssl_context *ssl_1, 566*62c56f98SSadaf Ebrahimi int msg_len_1, const int expected_fragments_1, 567*62c56f98SSadaf Ebrahimi mbedtls_ssl_context *ssl_2, 568*62c56f98SSadaf Ebrahimi int msg_len_2, const int expected_fragments_2); 569*62c56f98SSadaf Ebrahimi 570*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 571*62c56f98SSadaf Ebrahimi void mbedtls_test_ssl_perform_handshake( 572*62c56f98SSadaf Ebrahimi mbedtls_test_handshake_test_options *options); 573*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 574*62c56f98SSadaf Ebrahimi 575*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_TEST_HOOKS) 576*62c56f98SSadaf Ebrahimi /* 577*62c56f98SSadaf Ebrahimi * Tweak vector lengths in a TLS 1.3 Certificate message 578*62c56f98SSadaf Ebrahimi * 579*62c56f98SSadaf Ebrahimi * \param[in] buf Buffer containing the Certificate message to tweak 580*62c56f98SSadaf Ebrahimi * \param[in]]out] end End of the buffer to parse 581*62c56f98SSadaf Ebrahimi * \param tweak Tweak identifier (from 1 to the number of tweaks). 582*62c56f98SSadaf Ebrahimi * \param[out] expected_result Error code expected from the parsing function 583*62c56f98SSadaf Ebrahimi * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that 584*62c56f98SSadaf Ebrahimi * is expected to fail. All zeroes if no 585*62c56f98SSadaf Ebrahimi * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. 586*62c56f98SSadaf Ebrahimi */ 587*62c56f98SSadaf Ebrahimi int mbedtls_test_tweak_tls13_certificate_msg_vector_len( 588*62c56f98SSadaf Ebrahimi unsigned char *buf, unsigned char **end, int tweak, 589*62c56f98SSadaf Ebrahimi int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); 590*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_TEST_HOOKS */ 591*62c56f98SSadaf Ebrahimi 592*62c56f98SSadaf Ebrahimi #define ECJPAKE_TEST_PWD "bla" 593*62c56f98SSadaf Ebrahimi 594*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_USE_PSA_CRYPTO) 595*62c56f98SSadaf Ebrahimi #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ 596*62c56f98SSadaf Ebrahimi ret = (use_opaque_arg) ? \ 597*62c56f98SSadaf Ebrahimi mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ 598*62c56f98SSadaf Ebrahimi mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ 599*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, exp_ret_val) 600*62c56f98SSadaf Ebrahimi #else 601*62c56f98SSadaf Ebrahimi #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ 602*62c56f98SSadaf Ebrahimi ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ 603*62c56f98SSadaf Ebrahimi pwd_string, pwd_len); \ 604*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, exp_ret_val) 605*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_USE_PSA_CRYPTO */ 606*62c56f98SSadaf Ebrahimi 607*62c56f98SSadaf Ebrahimi #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ 608*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ 609*62c56f98SSadaf Ebrahimi group_id_); \ 610*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ 611*62c56f98SSadaf Ebrahimi tls_id_); \ 612*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ 613*62c56f98SSadaf Ebrahimi &psa_type, &psa_bits), PSA_SUCCESS); \ 614*62c56f98SSadaf Ebrahimi TEST_EQUAL(psa_family_, PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type)); \ 615*62c56f98SSadaf Ebrahimi TEST_EQUAL(psa_bits_, psa_bits); 616*62c56f98SSadaf Ebrahimi 617*62c56f98SSadaf Ebrahimi #define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ 618*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ 619*62c56f98SSadaf Ebrahimi MBEDTLS_ECP_DP_NONE); \ 620*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ 621*62c56f98SSadaf Ebrahimi 0); \ 622*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ 623*62c56f98SSadaf Ebrahimi &psa_type, &psa_bits), \ 624*62c56f98SSadaf Ebrahimi PSA_ERROR_NOT_SUPPORTED); 625*62c56f98SSadaf Ebrahimi 626*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_SSL_TLS_C */ 627*62c56f98SSadaf Ebrahimi 628*62c56f98SSadaf Ebrahimi #endif /* SSL_HELPERS_H */ 629