lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Add I/O buffer resizing in handshake init and free

Browse Source 
Add a conditional buffer resizing feature. Introduce tests exercising
it in various setups (serialization, renegotiation, mfl manipulations).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
2020-03-03 10:39:58 -05:00
parent aad82f9bbb
commit 0afa2a1b65
4 changed files with 309 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
tests/suites/test_suite_ssl.data
View File

@ -368,6 +368,54 @@ renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS renegotiation: legacy break handshake
renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS serialization with MFL=512
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512
DTLS serialization with MFL=1024
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024
DTLS serialization with MFL=2048
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048
DTLS serialization with MFL=4096
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
DTLS no legacy renegotiation with MFL=512
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS no legacy renegotiation with MFL=1024
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS no legacy renegotiation with MFL=2048
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS no legacy renegotiation with MFL=4096
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=512
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=1024
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=2048
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=4096
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy break handshake renegotiation with MFL=512
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS legacy break handshake renegotiation with MFL=1024
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS legacy break handshake renegotiation with MFL=2048
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS legacy break handshake renegotiation with MFL=4096
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0

119
tests/suites/test_suite_ssl.function
View File

@ -55,6 +55,7 @@ typedef struct handshake_test_options
void *cli_log_obj;
void (*srv_log_fun)(void *, int, const char *, int, const char *);
void (*cli_log_fun)(void *, int, const char *, int, const char *);
int resize_buffers;
} handshake_test_options;
void init_handshake_options( handshake_test_options *opts )
@ -77,6 +78,7 @@ void init_handshake_options( handshake_test_options *opts )
opts->srv_log_obj = NULL;
opts->srv_log_fun = NULL;
opts->cli_log_fun = NULL;
opts->resize_buffers = 1;
}
/*
* Buffer structure for custom I/O callbacks.
@ -1767,6 +1769,17 @@ void perform_handshake( handshake_test_options* options )
&(server.socket),
BUFFSIZE ) == 0 );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Ensure that the buffer sizes are appropriate before resizes */
TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
}
#endif
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
@ -1774,6 +1787,31 @@ void perform_handshake( handshake_test_options* options )
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Note - the case below will have to updated, since due to a 1n-1
* split against BEAST the fragment count is different
* than expected when preparing the fragment counting code. */
if( options->version != MBEDTLS_SSL_MINOR_VERSION_0 &&
options->version != MBEDTLS_SSL_MINOR_VERSION_1 )
{
/* A server, when using DTLS, might delay a buffer resize to happen
* after it receives a message, so we force it. */
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( client.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &client.ssl ) );
TEST_ASSERT( client.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &client.ssl ) );
TEST_ASSERT( server.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &server.ssl ) );
TEST_ASSERT( server.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &server.ssl ) );
}
}
#endif
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
/* Start data exchanging test */
@ -1813,10 +1851,28 @@ void perform_handshake( handshake_test_options* options )
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Ensure that the buffer sizes are appropriate before resizes */
TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
}
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* Validate buffer sizes after context deserialization */
if( options->resize_buffers != 0 )
{
TEST_ASSERT( server.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &server.ssl ) );
TEST_ASSERT( server.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &server.ssl ) );
}
#endif
/* Retest writing/reading */
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
@ -1830,6 +1886,7 @@ void perform_handshake( handshake_test_options* options )
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
@ -1859,6 +1916,14 @@ void perform_handshake( handshake_test_options* options )
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Ensure that the buffer sizes are appropriate before resizes */
TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
}
#endif
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
@ -1872,6 +1937,20 @@ void perform_handshake( handshake_test_options* options )
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* Validate buffer sizes after renegotiation */
if( options->resize_buffers != 0 )
{
TEST_ASSERT( client.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &client.ssl ) );
TEST_ASSERT( client.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &client.ssl ) );
TEST_ASSERT( server.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &server.ssl ) );
TEST_ASSERT( server.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &server.ssl ) );
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@ -3797,3 +3876,43 @@ void renegotiation( int legacy_renegotiation )
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls )
{
handshake_test_options options;
init_handshake_options( &options );
options.mfl = mfl;
options.renegotiate = renegotiation;
options.legacy_renegotiation = legacy_renegotiation;
options.serialize = serialize;
options.dtls = dtls;
options.resize_buffers = 1;
perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
void resize_buffers_serialize_mfl( int mfl )
{
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation )
{
test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */