mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-07 06:42:56 +03:00
Cleanup ticket negative tests.
- improve comments - case 3/4 is for server age check. - case 5/6 is for client age check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
@@ -1416,44 +1416,45 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||||||
|
|
||||||
switch (opt.dummy_ticket % 11) {
|
switch (opt.dummy_ticket % 11) {
|
||||||
case 1:
|
case 1:
|
||||||
/* Callback function return INVALID_MAC */
|
|
||||||
return MBEDTLS_ERR_SSL_INVALID_MAC;
|
return MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||||
case 2:
|
case 2:
|
||||||
/* Callback function return ticket expired */
|
|
||||||
return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
|
return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
case 3:
|
case 3:
|
||||||
/* Built-in check, the start time is in future. */
|
/* Creation time in the future. */
|
||||||
session->ticket_creation = mbedtls_ms_time() + 10 * 1000;
|
session->ticket_creation = mbedtls_ms_time() +
|
||||||
|
MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE +
|
||||||
|
4 * 1000;
|
||||||
break;
|
break;
|
||||||
case 4:
|
case 4:
|
||||||
/* Built-in check, ticket expired due to too old. */
|
/* Ticket reaches the end of lifetime. */
|
||||||
session->ticket_creation = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000;
|
session->ticket_creation = mbedtls_ms_time() - session->ticket_lifetime -
|
||||||
|
MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - 4 * 1000;
|
||||||
break;
|
break;
|
||||||
case 5:
|
case 5:
|
||||||
/* Built-in check, age outside tolerance window, too young. */
|
/* Ticket is valid, but client age is beyond the upper bound of tolerance window. */
|
||||||
session->ticket_creation = mbedtls_ms_time() - 10 * 1000;
|
|
||||||
|
session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;
|
||||||
|
/* Make sure the execution time does not affect the result */
|
||||||
|
session->ticket_creation = mbedtls_ms_time();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 6:
|
case 6:
|
||||||
/* Built-in check, age outside tolerance window, too old. */
|
/* Ticket is valid, but client age is beyond the lower bound of tolerance window. */
|
||||||
|
session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;
|
||||||
|
/* Make sure the execution time does not affect the result */
|
||||||
session->ticket_creation = mbedtls_ms_time();
|
session->ticket_creation = mbedtls_ms_time();
|
||||||
session->ticket_age_add -= 1000;
|
|
||||||
break;
|
break;
|
||||||
case 7:
|
case 7:
|
||||||
/* Built-in check, ticket permission check. */
|
|
||||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
|
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
|
||||||
break;
|
break;
|
||||||
case 8:
|
case 8:
|
||||||
/* Built-in check, ticket permission check. */
|
|
||||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||||
break;
|
break;
|
||||||
case 9:
|
case 9:
|
||||||
/* Built-in check, ticket permission check. */
|
|
||||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||||
break;
|
break;
|
||||||
case 10:
|
case 10:
|
||||||
/* Built-in check, ticket permission check. */
|
|
||||||
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user