1 /* This test is to cover nx_secure_tls_process_serverhello.c. */
2
3 #include "tx_api.h"
4 #include "nx_api.h"
5 #include "nx_tcp.h"
6 #include "nx_crypto_rsa.h"
7 #include "nx_secure_tls_api.h"
8 #include "tls_test_utility.h"
9
10 extern void test_control_return(UINT status);
11
12 #if !defined(NX_SECURE_TLS_CLIENT_DISABLED) && !defined(NX_SECURE_TLS_SERVER_DISABLED) && !defined(NX_SECURE_DISABLE_X509)
13 #define __LINUX__
14
15 /* Define the ThreadX and NetX object control blocks... */
16
17 static TX_THREAD ntest_0;
18 static TX_THREAD ntest_1;
19
20 static NX_PACKET_POOL pool_0;
21 static NX_PACKET_POOL pool_1;
22 static NX_IP ip_0;
23 static NX_IP ip_1;
24 static NX_TCP_SOCKET client_socket;
25 static NX_TCP_SOCKET server_socket;
26 static NX_SECURE_TLS_SESSION client_tls_session;
27 static NX_SECURE_TLS_SESSION server_tls_session;
28
29 static NX_SECURE_X509_CERT certificate;
30 static NX_SECURE_X509_CERT ica_certificate;
31 static NX_SECURE_X509_CERT client_certificate;
32 static NX_SECURE_X509_CERT remote_certificate, remote_issuer;
33 static NX_SECURE_X509_CERT client_remote_certificate, client_remote_issuer;
34 static NX_SECURE_X509_CERT trusted_certificate;
35
36 static UCHAR remote_cert_buffer[2000];
37 static UCHAR remote_issuer_buffer[2000];
38 static UCHAR client_remote_cert_buffer[2000];
39 static UCHAR client_remote_issuer_buffer[2000];
40
41 static UCHAR server_packet_buffer[4000];
42 static UCHAR client_packet_buffer[4000];
43
44 static CHAR server_crypto_metadata[16000];
45 static CHAR client_crypto_metadata[16000];
46
47 /* Test PKI (3-level). */
48 #include "test_ca_cert.c"
49 #include "tls_two_test_certs.c"
50 #define ca_cert_der test_ca_cert_der
51 #define ca_cert_der_len test_ca_cert_der_len
52
53 /* Cryptographic routines. */
54 extern NX_SECURE_TLS_CRYPTO nx_crypto_tls_ciphers;
55 extern NX_SECURE_TLS_CIPHERSUITE_INFO _nx_crypto_ciphersuite_lookup_table[];
56
57 #define DEMO_STACK_SIZE 4096 // (3 * 1024 / sizeof(ULONG))
58
59 /* Define the IP thread's stack area. */
60 #define IP_STACK_SIZE 4096 //(2 * 1024 / sizeof(ULONG))
61
62 /* Define packet pool for the demonstration. */
63 #define NX_PACKET_POOL_BYTES ((1536 + sizeof(NX_PACKET)) * 20)
64 #define NX_PACKET_POOL_SIZE (NX_PACKET_POOL_BYTES/sizeof(ULONG) + 64 / sizeof(ULONG))
65
66 /* Define the ARP cache area. */
67 #define ARP_AREA_SIZE 1024 // (512 / sizeof(ULONG))
68
69 #define TOTAL_STACK_SPACE (2 * (DEMO_STACK_SIZE + IP_STACK_SIZE + NX_PACKET_POOL_SIZE + ARP_AREA_SIZE))
70
71 #ifndef __LINUX__
72 ULONG test_stack_area[TOTAL_STACK_SPACE + 2000];
73 #endif
74
75 static ULONG pool_area[2][NX_PACKET_POOL_SIZE];
76
77 /* Define thread prototypes. */
78
79 static void ntest_0_entry(ULONG thread_input);
80 static void ntest_1_entry(ULONG thread_input);
81 extern void _nx_ram_network_driver_1500(struct NX_IP_DRIVER_STRUCT *driver_req);
82
83 /* Define what the initial system looks like. */
84 #ifndef __LINUX__
tx_application_define(void * first_unused_memory)85 void tx_application_define(void *first_unused_memory)
86 #else
87 #ifdef CTEST
88 void test_application_define(void *first_unused_memory);
89 void test_application_define(void *first_unused_memory)
90 #else
91 void nx_secure_tls_serverhello_coverage_test_application_define(void *first_unused_memory)
92 #endif
93 #endif
94 {
95 CHAR *pointer;
96 UINT status;
97
98 /* Setup the working pointer. */
99 #ifndef __LINUX__
100 pointer = (CHAR*)test_stack_area;
101 #else
102 pointer = (CHAR *) first_unused_memory;
103 #endif
104
105 /* Create the main thread. */
106 tx_thread_create(&ntest_0, "thread 0", ntest_0_entry, 0,
107 pointer, DEMO_STACK_SIZE,
108 3, 3, TX_NO_TIME_SLICE, TX_AUTO_START);
109
110 pointer = pointer + DEMO_STACK_SIZE;
111
112 /* Create the main thread. */
113 tx_thread_create(&ntest_1, "thread 1", ntest_1_entry, 0,
114 pointer, DEMO_STACK_SIZE,
115 4, 4, TX_NO_TIME_SLICE, TX_AUTO_START);
116
117 pointer = pointer + DEMO_STACK_SIZE;
118
119 /* Initialize the NetX system. */
120 nx_system_initialize();
121
122 /* Create a packet pool. */
123 status = nx_packet_pool_create(&pool_0, "NetX Main Packet Pool", 1536, pool_area[0], sizeof(pool_area[0]));
124 EXPECT_EQ(NX_SUCCESS, status);
125
126 /* Create a packet pool. */
127 status = nx_packet_pool_create(&pool_1, "NetX Main Packet Pool", 1536, pool_area[1], sizeof(pool_area[1]));
128 EXPECT_EQ(NX_SUCCESS, status);
129
130 /* Create an IP instance. */
131 status = nx_ip_create(&ip_0, "NetX IP Instance 0", IP_ADDRESS(1, 2, 3, 4), 0xFFFFFF00UL, &pool_0, _nx_ram_network_driver_1500,
132 pointer, IP_STACK_SIZE, 1);
133 pointer = pointer + IP_STACK_SIZE;
134
135 /* Create another IP instance. */
136 status += nx_ip_create(&ip_1, "NetX IP Instance 1", IP_ADDRESS(1, 2, 3, 5), 0xFFFFFF00UL, &pool_1, _nx_ram_network_driver_1500,
137 pointer, IP_STACK_SIZE, 1);
138 pointer = pointer + IP_STACK_SIZE;
139 EXPECT_EQ(NX_SUCCESS, status);
140
141 /* Enable ARP and supply ARP cache memory for IP Instance 0. */
142 status = nx_arp_enable(&ip_0, (void *) pointer, ARP_AREA_SIZE);
143 pointer = pointer + ARP_AREA_SIZE;
144
145 /* Enable ARP and supply ARP cache memory for IP Instance 1. */
146 status += nx_arp_enable(&ip_1, (void *) pointer, ARP_AREA_SIZE);
147 pointer = pointer + ARP_AREA_SIZE;
148 EXPECT_EQ(NX_SUCCESS, status);
149
150 /* Enable TCP processing for both IP instances. */
151 status = nx_tcp_enable(&ip_0);
152 status += nx_tcp_enable(&ip_1);
153 EXPECT_EQ(NX_SUCCESS, status);
154
155 nx_secure_tls_initialize();
156 }
157
158 /* Define callbacks used by TLS. */
159 /* Include CRL associated with Verisign root CA (for AWS) for demo purposes. */
160 #include "test_ca.crl.der.c"
161
162 /* Test packets. */
163 /* Message size < 38. */
164 static UCHAR server_hello_test_1[] = {
165 0x03, 0x03, 0x2f, 0xda, 0xe5, 0x9b, 0x11,
166 0xdc, 0x13, 0x74, 0x31, 0xb5, 0x5d, 0xcf, 0x37, 0xe4, 0xb0, 0x5c, 0x06, 0x5c, 0x11, 0x74, 0xe1,
167 0x72, 0xfd, 0x7c, 0xd0, 0xce, 0x3f, 0x66, 0x54, 0x06, 0x4d, 0xa1, 0x00, 0xc0, 0x2c,
168 };
169
170 /* Invalid seesion_id length. */
171 static UCHAR server_hello_test_2[] = {
172 0x03, 0x03, 0x2f, 0xda, 0xe5, 0x9b, 0x11,
173 0xdc, 0x13, 0x74, 0x31, 0xb5, 0x5d, 0xcf, 0x37, 0xe4, 0xb0, 0x5c, 0x06, 0x5c, 0x11, 0x74, 0xe1,
174 0x72, 0xfd, 0x7c, 0xd0, 0xce, 0x3f, 0x66, 0x54, 0x06, 0x4d, 0xa1, 0x30, 0xf1, 0xf2, 0xc0, 0x2c, 0x00, 0x00,
175 0x15, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x23,
176 0x00, 0x00, 0x00, 0x17, 0x00, 0x00
177 };
178
179 /* Unknow ciphersuite. */
180 static UCHAR server_hello_test_3[] = {
181 0x03, 0x03, 0x2f, 0xda, 0xe5, 0x9b, 0x11,
182 0xdc, 0x13, 0x74, 0x31, 0xb5, 0x5d, 0xcf, 0x37, 0xe4, 0xb0, 0x5c, 0x06, 0x5c, 0x11, 0x74, 0xe1,
183 0x72, 0xfd, 0x7c, 0xd0, 0xce, 0x3f, 0x66, 0x54, 0x06, 0x4d, 0xa1, 0x02, 0xf1, 0xf2, 0xc0, 0x2c, 0x00, 0x00,
184 0x15, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x23,
185 0x00, 0x00, 0x00, 0x17, 0x00, 0x00
186 };
187
188 /* No supported compression methods. */
189 static UCHAR server_hello_test_4[] = {
190 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
191 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
192 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x01, 0x00, 0x05, 0xff, 0x01, 0x00, 0x01,
193 0x00
194 };
195
196 /* Invalid extension length. */
197 static UCHAR server_hello_test_5[] = {
198 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
199 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
200 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x06, 0xff, 0x01, 0x00, 0x01,
201 0x00
202 };
203
204 /* nx_secure_tls_session_client_callback return error status. */
205 static UCHAR server_hello_test_6[] = {
206 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
207 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
208 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x05, 0xff, 0x01, 0x00, 0x01,
209 0x00
210 };
211
212 /* Cover if (message_length >= (length + 2)). */
213 static UCHAR server_hello_test_7[] = {
214 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
215 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
216 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00
217 };
218
219 /* nx_secure_tls_process_serverhello_extensions.c */
220 static UCHAR server_hello_reneg[] = {
221 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
222 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
223 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x05, 0xff, 0x01, 0x00, 0x01,
224 0x00
225 };
226
227 /* if (offset + 4 > message_length) */
228 static UCHAR server_hello_test_8[] = {
229 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
230 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
231 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x03, 0xff, 0x01, 0x00, 0x01,
232 0x00
233 };
234
235 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
236 /* if (*extension_length > message_length || *extension_length < 3) */
237 static UCHAR server_hello_test_9[] = {
238 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
239 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
240 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x05, 0xff, 0x01, 0x00, 0x00,
241 0x00
242 };
243
244 /* if (*extension_length > message_length || *extension_length < 3) */
245 static UCHAR server_hello_test_10[] = {
246 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
247 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
248 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x05, 0xff, 0x01, 0x00, 0x02,
249 0x00
250 };
251
252 /* if (*extension_length > message_length || *extension_length < 3) */
253 static UCHAR server_hello_test_11[] = {
254 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x18, 0x00, 0x00, 0x84, 0x67,
255 0x00, 0x00, 0xe1, 0x4a, 0x00, 0x00, 0x6c, 0x3d, 0x00, 0x00, 0xd6, 0x2c, 0x00, 0x00, 0xae, 0x72,
256 0x00, 0x00, 0x52, 0x69, 0x00, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x05, 0xff, 0x01, 0x00, 0x01,
257 0x01
258 };
259
260 static UCHAR server_hello_test_12[] = {
261 0xff, 0x01, 0x00, 0x19,
262 0x18, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x01, 0x02, 0x03, 0x04,
263 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
264 };
265
266 static UCHAR server_hello_test_13[] = {
267 0xff, 0x01, 0x00, 0x19,
268 0x17, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x01, 0x02, 0x03, 0x04,
269 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
270 };
271
272 static UCHAR server_hello_test_14[] = {
273 0xff, 0x01, 0x00, 0x02, 0x00, 0x00
274 };
275
276 static UCHAR server_hello_test_15[] = {
277 0xff, 0x01, 0x00, 0x01, 0x00
278 };
279 #endif
280
281 /* Set test packets' info. */
282 static UCHAR *test_packets_data[] = {
283 server_hello_test_1,
284 server_hello_test_2,
285 server_hello_test_3,
286 server_hello_test_4,
287 server_hello_test_5,
288 server_hello_test_6,
289 server_hello_test_7,
290 server_hello_test_8,
291 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
292 server_hello_test_9,
293 server_hello_test_10,
294 server_hello_test_11,
295 #endif
296 };
297
298 static UINT test_packets_size[] = {
299 sizeof(server_hello_test_1),
300 sizeof(server_hello_test_2),
301 sizeof(server_hello_test_3),
302 sizeof(server_hello_test_4),
303 sizeof(server_hello_test_5),
304 sizeof(server_hello_test_6),
305 sizeof(server_hello_test_7),
306 sizeof(server_hello_test_8),
307 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
308 sizeof(server_hello_test_9),
309 sizeof(server_hello_test_10),
310 sizeof(server_hello_test_11),
311 #endif
312 };
313
314 /* Set expected status. */
315 static UINT test_status[] = {
316 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
317 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
318 NX_SECURE_TLS_UNKNOWN_CIPHERSUITE,
319 NX_SECURE_TLS_BAD_COMPRESSION_METHOD,
320 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
321 111,
322 NX_NO_PACKET,
323 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
324 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
325 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
326 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
327 NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH,
328 #endif
329 };
330
331 #define TEST_START 0
332
test_callback(NX_SECURE_TLS_SESSION * tls_session,NX_SECURE_TLS_HELLO_EXTENSION * extensions,UINT num_extensions)333 static ULONG test_callback(NX_SECURE_TLS_SESSION *tls_session, NX_SECURE_TLS_HELLO_EXTENSION *extensions, UINT num_extensions)
334 {
335 return 111;
336 }
337
338 /* -----===== SERVER =====----- */
339
ntest_0_entry(ULONG thread_input)340 static void ntest_0_entry(ULONG thread_input)
341 {
342 UINT status, i;
343 ULONG actual_status;
344 NX_PACKET *send_packet, *receive_packet;
345
346 /* Print out test information banner. */
347 printf("NetX Secure Test: TLS ServeHello Coverage Test.......................");
348
349 /* Ensure the IP instance has been initialized. */
350 status = nx_ip_status_check(&ip_0, NX_IP_INITIALIZE_DONE, &actual_status, NX_IP_PERIODIC_RATE);
351 EXPECT_EQ(NX_SUCCESS, status);
352
353 /* Create a socket. */
354 status = nx_tcp_socket_create(&ip_0, &server_socket, "Server Socket",
355 NX_IP_NORMAL, NX_FRAGMENT_OKAY, NX_IP_TIME_TO_LIVE * 100, 16*1024,
356 NX_NULL, NX_NULL);
357 EXPECT_EQ(NX_SUCCESS, status);
358
359 /* Create a TLS session for our socket. */
360 status = nx_secure_tls_session_create(&server_tls_session,
361 &nx_crypto_tls_ciphers,
362 server_crypto_metadata,
363 sizeof(server_crypto_metadata));
364 EXPECT_EQ(NX_SUCCESS, status);
365
366 /* Setup our packet reassembly buffer. */
367 nx_secure_tls_session_packet_buffer_set(&server_tls_session, server_packet_buffer, sizeof(server_packet_buffer));
368
369 /* Enable Client Certificate Verification. */
370 nx_secure_tls_session_client_verify_enable(&server_tls_session);
371
372 /* Initialize our certificate. */
373 nx_secure_x509_certificate_initialize(&certificate, test_device_cert_der, test_device_cert_der_len, NX_NULL, 0, test_device_cert_key_der, test_device_cert_key_der_len, NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
374 nx_secure_tls_local_certificate_add(&server_tls_session, &certificate);
375
376 nx_secure_x509_certificate_initialize(&ica_certificate, ica_cert_der, ica_cert_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
377 nx_secure_tls_local_certificate_add(&server_tls_session, &ica_certificate);
378
379 /* If we are testing client certificate verify, allocate remote certificate space. */
380 nx_secure_tls_remote_certificate_allocate(&server_tls_session, &client_remote_certificate, client_remote_cert_buffer, sizeof(client_remote_cert_buffer));
381 nx_secure_tls_remote_certificate_allocate(&server_tls_session, &client_remote_issuer, client_remote_issuer_buffer, sizeof(client_remote_issuer_buffer));
382
383 /* Add a CA Certificate to our trusted store for verifying incoming client certificates. */
384 nx_secure_x509_certificate_initialize(&trusted_certificate, ca_cert_der, ca_cert_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
385 nx_secure_tls_trusted_certificate_add(&server_tls_session, &trusted_certificate);
386
387 /* Initialize server session manually. */
388 server_tls_session.nx_secure_tls_tcp_socket = &server_socket;
389 server_tls_session.nx_secure_tls_packet_pool = &pool_0;
390 server_tls_session.nx_secure_tls_protocol_version = NX_SECURE_TLS_VERSION_TLS_1_2;
391
392 /* Setup this thread to listen. */
393 status = nx_tcp_server_socket_listen(&ip_0, 12, &server_socket, 5, NX_NULL);
394 EXPECT_EQ(NX_SUCCESS, status);
395
396 for (i = TEST_START; i < (sizeof(test_packets_size) / sizeof(UINT)); i++)
397 {
398
399 /* Accept a client socket connection. */
400 status = nx_tcp_server_socket_accept(&server_socket, 5 * NX_IP_PERIODIC_RATE);
401 EXPECT_EQ(NX_SUCCESS, status);
402 tx_thread_suspend(&ntest_0);
403
404 /* Receive ClientHello. */
405 status = nx_tcp_socket_receive(&server_socket, &receive_packet, NX_WAIT_FOREVER);
406 EXPECT_EQ(NX_SUCCESS, status);
407
408 /* Release the ClientHello packet. */
409 nx_packet_release(receive_packet);
410
411 tx_mutex_get(&_nx_secure_tls_protection, NX_WAIT_FOREVER);
412 server_tls_session.nx_secure_tls_protocol_version = NX_SECURE_TLS_VERSION_TLS_1_2;
413 status = _nx_secure_tls_allocate_handshake_packet(&server_tls_session, &pool_0, &send_packet, NX_WAIT_FOREVER);
414 tx_mutex_put(&_nx_secure_tls_protection);
415 EXPECT_EQ(NX_SUCCESS, status);
416
417 memcpy(send_packet -> nx_packet_prepend_ptr, test_packets_data[i], test_packets_size[i]);
418 send_packet -> nx_packet_length = test_packets_size[i];
419 send_packet -> nx_packet_append_ptr = send_packet -> nx_packet_prepend_ptr + send_packet -> nx_packet_length;
420
421 /* Send an invaild message. */
422 tx_mutex_get(&_nx_secure_tls_protection, NX_WAIT_FOREVER);
423 status = _nx_secure_tls_send_handshake_record(&server_tls_session, send_packet, NX_SECURE_TLS_SERVER_HELLO, NX_WAIT_FOREVER);
424 tx_mutex_put(&_nx_secure_tls_protection);
425 EXPECT_EQ(NX_SUCCESS, status);
426
427 /* Try receiving records from the remote host. */
428 status = nx_packet_allocate(&pool_0, &receive_packet, NX_IPv4_TCP_PACKET, NX_WAIT_FOREVER);
429 EXPECT_EQ(NX_SUCCESS, status);
430 server_tls_session.nx_secure_tls_socket_type = NX_SECURE_TLS_SESSION_TYPE_SERVER;
431 status = _nx_secure_tls_session_receive_records(&server_tls_session, &receive_packet, 5 * NX_IP_PERIODIC_RATE);
432 if (i == 6)
433 {
434 EXPECT_EQ(NX_NO_PACKET, status);
435 }
436 else
437 {
438 EXPECT_EQ(NX_SECURE_TLS_ALERT_RECEIVED, status);
439 }
440
441 status = nx_secure_tls_session_end(&server_tls_session, NX_NO_WAIT);
442 status += nx_tcp_socket_disconnect(&server_socket, NX_WAIT_FOREVER);
443 status += nx_tcp_server_socket_unaccept(&server_socket);
444 status += nx_tcp_server_socket_relisten(&ip_0, 12, &server_socket);
445 EXPECT_EQ(NX_SUCCESS, status);
446 }
447
448 /* End the TLS session. This is required to properly shut down the TLS connection. */
449 status += nx_tcp_server_socket_unlisten(&ip_0, 12);
450 status += nx_secure_tls_session_delete(&server_tls_session);
451 status += nx_tcp_socket_delete(&server_socket);
452 EXPECT_EQ(NX_SUCCESS, status);
453
454 }
455
456 /* -----===== CLIENT =====----- */
457
ntest_1_entry(ULONG thread_input)458 static void ntest_1_entry(ULONG thread_input)
459 {
460 UINT status, i;
461 NX_PACKET *send_packet = NX_NULL;
462 NX_SECURE_TLS_HELLO_EXTENSION extension_data[NX_SECURE_TLS_HELLO_EXTENSIONS_MAX];
463 UINT num_extensions;
464
465 /* Create a socket. */
466 status = nx_tcp_socket_create(&ip_1, &client_socket, "Client Socket",
467 NX_IP_NORMAL, NX_FRAGMENT_OKAY, NX_IP_TIME_TO_LIVE * 100, 1024*16,
468 NX_NULL, NX_NULL);
469 EXPECT_EQ(NX_SUCCESS, status);
470
471 /* Create a TLS session for our socket. */
472 status = nx_secure_tls_session_create(&client_tls_session,
473 &nx_crypto_tls_ciphers,
474 client_crypto_metadata,
475 sizeof(client_crypto_metadata));
476 EXPECT_EQ(NX_SUCCESS, status);
477
478 /* Setup our packet reassembly buffer. */
479 nx_secure_tls_session_packet_buffer_set(&client_tls_session, client_packet_buffer, sizeof(client_packet_buffer));
480
481 /* Make sure client certificate verification is disabled. */
482 nx_secure_tls_session_client_verify_disable(&client_tls_session);
483
484 /* Need to allocate space for the certificate coming in from the remote host. */
485 nx_secure_tls_remote_certificate_allocate(&client_tls_session, &remote_certificate, remote_cert_buffer, sizeof(remote_cert_buffer));
486 nx_secure_tls_remote_certificate_allocate(&client_tls_session, &remote_issuer, remote_issuer_buffer, sizeof(remote_issuer_buffer));
487
488 //nx_secure_x509_certificate_initialize(&certificate, cert_der, cert_der_len, NX_NULL, 0, private_key_der, private_key_der_len, NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
489 nx_secure_x509_certificate_initialize(&client_certificate, test_device_cert_der, test_device_cert_der_len, NX_NULL, 0, test_device_cert_key_der, test_device_cert_key_der_len, NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
490 nx_secure_tls_local_certificate_add(&client_tls_session, &client_certificate);
491
492 /* Add a CA Certificate to our trusted store for verifying incoming server certificates. */
493 nx_secure_x509_certificate_initialize(&trusted_certificate, ca_cert_der, ca_cert_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
494 nx_secure_tls_trusted_certificate_add(&client_tls_session, &trusted_certificate);
495
496 nx_secure_tls_session_client_callback_set(&client_tls_session, test_callback);
497
498 /* Bind the socket. */
499 status = nx_tcp_client_socket_bind(&client_socket, 12, NX_IP_PERIODIC_RATE);
500 EXPECT_EQ(NX_SUCCESS, status);
501
502 for (i = TEST_START ; i < (sizeof(test_packets_size) / sizeof(UINT)); i++)
503 {
504
505 status = nx_tcp_client_socket_connect(&client_socket, IP_ADDRESS(1, 2, 3, 4), 12, 5 * NX_IP_PERIODIC_RATE);
506 EXPECT_EQ(NX_SUCCESS, status);
507
508 tx_thread_sleep(10);
509 tx_thread_resume(&ntest_0);
510 status = nx_secure_tls_session_start(&client_tls_session, &client_socket, 5 * NX_IP_PERIODIC_RATE);
511 EXPECT_EQ(test_status[i], status);
512
513 /* Disconnect this socket. */
514 status = nx_secure_tls_session_end(&client_tls_session, NX_NO_WAIT);
515 status += nx_tcp_socket_disconnect(&client_socket, NX_WAIT_FOREVER);
516 EXPECT_EQ(NX_SUCCESS, status);
517 }
518
519 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
520 client_tls_session.nx_secure_tls_local_session_active = 0;
521 client_tls_session.nx_secure_tls_remote_session_active = 1;
522 client_tls_session.nx_secure_tls_session_ciphersuite = &_nx_crypto_ciphersuite_lookup_table[1];
523 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_12, 0x1d, extension_data, &num_extensions);
524 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
525
526 client_tls_session.nx_secure_tls_local_session_active = 1;
527 client_tls_session.nx_secure_tls_remote_session_active = 0;
528 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_12, 0x1d, extension_data, &num_extensions);
529 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
530
531 client_tls_session.nx_secure_tls_local_session_active = 1;
532 client_tls_session.nx_secure_tls_remote_session_active = 1;
533 client_tls_session.nx_secure_tls_secure_renegotiation = 0;
534 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_12, 0x1d, extension_data, &num_extensions);
535 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
536
537 client_tls_session.nx_secure_tls_local_session_active = 1;
538 client_tls_session.nx_secure_tls_remote_session_active = 1;
539 client_tls_session.nx_secure_tls_secure_renegotiation = 1;
540 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_13, 0x1d, extension_data, &num_extensions);
541 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
542
543 memcpy(client_tls_session.nx_secure_tls_local_verify_data, &server_hello_test_12[5], NX_SECURE_TLS_FINISHED_HASH_SIZE);
544 memcpy(client_tls_session.nx_secure_tls_remote_verify_data, &server_hello_test_12[17], NX_SECURE_TLS_FINISHED_HASH_SIZE);
545
546 client_tls_session.nx_secure_tls_remote_verify_data[0] = 0xff;
547 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_12, 0x1d, extension_data, &num_extensions);
548 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
549
550 client_tls_session.nx_secure_tls_local_verify_data[0] = 0xff;
551 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_12, 0x1d, extension_data, &num_extensions);
552 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
553
554 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_14, 0x6, extension_data, &num_extensions);
555 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
556
557 status = _nx_secure_tls_process_serverhello_extensions(&client_tls_session, server_hello_test_15, 0x5, extension_data, &num_extensions);
558 EXPECT_EQ(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR, status);
559 #endif
560
561 /* Unbind the socket. */
562 status = nx_tcp_client_socket_unbind(&client_socket);
563 EXPECT_EQ(NX_SUCCESS, status);
564
565 /* Delete TLS session. */
566 status = nx_secure_tls_session_delete(&client_tls_session);
567 EXPECT_EQ(NX_SUCCESS, status);
568
569 /* Delete the socket. */
570 status = nx_tcp_socket_delete(&client_socket);
571 EXPECT_EQ(NX_SUCCESS, status);
572
573 printf("SUCCESS!\n");
574 test_control_return(0);
575 }
576
577 #else
578 #ifdef CTEST
579 void test_application_define(void *first_unused_memory);
test_application_define(void * first_unused_memory)580 void test_application_define(void *first_unused_memory)
581 #else
582 VOID nx_secure_tls_serverhello_coverage_test_application_define(void *first_unused_memory)
583 #endif
584 {
585
586 /* Print out test information banner. */
587 printf("NetX Secure Test: TLS ServerHello Coverage Test......................N/A\n");
588 test_control_return(3);
589 }
590 #endif
591
