1 /* 14.19 TCP MUST include an SWS avoidance algorithm in the receiver when effective send MSS < (1/ 2)*RCV_BUFF. */
2
3 /* Procedure
4 1.Connection successfully
5 2.First Client sends 40 data to Server, then check if the last_sent changed
6 3.Then Client sends more 20 data to Server, also check if the last_sent changed
7 4.If the last_sent changed, the SWS avoidance algorithm has not been used. */
8
9 #include "tx_api.h"
10 #include "nx_api.h"
11 #include "nx_tcp.h"
12 #include "nx_secure_tls_api.h"
13 #include "tls_test_utility.h"
14
15 extern void test_control_return(UINT status);
16
17 #if !defined(NX_SECURE_TLS_CLIENT_DISABLED) && !defined(NX_SECURE_TLS_SERVER_DISABLED)
18 #define __LINUX__
19
20 /* Define the number of times to (re)establish a TLS connection. */
21 #define TLS_CONNECT_TIMES (6)
22
23 #define LARGE_SEND_SIZE 3000
24
25 #define MSG "----------abcdefgh20----------ABCDEFGH40----------klmnopqr60----------KLMNOPQR80--------------------"
26
27 /* Define the ThreadX and NetX object control blocks... */
28
29 static TX_THREAD ntest_0;
30 static TX_THREAD ntest_1;
31
32 static NX_PACKET_POOL pool_0;
33 static NX_PACKET_POOL pool_1;
34 static NX_IP ip_0;
35 static NX_IP ip_1;
36 static NX_TCP_SOCKET client_socket;
37 static NX_TCP_SOCKET server_socket;
38 static NX_SECURE_TLS_SESSION client_tls_session;
39 static NX_SECURE_TLS_SESSION server_tls_session;
40
41 static NX_SECURE_X509_CERT certificate;
42 static NX_SECURE_X509_CERT ica_certificate;
43 static NX_SECURE_X509_CERT client_certificate;
44 static NX_SECURE_X509_CERT remote_certificate, remote_issuer;
45 static NX_SECURE_X509_CERT client_remote_certificate, client_remote_issuer;
46 static NX_SECURE_X509_CERT trusted_certificate;
47
48 UCHAR remote_cert_buffer[2000];
49 UCHAR remote_issuer_buffer[2000];
50 UCHAR client_remote_cert_buffer[2000];
51 UCHAR client_remote_issuer_buffer[2000];
52
53 UCHAR server_packet_buffer[4000];
54 UCHAR client_packet_buffer[4000];
55
56 CHAR server_crypto_metadata[16000];
57 CHAR client_crypto_metadata[16000];
58
59 static UCHAR large_app_data[LARGE_SEND_SIZE];
60 static UCHAR server_recv_buffer[LARGE_SEND_SIZE];
61 static UCHAR client_recv_buffer[LARGE_SEND_SIZE];
62
63 /* Test PKI (3-level). */
64 #include "test_ca_cert.c"
65 #include "tls_two_test_certs.c"
66 #define ca_cert_der test_ca_cert_der
67 #define ca_cert_der_len test_ca_cert_der_len
68
69 /* Cryptographic routines. */
70 extern NX_SECURE_TLS_CRYPTO nx_crypto_tls_ciphers;
71
72 #define DEMO_STACK_SIZE 4096 // (3 * 1024 / sizeof(ULONG))
73
74 /* Define the IP thread's stack area. */
75 #define IP_STACK_SIZE 4096 //(2 * 1024 / sizeof(ULONG))
76
77 /* Define packet pool for the demonstration. */
78 #define NX_PACKET_POOL_BYTES ((1536 + sizeof(NX_PACKET)) * 20)
79 #define NX_PACKET_POOL_SIZE (NX_PACKET_POOL_BYTES/sizeof(ULONG) + 64 / sizeof(ULONG))
80
81 /* Define the ARP cache area. */
82 #define ARP_AREA_SIZE 1024 // (512 / sizeof(ULONG))
83
84 #define TOTAL_STACK_SPACE (2 * (DEMO_STACK_SIZE + IP_STACK_SIZE + NX_PACKET_POOL_SIZE + ARP_AREA_SIZE))
85
86 #ifndef __LINUX__
87 ULONG test_stack_area[TOTAL_STACK_SPACE + 2000];
88 #endif
89
90 static ULONG pool_area[2][NX_PACKET_POOL_SIZE];
91
92 /* Define thread prototypes. */
93
94 static void ntest_0_entry(ULONG thread_input);
95 static void ntest_1_entry(ULONG thread_input);
96 extern void _nx_ram_network_driver_1500(struct NX_IP_DRIVER_STRUCT *driver_req);
97
98 /* Define what the initial system looks like. */
99 #ifndef __LINUX__
tx_application_define(void * first_unused_memory)100 void tx_application_define(void *first_unused_memory)
101 #else
102 #ifdef CTEST
103 void test_application_define(void *first_unused_memory);
104 void test_application_define(void *first_unused_memory)
105 #else
106 void nx_secure_tls_coverage_2_test_application_define(void *first_unused_memory)
107 #endif
108 #endif
109 {
110 CHAR *pointer;
111 UINT status;
112
113 /* Setup the working pointer. */
114 #ifndef __LINUX__
115 pointer = (CHAR*)test_stack_area;
116 #else
117 pointer = (CHAR *) first_unused_memory;
118 #endif
119
120 /* Create the main thread. */
121 tx_thread_create(&ntest_0, "thread 0", ntest_0_entry, 0,
122 pointer, DEMO_STACK_SIZE,
123 3, 3, TX_NO_TIME_SLICE, TX_AUTO_START);
124
125 pointer = pointer + DEMO_STACK_SIZE;
126
127 /* Create the main thread. */
128 tx_thread_create(&ntest_1, "thread 1", ntest_1_entry, 0,
129 pointer, DEMO_STACK_SIZE,
130 4, 4, TX_NO_TIME_SLICE, TX_AUTO_START);
131
132 pointer = pointer + DEMO_STACK_SIZE;
133
134 /* Initialize the NetX system. */
135 nx_system_initialize();
136
137 /* Create a packet pool. */
138 status = nx_packet_pool_create(&pool_0, "NetX Main Packet Pool", 1536, pool_area[0], sizeof(pool_area[0]));
139 EXPECT_EQ(NX_SUCCESS, status);
140
141 /* Create a packet pool. */
142 status = nx_packet_pool_create(&pool_1, "NetX Main Packet Pool", 1536, pool_area[1], sizeof(pool_area[1]));
143 EXPECT_EQ(NX_SUCCESS, status);
144
145 /* Create an IP instance. */
146 status = nx_ip_create(&ip_0, "NetX IP Instance 0", IP_ADDRESS(1, 2, 3, 4), 0xFFFFFF00UL, &pool_0, _nx_ram_network_driver_1500,
147 pointer, IP_STACK_SIZE, 1);
148 pointer = pointer + IP_STACK_SIZE;
149
150 /* Create another IP instance. */
151 status += nx_ip_create(&ip_1, "NetX IP Instance 1", IP_ADDRESS(1, 2, 3, 5), 0xFFFFFF00UL, &pool_1, _nx_ram_network_driver_1500,
152 pointer, IP_STACK_SIZE, 1);
153 pointer = pointer + IP_STACK_SIZE;
154 EXPECT_EQ(NX_SUCCESS, status);
155
156 /* Enable ARP and supply ARP cache memory for IP Instance 0. */
157 status = nx_arp_enable(&ip_0, (void *) pointer, ARP_AREA_SIZE);
158 pointer = pointer + ARP_AREA_SIZE;
159
160 /* Enable ARP and supply ARP cache memory for IP Instance 1. */
161 status += nx_arp_enable(&ip_1, (void *) pointer, ARP_AREA_SIZE);
162 pointer = pointer + ARP_AREA_SIZE;
163 EXPECT_EQ(NX_SUCCESS, status);
164
165 /* Enable TCP processing for both IP instances. */
166 status = nx_tcp_enable(&ip_0);
167 status += nx_tcp_enable(&ip_1);
168 EXPECT_EQ(NX_SUCCESS, status);
169
170 nx_secure_tls_initialize();
171 }
172
173 /* Define callbacks used by TLS. */
174 /* Include CRL associated with Verisign root CA (for AWS) for demo purposes. */
175 #include "test_ca.crl.der.c"
176
177 static UCHAR CertMsg[] = {
178 /* total length. */
179 0x00, 0x03, 0x27,
180 /* cert length */
181 0x00, 0x03, 0x24,
182 0x30, 0x82, 0x03, 0x20, 0x30, 0x82, 0x02, 0x08, 0x02, 0x09, 0x00, 0xc0,
183 0xbe, 0x29, 0xae, 0x89, 0x1b, 0xc9, 0xe5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
184 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x52,
185 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,
186 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02,
187 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
188 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a,
189 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
190 0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55,
191 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x1e,
192 0x17, 0x0d, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x32, 0x33, 0x33,
193 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, 0x39, 0x30,
194 0x32, 0x33, 0x33, 0x31, 0x39, 0x5a, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09,
195 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30,
196 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b,
197 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31,
198 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c,
199 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45,
200 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06,
201 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
202 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
203 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
204 0x01, 0x01, 0x00, 0xc3, 0x79, 0x72, 0xa4, 0xe2, 0xc6, 0xb7, 0x5d, 0x0f,
205 0x41, 0x8c, 0x8e, 0xd1, 0x3c, 0xfd, 0x97, 0xf4, 0x8e, 0x82, 0x7e, 0x75,
206 0xac, 0x4d, 0x85, 0xbb, 0xba, 0xe3, 0xd6, 0x22, 0xad, 0xc5, 0xc2, 0xd5,
207 0x9d, 0x78, 0x1c, 0xab, 0x9c, 0x33, 0xb7, 0x95, 0x36, 0xcb, 0x63, 0x76,
208 0x88, 0xc7, 0x3c, 0xa7, 0xf7, 0xfb, 0x84, 0x1d, 0x7c, 0xc5, 0x17, 0x25,
209 0x5f, 0x1d, 0x41, 0xf3, 0x8c, 0xf9, 0x2f, 0x93, 0xab, 0xb2, 0x6b, 0x84,
210 0xa9, 0x07, 0x70, 0xa1, 0xa0, 0xb3, 0xe0, 0x86, 0x5b, 0x5f, 0x4e, 0x0c,
211 0x78, 0x7f, 0x20, 0x10, 0x12, 0x60, 0x13, 0x5c, 0xf8, 0x15, 0xe0, 0xc6,
212 0xcb, 0xb2, 0x61, 0xe4, 0x78, 0x9d, 0xb8, 0x91, 0x60, 0x0f, 0xe6, 0xce,
213 0xa4, 0x57, 0xa9, 0xb3, 0xb1, 0x9e, 0x3b, 0xc7, 0xf1, 0x66, 0x96, 0x23,
214 0xf7, 0xe5, 0x40, 0xfa, 0xf6, 0x3a, 0xb9, 0x32, 0x64, 0xd0, 0x01, 0x14,
215 0x31, 0x81, 0x3c, 0x3e, 0xf1, 0x9e, 0x64, 0x3d, 0xd0, 0x37, 0xee, 0xcd,
216 0xf1, 0x82, 0x79, 0x3e, 0x08, 0x48, 0x2d, 0x2f, 0xa4, 0x5d, 0x41, 0xff,
217 0x1f, 0xc1, 0x99, 0x26, 0x53, 0xb8, 0x7b, 0x59, 0xe5, 0x79, 0x9d, 0x25,
218 0x2c, 0x35, 0xe6, 0x7b, 0x22, 0x02, 0x8c, 0x78, 0x05, 0xda, 0x90, 0x5d,
219 0xbd, 0xd4, 0x53, 0xca, 0xa2, 0x73, 0xcc, 0xa0, 0xd7, 0x63, 0x3c, 0x22,
220 0xe4, 0x2a, 0xb8, 0xc8, 0x5f, 0x58, 0x74, 0xce, 0x6c, 0x3b, 0xf3, 0x21,
221 0x9a, 0xfa, 0xa0, 0x40, 0xc3, 0x10, 0x32, 0x46, 0xbb, 0x14, 0xff, 0xd6,
222 0x1c, 0x41, 0x90, 0xb1, 0xb0, 0x0b, 0x59, 0x18, 0xaa, 0xfd, 0x43, 0x63,
223 0x4b, 0x7c, 0xf1, 0x68, 0x1d, 0xa7, 0xed, 0x2c, 0x35, 0x11, 0xb8, 0xbc,
224 0x02, 0x27, 0xc6, 0x39, 0x48, 0x62, 0x2b, 0xc1, 0xa9, 0x08, 0x53, 0x1f,
225 0x7c, 0xdb, 0xa1, 0x6d, 0x41, 0x58, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01,
226 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
227 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3d, 0xa4, 0x36, 0xc9,
228 0x9d, 0x91, 0xd1, 0x25, 0xe7, 0x41, 0x2c, 0x8d, 0xda, 0xcd, 0xb3, 0x8a,
229 0x53, 0xe4, 0xee, 0x4f, 0x94, 0xa4, 0x84, 0xee, 0xaf, 0x06, 0x85, 0x6a,
230 0xa6, 0x54, 0xe5, 0x8f, 0x12, 0xd3, 0x5e, 0x84, 0x33, 0x7a, 0x1d, 0x66,
231 0x24, 0xb0, 0x9d, 0x94, 0x71, 0xad, 0x5b, 0x91, 0x6d, 0x06, 0xf3, 0x7b,
232 0x41, 0x8f, 0x1a, 0x97, 0xa2, 0xe9, 0x52, 0x57, 0x2e, 0xfb, 0xaf, 0x1f,
233 0xb7, 0xf9, 0x9c, 0xf8, 0xa9, 0xde, 0x4e, 0xdb, 0x92, 0x92, 0x94, 0xe0,
234 0x06, 0x50, 0xfa, 0x76, 0x4f, 0x45, 0xeb, 0x8f, 0x60, 0x49, 0xeb, 0x98,
235 0x32, 0x65, 0xb9, 0x85, 0xc4, 0x21, 0x81, 0xe3, 0x81, 0x33, 0x41, 0x45,
236 0xc4, 0xbc, 0x3b, 0xda, 0x7a, 0x74, 0xe8, 0x4e, 0x3e, 0xc9, 0x39, 0xdf,
237 0xdd, 0xa0, 0xb3, 0x49, 0x76, 0x58, 0x13, 0x46, 0x74, 0x66, 0x9e, 0xc1,
238 0xbc, 0x6b, 0x37, 0xb8, 0x77, 0x6a, 0x8e, 0xf1, 0x6a, 0xad, 0xb4, 0x75,
239 0x13, 0x1b, 0x2b, 0x3f, 0x62, 0x5e, 0xc7, 0x18, 0x6f, 0x65, 0xfa, 0x5c,
240 0xc6, 0xb3, 0xf9, 0xa2, 0x83, 0xfa, 0x79, 0x50, 0xfa, 0xa8, 0xc8, 0xa7,
241 0xc5, 0xeb, 0x7d, 0x4a, 0x27, 0x82, 0xe5, 0x09, 0xfb, 0x20, 0x06, 0x25,
242 0x0a, 0x35, 0x4e, 0x43, 0x01, 0x2e, 0x09, 0x41, 0x8d, 0x1d, 0xf5, 0x4e,
243 0x58, 0x72, 0x3c, 0x52, 0x34, 0x25, 0x64, 0xb6, 0xc5, 0x24, 0x9c, 0xd8,
244 0xe4, 0xc9, 0xe6, 0xee, 0x23, 0xce, 0xa8, 0x1d, 0x46, 0xd0, 0xc8, 0xd6,
245 0x8f, 0x27, 0xc1, 0x48, 0x66, 0x3d, 0x30, 0x7f, 0xf4, 0xf5, 0xd7, 0x81,
246 0x3a, 0x62, 0x92, 0xbb, 0x9a, 0x66, 0x65, 0xaf, 0x27, 0x93, 0xd8, 0x63,
247 0xfa, 0xa8, 0x3f, 0x14, 0x2e, 0xbd, 0xd2, 0x20, 0x30, 0x5b, 0x41, 0x6d,
248 0x01, 0x07, 0x37, 0xe9, 0x9c, 0x8a, 0x07, 0xe3, 0x32, 0xb7, 0x68, 0xae
249 };
250
251 /* -----===== SERVER =====----- */
252
253 /* Define a TLS name to test the Server Name Indication extension. */
254 #define TLS_SNI_SERVER_NAME "testing"
255
256 static CHAR *html_data = "HTTP/1.1 200 OK\r\n" \
257 "Date: Fri, 15 Sep 2016 23:59:59 GMT\r\n" \
258 "Content-Type: text/html\r\n" \
259 "Content-Length: 200\r\n\r\n" \
260 "<html>\r\n"\
261 "<body>\r\n"\
262 "<b>Hello NetX Secure User!</b>\r\n"\
263 "This is a simple webpage\r\n"\
264 "served up using NetX Secure!\r\n"\
265 "</body>\r\n"\
266 "</html>\r\n";
267
268 extern NX_SECURE_X509_CRYPTO _nx_crypto_x509_cipher_lookup_table[];
269 extern NX_CRYPTO_METHOD crypto_method_tls_prf_1;
270 extern NX_CRYPTO_METHOD crypto_method_tls_prf_sha256;
271
ntest_0_entry(ULONG thread_input)272 static void ntest_0_entry(ULONG thread_input)
273 {
274 UCHAR receive_buffer[100];
275 USHORT extension_length, iv_size;
276 UINT status, i, num_extensions, connect_count, length;
277 ULONG actual_status, bytes, metadata_size;
278 NX_PACKET *send_packet, *receive_packet, npacket;
279 NX_SECURE_TLS_HELLO_EXTENSION extension_data[NX_SECURE_TLS_HELLO_EXTENSIONS_MAX];
280 NX_SECURE_X509_CERTIFICATE_STORE store, *store_ptr;
281 NX_SECURE_X509_CERT *cert_list, *cert_ptr, cert_1, cert_2;
282 NX_SECURE_TLS_HELLO_EXTENSION sni_extension;
283 NX_SECURE_X509_DNS_NAME dns_name;
284 NX_SECURE_X509_CERT test_cert;
285 NX_CRYPTO_METHOD test_md5, test_sha1, test_sha256;
286 UCHAR test_iv[16];
287
288 /* Lookup table used to map ciphersuites to cryptographic routines. */
289 NX_SECURE_TLS_CIPHERSUITE_INFO test_ciphersuite = {TLS_NULL_WITH_NULL_NULL, NX_NULL, NX_NULL, NX_NULL, 0, 0, NX_NULL, 0, NX_NULL};
290
291 /* Define the object we can pass into TLS. */
292 NX_SECURE_TLS_CRYPTO test_crypto_table =
293 {
294 /* Ciphersuite lookup table and size. */
295 &test_ciphersuite,
296 1,
297 #ifndef NX_SECURE_DISABLE_X509
298 /* X.509 certificate cipher table and size. */
299 NX_NULL,
300 0,
301 #endif
302 /* TLS version-specific methods. */
303 #if (NX_SECURE_TLS_TLS_1_0_ENABLED || NX_SECURE_TLS_TLS_1_1_ENABLED)
304 NX_NULL,
305 NX_NULL,
306 &crypto_method_tls_prf_1,
307 #endif
308
309 #if (NX_SECURE_TLS_TLS_1_2_ENABLED)
310 NX_NULL,
311 &crypto_method_tls_prf_sha256
312 #endif
313 };
314
315 /* Print out test information banner. */
316 printf("NetX Secure Test: TLS Coverage 2 Test................................");
317
318 /* Ensure the IP instance has been initialized. */
319 status = nx_ip_status_check(&ip_0, NX_IP_INITIALIZE_DONE, &actual_status, NX_IP_PERIODIC_RATE);
320 EXPECT_EQ(NX_SUCCESS, status);
321
322 /* Create a socket. */
323 status = nx_tcp_socket_create(&ip_0, &server_socket, "Server Socket",
324 NX_IP_NORMAL, NX_FRAGMENT_OKAY, NX_IP_TIME_TO_LIVE * 100, 16*1024,
325 NX_NULL, NX_NULL);
326 EXPECT_EQ(NX_SUCCESS, status);
327
328 /* Create a TLS session for our socket. */
329 status = nx_secure_tls_session_create(&server_tls_session,
330 &nx_crypto_tls_ciphers,
331 server_crypto_metadata,
332 sizeof(server_crypto_metadata));
333 EXPECT_EQ(NX_SUCCESS, status);
334
335 /* Setup our packet reassembly buffer. */
336 nx_secure_tls_session_packet_buffer_set(&server_tls_session, server_packet_buffer, sizeof(server_packet_buffer));
337
338 /* Enable Client Certificate Verification. */
339 nx_secure_tls_session_client_verify_enable(&server_tls_session);
340
341 /* Initialize our certificate. */
342 nx_secure_x509_certificate_initialize(&certificate, test_device_cert_der, test_device_cert_der_len, NX_NULL, 0, test_device_cert_key_der, test_device_cert_key_der_len, NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
343 nx_secure_tls_local_certificate_add(&server_tls_session, &certificate);
344
345 nx_secure_x509_certificate_initialize(&ica_certificate, ica_cert_der, ica_cert_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
346 nx_secure_tls_local_certificate_add(&server_tls_session, &ica_certificate);
347
348 /* If we are testing client certificate verify, allocate remote certificate space. */
349 nx_secure_tls_remote_certificate_allocate(&server_tls_session, &client_remote_certificate, client_remote_cert_buffer, sizeof(client_remote_cert_buffer));
350 nx_secure_tls_remote_certificate_allocate(&server_tls_session, &client_remote_issuer, client_remote_issuer_buffer, sizeof(client_remote_issuer_buffer));
351
352 /* Add a CA Certificate to our trusted store for verifying incoming client certificates. */
353 nx_secure_x509_certificate_initialize(&trusted_certificate, ca_cert_der, ca_cert_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
354 nx_secure_tls_trusted_certificate_add(&server_tls_session, &trusted_certificate);
355
356 /* Setup this thread to listen. */
357 status = nx_tcp_server_socket_listen(&ip_0, 12, &server_socket, 5, NX_NULL);
358 EXPECT_EQ(NX_SUCCESS, status);
359
360 /* Accept a client socket connection. */
361 status = nx_tcp_server_socket_accept(&server_socket, NX_IP_PERIODIC_RATE);
362 tx_thread_suspend(&ntest_0);
363
364 /* Receive ClientHello. */
365 status = nx_tcp_socket_receive(&server_socket, &receive_packet, NX_WAIT_FOREVER);
366 EXPECT_EQ(NX_SUCCESS, status);
367
368 /* Release the ClientHello packet. */
369 nx_packet_release(receive_packet);
370
371 /* Initialize server session manually. */
372 server_tls_session.nx_secure_tls_tcp_socket = &server_socket;
373 server_tls_session.nx_secure_tls_packet_pool = &pool_0;
374 server_tls_session.nx_secure_tls_protocol_version = NX_SECURE_TLS_VERSION_TLS_1_2;
375
376 status = _nx_secure_tls_allocate_handshake_packet(&server_tls_session, &pool_0, &send_packet, NX_WAIT_FOREVER);
377 tx_mutex_put(&_nx_secure_tls_protection);
378 EXPECT_EQ(NX_SUCCESS, status);
379
380 /* Send an invaild message type - NX_SECURE_TLS_HELLO_REQUEST_VERIFY. */
381 status = _nx_secure_tls_send_handshake_record(&server_tls_session, send_packet, NX_SECURE_TLS_HELLO_VERIFY_REQUEST, NX_WAIT_FOREVER);
382 tx_mutex_put(&_nx_secure_tls_protection);
383 EXPECT_EQ(NX_SUCCESS, status);
384
385 /* Try receiving records from the remote host. */
386 status = nx_packet_allocate(&pool_0, &receive_packet, NX_IPv4_TCP_PACKET, NX_WAIT_FOREVER);
387 tx_mutex_put(&_nx_secure_tls_protection);
388 server_tls_session.nx_secure_tls_socket_type = NX_SECURE_TLS_SESSION_TYPE_SERVER;
389 status = _nx_secure_tls_session_receive_records(&server_tls_session, &receive_packet, NX_WAIT_FOREVER);
390 EXPECT_EQ(NX_SECURE_TLS_ALERT_RECEIVED, status);
391
392 /* End the TLS session. This is required to properly shut down the TLS connection. */
393 status = nx_tcp_socket_disconnect(&server_socket, NX_WAIT_FOREVER); // NX_IP_PERIODIC_RATE * 10);
394 status += nx_tcp_server_socket_unaccept(&server_socket);
395 status += nx_tcp_server_socket_unlisten(&ip_0, 12);
396 status += nx_secure_tls_session_delete(&server_tls_session);
397 status += nx_tcp_socket_delete(&server_socket);
398 EXPECT_EQ(NX_SUCCESS, status);
399
400 }
401
402 /* -----===== CLIENT =====----- */
403
ntest_1_entry(ULONG thread_input)404 static void ntest_1_entry(ULONG thread_input)
405 {
406 UINT status;
407 NX_PACKET *send_packet = NX_NULL;
408 NX_PACKET *receive_packet;
409 NX_PACKET unused_packet;
410 UCHAR receive_buffer[400];
411 ULONG bytes;
412 UINT connect_count;
413 UINT i, bytes_processed;
414 NX_SECURE_X509_DNS_NAME dns_name;
415 NX_SECURE_X509_CERT cert;
416
417 /* Create a socket. */
418 status = nx_tcp_socket_create(&ip_1, &client_socket, "Client Socket",
419 NX_IP_NORMAL, NX_FRAGMENT_OKAY, NX_IP_TIME_TO_LIVE * 100, 1024*16,
420 NX_NULL, NX_NULL);
421 EXPECT_EQ(NX_SUCCESS, status);
422
423 /* Create a TLS session for our socket. */
424 status = nx_secure_tls_session_create(&client_tls_session,
425 &nx_crypto_tls_ciphers,
426 client_crypto_metadata,
427 sizeof(client_crypto_metadata));
428 EXPECT_EQ(NX_SUCCESS, status);
429
430 /* Setup our packet reassembly buffer. */
431 nx_secure_tls_session_packet_buffer_set(&client_tls_session, client_packet_buffer, sizeof(client_packet_buffer));
432
433 /* Make sure client certificate verification is disabled. */
434 nx_secure_tls_session_client_verify_disable(&client_tls_session);
435
436 /* Need to allocate space for the certificate coming in from the remote host. */
437 nx_secure_tls_remote_certificate_allocate(&client_tls_session, &remote_certificate, remote_cert_buffer, sizeof(remote_cert_buffer));
438 nx_secure_tls_remote_certificate_allocate(&client_tls_session, &remote_issuer, remote_issuer_buffer, sizeof(remote_issuer_buffer));
439
440 //nx_secure_x509_certificate_initialize(&certificate, cert_der, cert_der_len, NX_NULL, 0, private_key_der, private_key_der_len, NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
441 nx_secure_x509_certificate_initialize(&client_certificate, test_device_cert_der, test_device_cert_der_len, NX_NULL, 0, test_device_cert_key_der, test_device_cert_key_der_len, NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
442 nx_secure_tls_local_certificate_add(&client_tls_session, &client_certificate);
443
444 /* Add a CA Certificate to our trusted store for verifying incoming server certificates. */
445 nx_secure_x509_certificate_initialize(&trusted_certificate, ca_cert_der, ca_cert_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
446 nx_secure_tls_trusted_certificate_add(&client_tls_session, &trusted_certificate);
447
448 /* Bind the socket. */
449 status = nx_tcp_client_socket_bind(&client_socket, 12, NX_IP_PERIODIC_RATE);
450 EXPECT_EQ(NX_SUCCESS, status);
451
452 status = nx_tcp_client_socket_connect(&client_socket, IP_ADDRESS(1, 2, 3, 4), 12, 5 * NX_IP_PERIODIC_RATE);
453 EXPECT_EQ(NX_SUCCESS, status);
454
455 tx_thread_resume(&ntest_0);
456
457 status = nx_secure_tls_session_start(&client_tls_session, &client_socket, NX_WAIT_FOREVER);
458 EXPECT_EQ(NX_SECURE_TLS_HANDSHAKE_FAILURE, status);
459
460 /* Disconnect this socket. */
461 status = nx_tcp_socket_disconnect(&client_socket, NX_WAIT_FOREVER); //NX_IP_PERIODIC_RATE * 10);
462 EXPECT_EQ(NX_SUCCESS, status);
463
464 /* Bind the socket. */
465 status = nx_tcp_client_socket_unbind(&client_socket);
466 EXPECT_EQ(NX_SUCCESS, status);
467
468 /* Delete TLS session. */
469 status = nx_secure_tls_session_delete(&client_tls_session);
470 EXPECT_EQ(NX_SUCCESS, status);
471
472 /* Delete the socket. */
473 status = nx_tcp_socket_delete(&client_socket);
474 EXPECT_EQ(NX_SUCCESS, status);
475
476 printf("SUCCESS!\n");
477 test_control_return(0);
478 }
479
480 #else
481 #ifdef CTEST
482 void test_application_define(void *first_unused_memory);
test_application_define(void * first_unused_memory)483 void test_application_define(void *first_unused_memory)
484 #else
485 void nx_secure_tls_coverage_2_test_application_define(void *first_unused_memory)
486 #endif
487 {
488
489 /* Print out test information banner. */
490 printf("NetX Secure Test: TLS Coverage 2 Test................................N/A\n");
491 test_control_return(3);
492 }
493 #endif
494
