1 /** \file ssl_helpers.h 2 * 3 * \brief This file contains helper functions to set up a TLS connection. 4 */ 5 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 11 #ifndef SSL_HELPERS_H 12 #define SSL_HELPERS_H 13 14 #include "mbedtls/build_info.h" 15 16 #include <string.h> 17 18 #include <test/helpers.h> 19 #include <test/macros.h> 20 #include <test/random.h> 21 #include <test/psa_crypto_helpers.h> 22 23 #if defined(MBEDTLS_SSL_TLS_C) 24 #include <ssl_misc.h> 25 #include <mbedtls/timing.h> 26 #include <mbedtls/debug.h> 27 28 #include "test/certs.h" 29 30 #if defined(MBEDTLS_SSL_CACHE_C) 31 #include "mbedtls/ssl_cache.h" 32 #endif 33 34 #if defined(MBEDTLS_USE_PSA_CRYPTO) 35 #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ 36 psa_to_ssl_errors, \ 37 psa_generic_status_to_mbedtls) 38 #endif 39 40 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 41 #if defined(MBEDTLS_AES_C) 42 #if defined(MBEDTLS_GCM_C) 43 #if defined(MBEDTLS_MD_CAN_SHA384) 44 #define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 45 #endif 46 #if defined(MBEDTLS_MD_CAN_SHA256) 47 #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 48 #endif 49 #endif /* MBEDTLS_GCM_C */ 50 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) 51 #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 52 #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 53 #endif 54 #endif /* MBEDTLS_AES_C */ 55 #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) 56 #define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 57 #endif 58 59 #if defined(MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384) || \ 60 defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256) || \ 61 defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256) || \ 62 defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256) || \ 63 defined(MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256) 64 #define MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE 65 #endif 66 67 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 68 69 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 70 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 71 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 72 #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY 73 #endif 74 enum { 75 #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ 76 tls13_label_ ## name, 77 MBEDTLS_SSL_TLS1_3_LABEL_LIST 78 #undef MBEDTLS_SSL_TLS1_3_LABEL 79 }; 80 81 typedef struct mbedtls_test_ssl_log_pattern { 82 const char *pattern; 83 size_t counter; 84 } mbedtls_test_ssl_log_pattern; 85 86 typedef struct mbedtls_test_handshake_test_options { 87 const char *cipher; 88 mbedtls_ssl_protocol_version client_min_version; 89 mbedtls_ssl_protocol_version client_max_version; 90 mbedtls_ssl_protocol_version server_min_version; 91 mbedtls_ssl_protocol_version server_max_version; 92 mbedtls_ssl_protocol_version expected_negotiated_version; 93 int expected_handshake_result; 94 int expected_ciphersuite; 95 int pk_alg; 96 int opaque_alg; 97 int opaque_alg2; 98 int opaque_usage; 99 data_t *psk_str; 100 int dtls; 101 int srv_auth_mode; 102 int serialize; 103 int mfl; 104 int cli_msg_len; 105 int srv_msg_len; 106 int expected_cli_fragments; 107 int expected_srv_fragments; 108 int renegotiate; 109 int legacy_renegotiation; 110 void *srv_log_obj; 111 void *cli_log_obj; 112 void (*srv_log_fun)(void *, int, const char *, int, const char *); 113 void (*cli_log_fun)(void *, int, const char *, int, const char *); 114 int resize_buffers; 115 #if defined(MBEDTLS_SSL_CACHE_C) 116 mbedtls_ssl_cache_context *cache; 117 #endif 118 } mbedtls_test_handshake_test_options; 119 120 /* 121 * Buffer structure for custom I/O callbacks. 122 */ 123 typedef struct mbedtls_test_ssl_buffer { 124 size_t start; 125 size_t content_length; 126 size_t capacity; 127 unsigned char *buffer; 128 } mbedtls_test_ssl_buffer; 129 130 /* 131 * Context for a message metadata queue (fifo) that is on top of the ring buffer. 132 */ 133 typedef struct mbedtls_test_ssl_message_queue { 134 size_t *messages; 135 int pos; 136 int num; 137 int capacity; 138 } mbedtls_test_ssl_message_queue; 139 140 /* 141 * Context for the I/O callbacks simulating network connection. 142 */ 143 144 #define MBEDTLS_MOCK_SOCKET_CONNECTED 1 145 146 typedef struct mbedtls_test_mock_socket { 147 int status; 148 mbedtls_test_ssl_buffer *input; 149 mbedtls_test_ssl_buffer *output; 150 struct mbedtls_test_mock_socket *peer; 151 } mbedtls_test_mock_socket; 152 153 /* Errors used in the message socket mocks */ 154 155 #define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 156 #define MBEDTLS_TEST_ERROR_SEND_FAILED -66 157 #define MBEDTLS_TEST_ERROR_RECV_FAILED -77 158 159 /* 160 * Structure used as an addon, or a wrapper, around the mocked sockets. 161 * Contains an input queue, to which the other socket pushes metadata, 162 * and an output queue, to which this one pushes metadata. This context is 163 * considered as an owner of the input queue only, which is initialized and 164 * freed in the respective setup and free calls. 165 */ 166 typedef struct mbedtls_test_message_socket_context { 167 mbedtls_test_ssl_message_queue *queue_input; 168 mbedtls_test_ssl_message_queue *queue_output; 169 mbedtls_test_mock_socket *socket; 170 } mbedtls_test_message_socket_context; 171 172 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 173 174 /* 175 * Structure with endpoint's certificates for SSL communication tests. 176 */ 177 typedef struct mbedtls_test_ssl_endpoint_certificate { 178 mbedtls_x509_crt *ca_cert; 179 mbedtls_x509_crt *cert; 180 mbedtls_pk_context *pkey; 181 } mbedtls_test_ssl_endpoint_certificate; 182 183 /* 184 * Endpoint structure for SSL communication tests. 185 */ 186 typedef struct mbedtls_test_ssl_endpoint { 187 const char *name; 188 mbedtls_ssl_context ssl; 189 mbedtls_ssl_config conf; 190 mbedtls_test_mock_socket socket; 191 mbedtls_test_ssl_endpoint_certificate cert; 192 } mbedtls_test_ssl_endpoint; 193 194 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 195 196 /* 197 * This function can be passed to mbedtls to receive output logs from it. In 198 * this case, it will count the instances of a mbedtls_test_ssl_log_pattern 199 * in the received logged messages. 200 */ 201 void mbedtls_test_ssl_log_analyzer(void *ctx, int level, 202 const char *file, int line, 203 const char *str); 204 205 void mbedtls_test_init_handshake_options( 206 mbedtls_test_handshake_test_options *opts); 207 208 void mbedtls_test_free_handshake_options( 209 mbedtls_test_handshake_test_options *opts); 210 211 /* 212 * Initialises \p buf. After calling this function it is safe to call 213 * `mbedtls_test_ssl_buffer_free()` on \p buf. 214 */ 215 void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); 216 217 /* 218 * Sets up \p buf. After calling this function it is safe to call 219 * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` 220 * on \p buf. 221 */ 222 int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, 223 size_t capacity); 224 225 void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); 226 227 /* 228 * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. 229 * 230 * \p buf must have been initialized and set up by calling 231 * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. 232 * 233 * \retval \p input_len, if the data fits. 234 * \retval 0 <= value < \p input_len, if the data does not fit. 235 * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not 236 * zero and \p input is NULL. 237 */ 238 int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, 239 const unsigned char *input, size_t input_len); 240 241 /* 242 * Gets \p output_len bytes from the ring buffer \p buf into the 243 * \p output buffer. The output buffer can be NULL, in this case a part of the 244 * ring buffer will be dropped, if the requested length is available. 245 * 246 * \p buf must have been initialized and set up by calling 247 * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. 248 * 249 * \retval \p output_len, if the data is available. 250 * \retval 0 <= value < \p output_len, if the data is not available. 251 * \retval -1, if \buf is NULL or it hasn't been set up. 252 */ 253 int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, 254 unsigned char *output, size_t output_len); 255 256 /* 257 * Errors used in the message transport mock tests 258 */ 259 #define MBEDTLS_TEST_ERROR_ARG_NULL -11 260 #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 261 262 /* 263 * Setup and free functions for the message metadata queue. 264 * 265 * \p capacity describes the number of message metadata chunks that can be held 266 * within the queue. 267 * 268 * \retval 0, if a metadata queue of a given length can be allocated. 269 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. 270 */ 271 int mbedtls_test_ssl_message_queue_setup( 272 mbedtls_test_ssl_message_queue *queue, size_t capacity); 273 274 void mbedtls_test_ssl_message_queue_free( 275 mbedtls_test_ssl_message_queue *queue); 276 277 /* 278 * Push message length information onto the message metadata queue. 279 * This will become the last element to leave it (fifo). 280 * 281 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. 282 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. 283 * \retval \p len, if the push was successful. 284 */ 285 int mbedtls_test_ssl_message_queue_push_info( 286 mbedtls_test_ssl_message_queue *queue, size_t len); 287 288 /* 289 * Pop information about the next message length from the queue. This will be 290 * the oldest inserted message length(fifo). \p msg_len can be null, in which 291 * case the data will be popped from the queue but not copied anywhere. 292 * 293 * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. 294 * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. 295 * \retval message length, if the pop was successful, up to the given 296 \p buf_len. 297 */ 298 int mbedtls_test_ssl_message_queue_pop_info( 299 mbedtls_test_ssl_message_queue *queue, size_t buf_len); 300 301 /* 302 * Setup and teardown functions for mock sockets. 303 */ 304 void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); 305 306 /* 307 * Closes the socket \p socket. 308 * 309 * \p socket must have been previously initialized by calling 310 * mbedtls_test_mock_socket_init(). 311 * 312 * This function frees all allocated resources and both sockets are aware of the 313 * new connection state. 314 * 315 * That is, this function does not simulate half-open TCP connections and the 316 * phenomenon that when closing a UDP connection the peer is not aware of the 317 * connection having been closed. 318 */ 319 void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); 320 321 /* 322 * Establishes a connection between \p peer1 and \p peer2. 323 * 324 * \p peer1 and \p peer2 must have been previously initialized by calling 325 * mbedtls_test_mock_socket_init(). 326 * 327 * The capacities of the internal buffers are set to \p bufsize. Setting this to 328 * the correct value allows for simulation of MTU, sanity testing the mock 329 * implementation and mocking TCP connections with lower memory cost. 330 */ 331 int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, 332 mbedtls_test_mock_socket *peer2, 333 size_t bufsize); 334 335 336 /* 337 * Callbacks for simulating blocking I/O over connection-oriented transport. 338 */ 339 int mbedtls_test_mock_tcp_send_b(void *ctx, 340 const unsigned char *buf, size_t len); 341 342 int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); 343 344 /* 345 * Callbacks for simulating non-blocking I/O over connection-oriented transport. 346 */ 347 int mbedtls_test_mock_tcp_send_nb(void *ctx, 348 const unsigned char *buf, size_t len); 349 350 int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); 351 352 void mbedtls_test_message_socket_init( 353 mbedtls_test_message_socket_context *ctx); 354 355 /* 356 * Setup a given message socket context including initialization of 357 * input/output queues to a chosen capacity of messages. Also set the 358 * corresponding mock socket. 359 * 360 * \retval 0, if everything succeeds. 361 * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message 362 * queue failed. 363 */ 364 int mbedtls_test_message_socket_setup( 365 mbedtls_test_ssl_message_queue *queue_input, 366 mbedtls_test_ssl_message_queue *queue_output, 367 size_t queue_capacity, 368 mbedtls_test_mock_socket *socket, 369 mbedtls_test_message_socket_context *ctx); 370 371 /* 372 * Close a given message socket context, along with the socket itself. Free the 373 * memory allocated by the input queue. 374 */ 375 void mbedtls_test_message_socket_close( 376 mbedtls_test_message_socket_context *ctx); 377 378 /* 379 * Send one message through a given message socket context. 380 * 381 * \retval \p len, if everything succeeds. 382 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context 383 * elements or the context itself is null. 384 * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if 385 * mbedtls_test_mock_tcp_send_b failed. 386 * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. 387 * 388 * This function will also return any error from 389 * mbedtls_test_ssl_message_queue_push_info. 390 */ 391 int mbedtls_test_mock_tcp_send_msg(void *ctx, 392 const unsigned char *buf, size_t len); 393 394 /* 395 * Receive one message from a given message socket context and return message 396 * length or an error. 397 * 398 * \retval message length, if everything succeeds. 399 * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context 400 * elements or the context itself is null. 401 * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if 402 * mbedtls_test_mock_tcp_recv_b failed. 403 * 404 * This function will also return any error other than 405 * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. 406 */ 407 int mbedtls_test_mock_tcp_recv_msg(void *ctx, 408 unsigned char *buf, size_t buf_len); 409 410 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 411 412 /* 413 * Initializes \p ep_cert structure and assigns it to endpoint 414 * represented by \p ep. 415 * 416 * \retval 0 on success, otherwise error code. 417 */ 418 int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, 419 int pk_alg, 420 int opaque_alg, int opaque_alg2, 421 int opaque_usage); 422 423 /* 424 * Initializes \p ep structure. It is important to call 425 * `mbedtls_test_ssl_endpoint_free()` after calling this function 426 * even if it fails. 427 * 428 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or 429 * MBEDTLS_SSL_IS_CLIENT. 430 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and 431 * MBEDTLS_PK_ECDSA are supported. 432 * \p dtls_context - in case of DTLS - this is the context handling metadata. 433 * \p input_queue - used only in case of DTLS. 434 * \p output_queue - used only in case of DTLS. 435 * 436 * \retval 0 on success, otherwise error code. 437 */ 438 int mbedtls_test_ssl_endpoint_init( 439 mbedtls_test_ssl_endpoint *ep, int endpoint_type, 440 mbedtls_test_handshake_test_options *options, 441 mbedtls_test_message_socket_context *dtls_context, 442 mbedtls_test_ssl_message_queue *input_queue, 443 mbedtls_test_ssl_message_queue *output_queue, 444 uint16_t *group_list); 445 446 /* 447 * Deinitializes endpoint represented by \p ep. 448 */ 449 void mbedtls_test_ssl_endpoint_free( 450 mbedtls_test_ssl_endpoint *ep, 451 mbedtls_test_message_socket_context *context); 452 453 /* 454 * This function moves ssl handshake from \p ssl to prescribed \p state. 455 * /p second_ssl is used as second endpoint and their sockets have to be 456 * connected before calling this function. 457 * 458 * \retval 0 on success, otherwise error code. 459 */ 460 int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, 461 mbedtls_ssl_context *second_ssl, 462 int state); 463 464 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 465 466 /* 467 * Helper function setting up inverse record transformations 468 * using given cipher, hash, EtM mode, authentication tag length, 469 * and version. 470 */ 471 #define CHK(x) \ 472 do \ 473 { \ 474 if (!(x)) \ 475 { \ 476 ret = -1; \ 477 goto cleanup; \ 478 } \ 479 } while (0) 480 481 #if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX 482 #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX 483 #else 484 #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX 485 #endif 486 487 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 488 defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) 489 int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, 490 const unsigned char *iv, 491 size_t iv_len, 492 const unsigned char *input, 493 size_t ilen, 494 unsigned char *output, 495 size_t *olen); 496 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && 497 MBEDTLS_AES_C */ 498 499 int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, 500 mbedtls_ssl_transform *t_out, 501 int cipher_type, int hash_id, 502 int etm, int tag_mode, 503 mbedtls_ssl_protocol_version tls_version, 504 size_t cid0_len, 505 size_t cid1_len); 506 507 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) 508 /** 509 * \param[in,out] record The record to prepare. 510 * It must contain the data to MAC at offset 511 * `record->data_offset`, of length 512 * `record->data_length`. 513 * On success, write the MAC immediately 514 * after the data and increment 515 * `record->data_length` accordingly. 516 * \param[in,out] transform_out The out transform, typically prepared by 517 * mbedtls_test_ssl_build_transforms(). 518 * Its HMAC context may be used. Other than that 519 * it is treated as an input parameter. 520 * 521 * \return 0 on success, an `MBEDTLS_ERR_xxx` error code 522 * or -1 on error. 523 */ 524 int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, 525 mbedtls_ssl_transform *transform_out); 526 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ 527 528 /* 529 * Populate a session structure for serialization tests. 530 * Choose dummy values, mostly non-0 to distinguish from the init default. 531 */ 532 int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, 533 int ticket_len, 534 const char *crt_file); 535 536 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 537 int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, 538 int ticket_len, 539 int endpoint_type); 540 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 541 542 /* 543 * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the 544 * message was sent in the correct number of fragments. 545 * 546 * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both 547 * of them must be initialized and connected 548 * beforehand. 549 * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. 550 * /p expected_fragments_1 and /p expected_fragments_2 determine in how many 551 * fragments the message should be sent. 552 * expected_fragments is 0: can be used for DTLS testing while the message 553 * size is larger than MFL. In that case the message 554 * cannot be fragmented and sent to the second 555 * endpoint. 556 * This value can be used for negative tests. 557 * expected_fragments is 1: can be used for TLS/DTLS testing while the 558 * message size is below MFL 559 * expected_fragments > 1: can be used for TLS testing while the message 560 * size is larger than MFL 561 * 562 * \retval 0 on success, otherwise error code. 563 */ 564 int mbedtls_test_ssl_exchange_data( 565 mbedtls_ssl_context *ssl_1, 566 int msg_len_1, const int expected_fragments_1, 567 mbedtls_ssl_context *ssl_2, 568 int msg_len_2, const int expected_fragments_2); 569 570 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) 571 void mbedtls_test_ssl_perform_handshake( 572 mbedtls_test_handshake_test_options *options); 573 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ 574 575 #if defined(MBEDTLS_TEST_HOOKS) 576 /* 577 * Tweak vector lengths in a TLS 1.3 Certificate message 578 * 579 * \param[in] buf Buffer containing the Certificate message to tweak 580 * \param[in]]out] end End of the buffer to parse 581 * \param tweak Tweak identifier (from 1 to the number of tweaks). 582 * \param[out] expected_result Error code expected from the parsing function 583 * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that 584 * is expected to fail. All zeroes if no 585 * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. 586 */ 587 int mbedtls_test_tweak_tls13_certificate_msg_vector_len( 588 unsigned char *buf, unsigned char **end, int tweak, 589 int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); 590 #endif /* MBEDTLS_TEST_HOOKS */ 591 592 #define ECJPAKE_TEST_PWD "bla" 593 594 #if defined(MBEDTLS_USE_PSA_CRYPTO) 595 #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ 596 ret = (use_opaque_arg) ? \ 597 mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ 598 mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ 599 TEST_EQUAL(ret, exp_ret_val) 600 #else 601 #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ 602 ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ 603 pwd_string, pwd_len); \ 604 TEST_EQUAL(ret, exp_ret_val) 605 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 606 607 #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ 608 TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ 609 group_id_); \ 610 TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ 611 tls_id_); \ 612 TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ 613 &psa_type, &psa_bits), PSA_SUCCESS); \ 614 TEST_EQUAL(psa_family_, PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type)); \ 615 TEST_EQUAL(psa_bits_, psa_bits); 616 617 #define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ 618 TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ 619 MBEDTLS_ECP_DP_NONE); \ 620 TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ 621 0); \ 622 TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ 623 &psa_type, &psa_bits), \ 624 PSA_ERROR_NOT_SUPPORTED); 625 626 #endif /* MBEDTLS_SSL_TLS_C */ 627 628 #endif /* SSL_HELPERS_H */ 629
