We were not making enough room. We want to move everything from the
place where we are going to insert the new record.
This was not causing failures because the code does not look at the
content after the inserted record, because it correctly returns an error
when seeing the inserted record. But as a matter on principle, the test
code should be doing what it says: just insert a new record but leave
a valid fragment after it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This one is overly tight: TLS 1.3 actually only depends on
ChachaPoly || (AES && (GCM || CCM))
Furthermore, this should really be reflected in check_config.h.
Individual test cases should be able to just request PROTO_TLS1_3 and
know that there is ciphersuite that works.
However, resolving that seems out of scope for this PR. (It would also
involve updating depends.py for example.)
So, use a dependency that's stricted than necessary. IMO it's still good
enough as most configs we test will have ChachaPoly. However it would be
good to revisit this when a cleaner solution is implemented.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The function depends on MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED which is
basically
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED ||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
The individual test cases depend on the specific TLS version.
This is not precise enough. In a build with both TLS versions enabled,
we could have cert-based key exchange in one version but not in the
other. So, we need the 1.3 tests to depend on the 1.3 cert-based key
exchange and similarly for 1.2.
For 1.2, cert-based key exchange means ECDHE-{RSA,ECDSA} or
ECDH-{RSA,ECDSA}. Since the test function sets an ECC cert for the
server, we want one of the ECDSA ones. So, the minimal dependency would
be ECDH_ECDSA || ECDHE_ECDSA. Since dependencies with || are
inconvenient to express, and anyway ECDH_ECDSA (static ECDH) is
something we'd like to remove in 4.0 if we can find the time, I chose to
just depend on ECDHE_ECDSA.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
These are not optimal. For example, the tests should in principle be
able to run in builds without ECDSA, by using RSA certs instead. Ideally
PSK should work too.
However, getting optimal dependencies would be a lot of work that's
largely orthogonal to the purpose of this PR, so we'll settle for good
enough.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Simulate the server closing the connection after a partial handshake
message.
These test cases don't send a close_notify alert. The test cases
"insert alert record" exercise what happens if the server sends an alert.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create tests that coalesce the handshake messages in the first flight from
the server. This lets us test the behavior of the library when a handshake
record contains multiple handshake messages.
Only non-protected (non-encrypted, non-authenticated) handshake messages are
supported.
The test code works for all protocol versions, but it is only effective in
TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record,
so we can't test records containing more than one handshake message without
a lot more work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This should avoid running into a bug with printf format specifiers one
windows.
It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
We're not sending a signature_algorithm extension, which means SHA-1.
Caught by depends.py hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.
Caught by depends.py curves
Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Two of these tests reveal bugs in the code, so they're commented out for
now.
For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.
To be fixed in future commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
