Merge pull request #3195 from paul-elliott-arm/development

Add min/max version negotiation to unit tests
Mbed-TLS · Jun 10, 2020 · 5b66d44 · 5b66d44
2 parents 87a51aa + c857044
commit 5b66d44
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 22 deletions.
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
@@ -201,19 +201,19 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TIC
 
 Handshake, SSL3
 depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0
+handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0
 
 Handshake, tls1
 depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
-handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0
+handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1
 
 Handshake, tls1_1
 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
-handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0
+handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2
 
 Handshake, tls1_2
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2
-handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0
+handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3
 
 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -241,11 +241,11 @@ handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
 
 DTLS Handshake, tls1_1
 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS
-handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1
+handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2
 
 DTLS Handshake, tls1_2
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
-handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1
+handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3
 
 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
@@ -281,6 +281,38 @@ handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1
 DTLS Handshake fragmentation, MFL=1024
 handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
 
+Handshake min/max version check, all -> 1.2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_3
+
+Handshake min/max version check, cli max 1.1 -> 1.1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1
+
+Handshake min/max version check, srv max 1.1 -> 1.1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1
+
+Handshake min/max version check, cli+srv max 1.1 -> 1.1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1
+
+Handshake min/max version check, cli max 1.1, srv min 1.1 -> 1.1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1
+
+Handshake min/max version check, cli min 1.1, srv max 1.1 -> 1.1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC
+handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1
+
+Handshake min/max version check, cli min 1.2, srv max 1.1 -> fail
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TLS1_2
+handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE
+
+Handshake min/max version check, srv min 1.2, cli max 1.1 -> fail
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TLS1_2
+handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE
+
 Sending app data via TLS, MFL=512 without fragmentation
 depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
@@ -36,10 +36,17 @@ void log_analyzer( void *ctx, int level,
     }
 }
 
+/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
+#define TEST_SSL_MINOR_VERSION_NONE -1
+
 typedef struct handshake_test_options
 {
     const char *cipher;
-    int version;
+    int client_min_version;
+    int client_max_version;
+    int server_min_version;
+    int server_max_version;
+    int expected_negotiated_version;
     int pk_alg;
     data_t *psk_str;
     int dtls;
@@ -62,7 +69,11 @@ typedef struct handshake_test_options
 void init_handshake_options( handshake_test_options *opts )
 {
   opts->cipher = "";
-  opts->version = MBEDTLS_SSL_MINOR_VERSION_3;
+  opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
+  opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
+  opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
+  opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
+  opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
   opts->pk_alg = MBEDTLS_PK_RSA;
   opts->psk_str = NULL;
   opts->dtls = 0;
@@ -1671,7 +1682,7 @@ void perform_handshake( handshake_test_options* options )
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     int ret = -1;
 #endif
-
+    int expected_handshake_result = 0;
 
     mbedtls_test_message_queue server_queue, client_queue;
     mbedtls_test_message_socket_context server_context, client_context;
@@ -1697,10 +1708,18 @@ void perform_handshake( handshake_test_options* options )
                                             options->pk_alg, NULL, NULL,
                                             NULL ) == 0 );
     }
-    mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
-                                      options->version );
-    mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
-                                      options->version );
+
+    if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
+    {
+        mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+                                          options->client_min_version );
+    }
+
+    if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
+    {
+        mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+                                          options->client_max_version );
+    }
 
     if( strlen( options->cipher ) > 0 )
     {
@@ -1737,8 +1756,18 @@ void perform_handshake( handshake_test_options* options )
 
     mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
 
-    mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
-                                      options->version );
+    if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
+    {
+        mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+                                          options->server_min_version );
+    }
+
+    if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
+    {
+        mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+                                          options->server_max_version );
+    }
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf),
                                          (unsigned char) options->mfl ) == 0 );
@@ -1803,18 +1832,36 @@ void perform_handshake( handshake_test_options* options )
     }
 #endif
 
+    if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
+    {
+        expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
+    }
+
     TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
                                                   &(server.ssl),
                                                   MBEDTLS_SSL_HANDSHAKE_OVER )
-                 == 0 );
+                 ==  expected_handshake_result );
+
+    if( expected_handshake_result != 0 )
+    {
+        /* Connection will have failed by this point, skip to cleanup */
+        goto exit;
+    }
+
     TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
     TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
 
+    /* Check that we agree on the version... */
+    TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
+
+    /* And check that the version negotiated is the expected one. */
+    TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
+
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     if( options->resize_buffers != 0 )
     {
-        if( options->version != MBEDTLS_SSL_MINOR_VERSION_0 &&
-            options->version != MBEDTLS_SSL_MINOR_VERSION_1 )
+        if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
+            options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
         {
             /* A server, when using DTLS, might delay a buffer resize to happen
              * after it receives a message, so we force it. */
@@ -3791,17 +3838,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
-void handshake_version( int version, int dtls )
+void handshake_version( int dtls, int client_min_version, int client_max_version,
+                        int server_min_version, int server_max_version,
+                        int expected_negotiated_version )
 {
     handshake_test_options options;
     init_handshake_options( &options );
 
-    options.version = version;
+    options.client_min_version = client_min_version;
+    options.client_max_version = client_max_version;
+    options.server_min_version = server_min_version;
+    options.server_max_version = server_max_version;
+
+    options.expected_negotiated_version = expected_negotiated_version;
+
     options.dtls = dtls;
     /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so
      * the number of fragments will be twice as big. */
-    if( version == MBEDTLS_SSL_MINOR_VERSION_0 ||
-        version == MBEDTLS_SSL_MINOR_VERSION_1 )
+    if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 ||
+        expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
     {
         options.expected_cli_fragments = 2;
         options.expected_srv_fragments = 2;