AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactor ssl test suite to use pointers more

Browse Source 
This way it's easier to track structures that are partially set up.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2022-09-30 12:54:41 -04:00
parent 46a987367c
commit 0abebebe6d
1 changed files with 73 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
tests/suites/test_suite_ssl.function
View File

@ -797,9 +797,9 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
*/
typedef struct mbedtls_endpoint_certificate
{
mbedtls_x509_crt ca_cert;
mbedtls_x509_crt cert;
mbedtls_pk_context pkey;
mbedtls_x509_crt* ca_cert;
mbedtls_x509_crt* cert;
mbedtls_pk_context* pkey;
} mbedtls_endpoint_certificate;
/*
@ -814,6 +814,42 @@ typedef struct mbedtls_endpoint
mbedtls_endpoint_certificate cert;
} mbedtls_endpoint;
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
{
mbedtls_endpoint_certificate *cert = &( ep->cert );
if( cert != NULL )
{
if( cert->ca_cert != NULL )
{
mbedtls_x509_crt_free( cert->ca_cert );
mbedtls_free( cert->ca_cert );
cert->ca_cert = NULL;
}
if( cert->cert != NULL )
{
mbedtls_x509_crt_free( cert->cert );
mbedtls_free( cert->cert );
cert->cert = NULL;
}
if( cert->pkey != NULL )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE )
{
mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
psa_destroy_key( *key_slot );
}
#endif
mbedtls_pk_free( cert->pkey );
mbedtls_free( cert->pkey );
cert->pkey = NULL;
}
}
}
/*
* Initializes \p ep_cert structure and assigns it to endpoint
* represented by \p ep.
@ -826,7 +862,7 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
{
int i = 0;
int ret = -1;
mbedtls_endpoint_certificate *cert;
mbedtls_endpoint_certificate *cert = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
#endif
@ -837,15 +873,19 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
}
cert = &( ep->cert );
mbedtls_x509_crt_init( &( cert->ca_cert ) );
mbedtls_x509_crt_init( &( cert->cert ) );
mbedtls_pk_init( &( cert->pkey ) );
cert->ca_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
cert->cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
cert->pkey = mbedtls_calloc( 1, sizeof(mbedtls_pk_context) );
mbedtls_x509_crt_init( cert->ca_cert );
mbedtls_x509_crt_init( cert->cert );
mbedtls_pk_init( cert->pkey );
/* Load the trusted CA */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
ret = mbedtls_x509_crt_parse_der( cert->ca_cert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
TEST_ASSERT( ret == 0 );
@ -857,12 +897,12 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
{
if( pk_alg == MBEDTLS_PK_RSA )
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
mbedtls_test_srv_crt_rsa_sha256_der_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@ -870,12 +910,12 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
}
else
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_ec_der,
mbedtls_test_srv_crt_ec_der_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@ -886,12 +926,12 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
{
if( pk_alg == MBEDTLS_PK_RSA )
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_rsa_der,
mbedtls_test_cli_crt_rsa_der_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@ -899,12 +939,12 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
}
else
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_ec_der,
mbedtls_test_cli_crt_ec_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@ -915,7 +955,7 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opaque_alg != 0 )
{
TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &( cert->pkey ), &key_slot,
TEST_EQUAL( mbedtls_pk_wrap_as_opaque( cert->pkey, &key_slot,
opaque_alg, opaque_usage,
opaque_alg2 ), 0 );
}
@ -925,10 +965,10 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
(void) opaque_usage;
#endif
mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL );
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
&( cert->pkey ) );
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
cert->pkey );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( ep->conf.key_cert != NULL );
@ -936,20 +976,14 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
TEST_ASSERT( ret == 0 );
TEST_ASSERT( ep->conf.key_cert == NULL );
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
&( cert->pkey ) );
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
cert->pkey );
TEST_ASSERT( ret == 0 );
exit:
if( ret != 0 )
{
mbedtls_x509_crt_free( &( cert->ca_cert ) );
mbedtls_x509_crt_free( &( cert->cert ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opaque_alg != 0 )
psa_destroy_key( key_slot );
#endif
mbedtls_pk_free( &( cert->pkey ) );
mbedtls_endpoint_certificate_free( ep );
}
return ret;
@ -1075,25 +1109,6 @@ exit:
return ret;
}
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
{
mbedtls_endpoint_certificate *cert = &( ep->cert );
mbedtls_x509_crt_free( &( cert->ca_cert ) );
mbedtls_x509_crt_free( &( cert->cert ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( mbedtls_pk_get_type( &( cert->pkey ) ) == MBEDTLS_PK_OPAQUE )
{
mbedtls_svc_key_id_t *key_slot = cert->pkey.pk_ctx;
psa_destroy_key( *key_slot );
}
#endif
mbedtls_pk_free( &( cert->pkey ) );
}
/*
* Deinitializes endpoint represented by \p ep.
*/
@ -2077,7 +2092,8 @@ void perform_handshake( handshake_test_options *options )
int expected_handshake_result = options->expected_handshake_result;
USE_PSA_INIT( );
mbedtls_platform_zeroize( &client, sizeof(client) );
mbedtls_platform_zeroize( &server, sizeof(server) );
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
mbedtls_message_socket_init( &server_context );
@ -5122,6 +5138,8 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
options.pk_alg = MBEDTLS_PK_RSA;
USE_PSA_INIT( );
mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, &options,
NULL, NULL, NULL, NULL );
@ -5827,6 +5845,8 @@ void force_bad_session_id_len( )
options.srv_log_fun = log_analyzer;
USE_PSA_INIT( );
mbedtls_platform_zeroize( &client, sizeof(client) );
mbedtls_platform_zeroize( &server, sizeof(server) );
mbedtls_message_socket_init( &server_context );
mbedtls_message_socket_init( &client_context );
@ -6007,6 +6027,8 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key )
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
USE_PSA_INIT( );
mbedtls_platform_zeroize( &client, sizeof(client) );
mbedtls_platform_zeroize( &server, sizeof(server) );
init_handshake_options( &options );
options.pk_alg = MBEDTLS_PK_ECDSA;
@ -6081,6 +6103,8 @@ void tls13_server_certificate_msg_invalid_vector_len( )
* Test set-up
*/
USE_PSA_INIT( );
mbedtls_platform_zeroize( &client_ep, sizeof(client_ep) );
mbedtls_platform_zeroize( &server_ep, sizeof(server_ep) );
init_handshake_options( &client_options );
client_options.pk_alg = MBEDTLS_PK_ECDSA;