Skip to content

Commit

Permalink
Add tests for max_early_data_size
Browse files Browse the repository at this point in the history 
Add different conf value for 1st and 2nd connection

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
  • Loading branch information
@yuhaoth
yuhaoth committed Dec 17, 2022
1 parent 27b7105 commit 21a2d11
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 6 deletions.
2 changes: 1 addition & 1 deletion programs/ssl/ssl_server2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,7 @@ int main( void )

#define ARRAY_LENGTH( a ) (sizeof(a)/sizeof(a[0]))
#if defined(MBEDTLS_SSL_EARLY_DATA)

#define USAGE_EARLY_DATA \
" max_early_data_size=%%d default: -1 (disabled)\n" \
" The max amount of 0-RTT data for 1st and 2nd connection\n" \
Expand Down Expand Up @@ -3487,7 +3488,6 @@ int main( int argc, char *argv[] )
}
tls13_connection_time++;
#endif /* MBEDTLS_SSL_EARLY_DATA */

#if !defined(_WIN32)
if( received_sigterm )
{
Expand Down
46 changes: 41 additions & 5 deletions tests/opt-testcases/tls13-misc.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,7 @@ run_test "TLS 1.3, ext PSK, early data" \

EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
EARLY_DATA_INPUT_LINE1_LEN=$(head -1 $EARLY_DATA_INPUT | wc -c)

requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
Expand Down Expand Up @@ -395,7 +396,6 @@ run_test "TLS 1.3 G->m: EarlyData: disabled and exceed limitation, fail." \
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
1 \
-c "Resume Handshake was completed" \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension does not exist." \
Expand All @@ -418,7 +418,7 @@ run_test "TLS 1.3 G->m: EarlyData: ephemeral: feature is enabled, good." \
-c "Resume Handshake was completed" \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "NewSessionTicket: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension exists." \
-s "$( tail -1 $EARLY_DATA_INPUT )"

requires_gnutls_next
Expand All @@ -437,7 +437,7 @@ run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, good." \
-c "Resume Handshake was completed" \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "NewSessionTicket: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension exists." \
-s "$( tail -1 $EARLY_DATA_INPUT )"

requires_gnutls_next
Expand All @@ -451,9 +451,45 @@ run_test "TLS 1.3 G->m: EarlyData: enabled and exceed limitation, fail."
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
1 \
-c "Resume Handshake was completed" \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "NewSessionTicket: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension exists." \
-s "EarlyData: Received size exceeds session limitation." \
-s "An unexpected message was received from our peer"

requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_value_at_least MBEDTLS_SSL_MAX_EARLY_DATA_SIZE $EARLY_DATA_INPUT_LINE1_LEN
run_test "TLS 1.3 G->m: EarlyData: enabled and exceed 2nd limitation, fail." \
"$P_SRV force_version=tls13 debug_level=5 max_early_data_size=$EARLY_DATA_INPUT_LEN,$EARLY_DATA_INPUT_LINE1_LEN" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
1 \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "EarlyData: Received size exceeds configured limitation." \
-s "NewSessionTicket: early_data(42) extension exists." \
-s "An unexpected message was received from our peer"

requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_value_at_least MBEDTLS_SSL_MAX_EARLY_DATA_SIZE $EARLY_DATA_INPUT_LINE1_LEN
run_test "TLS 1.3 G->m: EarlyData: enabled and exceed 1st limitation, fail." \
"$P_SRV force_version=tls13 debug_level=5 max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN,$EARLY_DATA_INPUT_LEN" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
1 \
-s "An unexpected message was received from our peer" \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "EarlyData: Received size exceeds session limitation." \
-s "NewSessionTicket: early_data(42) extension exists." \
-S "Ignore application message"

0 comments on commit 21a2d11

Please sign in to comment.