Add test for early data size exceed limitation.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Mbed-TLS · Nov 16, 2022 · 3cea3f3 · 3cea3f3
1 parent 11dfb5b
commit 3cea3f3
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 5 deletions.
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
@@ -2967,6 +2967,7 @@ static int ssl_tls13_write_early_data_ext_of_nst( mbedtls_ssl_context *ssl,
     MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 );
     MBEDTLS_PUT_UINT16_BE( 4, p, 2 );
     MBEDTLS_PUT_UINT32_BE( ssl->conf->max_early_data_size, p, 4 );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl->conf->max_early_data_size=%" MBEDTLS_PRINTF_SIZET, ssl->conf->max_early_data_size ) );
 
     *out_len = 8;
 

diff --git a/tests/data_files/early_data.txt b/tests/data_files/early_data.txt
@@ -1 +1,3 @@
-EarlyData context. If it appear, that means early_data success
+EarlyData context: line 0                                                    lf
+EarlyData context: line 1                                                    lf
+EarlyData context: If it appear, that means early_data success
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
@@ -323,6 +323,8 @@ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS
                              MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME    \
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
                              MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 run_test "TLS 1.3 G->m: EarlyData: ephemeral: feature is disabled, good." \
          "$P_SRV force_version=tls13 reco_debug_level=4" \
          "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
@@ -349,28 +351,34 @@ run_test "TLS 1.3 G->m: EarlyData: psk*: feature is disabled, good." \
          -s "EncryptedExtensions: early_data(42) extension does not exist." \
          -s "Ignore application message"
 
+EARLY_DATA_INPUT_LEN=$( cat $EARLY_DATA_INPUT | wc -c )
+MAX_EARLY_DATA_SIZE=$(( 1024 > $EARLY_DATA_INPUT_LEN ? 1024 : $EARLY_DATA_INPUT_LEN ))
 requires_gnutls_next
 requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
                              MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "TLS 1.3 G->m: EarlyData: ephemeral: enabled and max_size=1024, good." \
-         "$P_SRV force_version=tls13 reco_debug_level=5 early_data=1024" \
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: ephemeral: all data is accepted, good." \
+         "$P_SRV force_version=tls13 reco_debug_level=5 early_data=$MAX_EARLY_DATA_SIZE" \
          "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
          0 \
          -c "This is a resumed session"                                     \
          -s "ClientHello: early_data(42) extension exists."                 \
          -s "EncryptedExtensions: early_data(42) extension exists."         \
          -s "$( cat $EARLY_DATA_INPUT )"                                    \
+         -s "ssl->conf->max_early_data_size=$MAX_EARLY_DATA_SIZE"           \
          -S "Ignore application message"
 
+
 requires_gnutls_next
 requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
                              MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
                              MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 G->m: EarlyData: psk*: enabled and max_size=1024, good." \
-         "$P_SRV force_version=tls13 reco_debug_level=4 early_data=1024 $(get_srv_psk_list)" \
+run_test "TLS 1.3 G->m: EarlyData: psk*: all data is accepted, good." \
+         "$P_SRV force_version=tls13 reco_debug_level=4 early_data=$MAX_EARLY_DATA_SIZE $(get_srv_psk_list)" \
          "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \
                       -d 10 -r --earlydata $EARLY_DATA_INPUT \
                       --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
@@ -379,4 +387,42 @@ run_test "TLS 1.3 G->m: EarlyData: psk*: enabled and max_size=1024, good." \
          -s "ClientHello: early_data(42) extension exists."                 \
          -s "EncryptedExtensions: early_data(42) extension exists."         \
          -s "$( cat $EARLY_DATA_INPUT )"                                    \
+         -s "ssl->conf->max_early_data_size=$MAX_EARLY_DATA_SIZE"           \
+         -S "Ignore application message"
+
+EARLY_DATA_INPUT_LINE1_LEN=$(head -1 $EARLY_DATA_INPUT | wc -c)
+requires_gnutls_next
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
+                             MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: ephemeral: size exceeds the limit, fail." \
+         "$P_SRV force_version=tls13 debug_level=5 early_data=$EARLY_DATA_INPUT_LINE1_LEN" \
+         "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
+         1 \
+         -c "This is a resumed session"                                     \
+         -c "Unexpected message - was received"                             \
+         -s "ClientHello: early_data(42) extension exists."                 \
+         -s "EncryptedExtensions: early_data(42) extension exists."         \
+         -s "ssl->conf->max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN"    \
+         -S "Ignore application message"
+
+requires_gnutls_next
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
+                             MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
+                             MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: psk*: size exceeds the limit, fail." \
+         "$P_SRV force_version=tls13 debug_level=4 early_data=$EARLY_DATA_INPUT_LINE1_LEN $(get_srv_psk_list)" \
+         "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \
+                      -d 10 -r --earlydata $EARLY_DATA_INPUT \
+                      --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
+         1 \
+         -c "This is a resumed session"                                     \
+         -c "Unexpected message - was received"                             \
+         -s "ClientHello: early_data(42) extension exists."                 \
+         -s "EncryptedExtensions: early_data(42) extension exists."         \
+         -s "ssl->conf->max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN"    \
          -S "Ignore application message"