Simulated product dispenser
Fork of mbed-cloud-workshop-connect-HTS221 by
pal_tls_test.c
00001 /******************************************************************************* 00002 * Copyright 2016, 2017 ARM Ltd. 00003 * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); 00005 * you may not use this file except in compliance with the License. 00006 * You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 *******************************************************************************/ 00016 00017 #include "unity.h" 00018 #include "unity_fixture.h" 00019 #include "pal.h" 00020 #include "pal_tls_utils.h" 00021 #include "pal_network.h" 00022 #include "stdlib.h" 00023 #include "sotp.h" 00024 #include "test_runners.h" 00025 00026 #define TRACE_GROUP "TLS_TESTS" 00027 #define PAL_TEST_PSK_IDENTITY "Client_identity" 00028 00029 #define PAL_TEST_PSK {0x12,0x34,0x45,0x67,0x89,0x10} 00030 #define PAL_WAIT_TIME 3 00031 00032 PAL_PRIVATE palSocket_t g_socket = 0; 00033 extern void * g_palTestTLSInterfaceCTX; // this is set by the palTestMain funciton 00034 PAL_PRIVATE uint32_t g_interfaceCTXIndex = 0; 00035 00036 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 00037 PAL_PRIVATE uint8_t g_trustedServerID[PAL_CERT_ID_SIZE] __attribute__((aligned(4))) = { 0 }; 00038 PAL_PRIVATE size_t g_actualServerIDSize = 0; 00039 #endif 00040 00041 PAL_PRIVATE palMutexID_t g_mutex1 = NULLPTR; 00042 #if (PAL_ENABLE_X509 == 1) 00043 PAL_PRIVATE palMutexID_t g_mutex2 = NULLPTR; 00044 #endif 00045 PAL_PRIVATE palMutexID_t g_mutexHandShake1 = NULLPTR; 00046 PAL_PRIVATE bool g_retryHandshake = false; 00047 PAL_PRIVATE const uint8_t g_coapHelloWorldRequest[16] = { 0x50,0x01,0x57,0x3e,0xff,0x2f,0x68,0x65,0x6c,0x6c,0x6f,0x57,0x6f,0x72,0x6c,0x64 }; 00048 00049 #define PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(a, b) \ 00050 if (a != b) \ 00051 {\ 00052 PAL_LOG(ERR,"Expected: %" PRId32 " , Actual: %" PRId32 " , Line: %d\n", (int32_t)a, (int32_t)b, __LINE__);\ 00053 goto finish;\ 00054 } 00055 00056 00057 //! This structre is for tests only and MUST be the same structure as in the pal_TLS.c file 00058 //! For any change done in the original structure, please make sure to change this structure too. 00059 typedef struct palTLSService 00060 { 00061 bool retryHandShake; 00062 uint64_t serverTime; 00063 palTLSHandle_t platTlsHandle; 00064 }palTLSTest_t; 00065 00066 TEST_GROUP(pal_tls); 00067 00068 TEST_SETUP(pal_tls) 00069 { 00070 palStatus_t status = PAL_SUCCESS; 00071 uint64_t currentTime = 1504893346; //GMT: Friday, September 8, 2017 5:55:46 PM 00072 00073 pal_init(); 00074 00075 if (g_palTestTLSInterfaceCTX == NULL) 00076 { 00077 PAL_LOG(ERR, "error: net interface not configutred correctly"); 00078 } 00079 else 00080 { 00081 status = pal_registerNetworkInterface(g_palTestTLSInterfaceCTX, &g_interfaceCTXIndex); 00082 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00083 } 00084 00085 g_socket = 0; 00086 00087 status = pal_osSetTime(currentTime); 00088 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00089 00090 } 00091 00092 TEST_TEAR_DOWN(pal_tls) 00093 { 00094 sotp_result_e sotpRes = SOTP_SUCCESS; 00095 if (0 != g_socket) 00096 { 00097 pal_close(&g_socket); 00098 } 00099 00100 sotpRes = sotp_delete(SOTP_TYPE_TRUSTED_TIME_SRV_ID); 00101 TEST_ASSERT_TRUE((SOTP_SUCCESS == sotpRes) || (SOTP_NOT_FOUND == sotpRes)); 00102 00103 pal_destroy(); 00104 } 00105 00106 /** 00107 * @brief Test TLS cofiguration initialization and uninitialization. 00108 * 00109 * 00110 * | # | Step | Expected | 00111 * |---|--------------------------------|-------------| 00112 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00113 * | 2 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00114 */ 00115 TEST(pal_tls, tlsConfiguration) 00116 { 00117 palStatus_t status = PAL_SUCCESS; 00118 palTLSConfHandle_t palTLSConf = NULLPTR; 00119 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00120 /*#1*/ 00121 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00122 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00123 TEST_ASSERT_TRUE(NULLPTR != palTLSConf); 00124 /*#2*/ 00125 status = pal_tlsConfigurationFree(&palTLSConf); 00126 TEST_ASSERT_EQUAL_HEX(NULLPTR, palTLSConf); 00127 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00128 } 00129 00130 int palTestEntropySource(void *data, unsigned char *output, size_t len, size_t *olen) 00131 { 00132 palStatus_t status = PAL_SUCCESS; 00133 (void)data; 00134 00135 status = pal_osRandomBuffer(output, len); 00136 if (PAL_SUCCESS == status) 00137 { 00138 *olen = len; 00139 } 00140 else 00141 { 00142 return -1; 00143 } 00144 return 0; 00145 } 00146 00147 static void handshakeUDP(bool socketNonBlocking) 00148 { 00149 palStatus_t status = PAL_SUCCESS; 00150 palTLSConfHandle_t palTLSConf = NULLPTR; 00151 palTLSHandle_t palTLSHandle = NULLPTR; 00152 palTLSTransportMode_t transportationMode = PAL_DTLS_MODE; 00153 palSocketAddress_t socketAddr = {0}; 00154 palSocketLength_t addressLength = 0; 00155 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00156 uint32_t actualLen = 0; 00157 uint32_t written = 0; 00158 #if (PAL_ENABLE_X509 == 1) 00159 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 00160 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 00161 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00162 #elif (PAL_ENABLE_PSK == 1) 00163 const char* identity = PAL_TEST_PSK_IDENTITY; 00164 const char psk[]= PAL_TEST_PSK; 00165 #endif 00166 palTLSSocket_t tlsSocket = {g_socket, &socketAddr, 0, transportationMode}; 00167 int32_t verifyResult = 0; 00168 00169 /*#1*/ 00170 status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM , socketNonBlocking, 0, &g_socket); 00171 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00172 /*#2*/ 00173 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00174 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 00175 { 00176 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 00177 status = pal_close(&g_socket); 00178 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00179 return; 00180 } 00181 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00182 00183 tlsSocket.addressLength = addressLength; 00184 tlsSocket.socket = g_socket; 00185 /*#3*/ 00186 status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT); 00187 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00188 /*#4*/ 00189 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00190 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00191 /*#5*/ 00192 status = pal_initTLS(palTLSConf, &palTLSHandle); 00193 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00194 00195 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 00196 //status = pal_sslSetDebugging(palTLSConf, true); 00197 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00198 #if (PAL_ENABLE_X509 == 1) 00199 /*#6*/ 00200 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00201 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00202 /*#7*/ 00203 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00204 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00205 #elif (PAL_ENABLE_PSK == 1) 00206 /*#6 + #7*/ 00207 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); 00208 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00209 #endif 00210 /*#8*/ 00211 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00212 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00213 /*#9*/ 00214 00215 status = pal_setHandShakeTimeOut(palTLSConf, 30000); 00216 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00217 /*#10*/ 00218 00219 do 00220 { 00221 status = pal_handShake(palTLSHandle, palTLSConf); 00222 } 00223 while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status); 00224 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00225 00226 /*#11*/ 00227 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00228 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00229 /*#12*/ 00230 status = pal_sslWrite(palTLSHandle, g_coapHelloWorldRequest, sizeof(g_coapHelloWorldRequest), &written); 00231 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00232 /*#13*/ 00233 pal_osDelay(5000); 00234 /*#14*/ 00235 do 00236 { 00237 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00238 }while (PAL_ERR_TLS_WANT_READ == status); 00239 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00240 00241 /*#15*/ 00242 status = pal_freeTLS(&palTLSHandle); 00243 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00244 /*#16*/ 00245 status = pal_tlsConfigurationFree(&palTLSConf); 00246 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00247 /*#17*/ 00248 status = pal_close(&g_socket); 00249 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00250 } 00251 00252 00253 static void handshakeTCP(bool socketNonBlocking) 00254 { 00255 palStatus_t status = PAL_SUCCESS; 00256 palTLSConfHandle_t palTLSConf = NULLPTR; 00257 palTLSHandle_t palTLSHandle = NULLPTR; 00258 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00259 palSocketAddress_t socketAddr = {0}; 00260 palSocketLength_t addressLength = 0; 00261 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00262 uint32_t actualLen = 0; 00263 uint32_t written = 0; 00264 #if (PAL_ENABLE_X509 == 1) 00265 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 00266 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 00267 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00268 #elif (PAL_ENABLE_PSK == 1) 00269 const char* identity = PAL_TEST_PSK_IDENTITY; 00270 const char psk[]= PAL_TEST_PSK; 00271 #endif 00272 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00273 uint64_t curTimeInSec, timePassedInSec; 00274 const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds 00275 int32_t verifyResult = 0; 00276 00277 00278 /*#1*/ 00279 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &g_socket); 00280 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00281 /*#2*/ 00282 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00283 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 00284 { 00285 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 00286 status = pal_close(&g_socket); 00287 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00288 return; 00289 } 00290 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00291 00292 tlsSocket.addressLength = addressLength; 00293 tlsSocket.socket = g_socket; 00294 /*#3*/ 00295 if (true == socketNonBlocking) 00296 { 00297 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB); 00298 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00299 } 00300 else //blocking 00301 { 00302 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT); 00303 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00304 } 00305 00306 /*#4*/ 00307 status = pal_connect(g_socket, &socketAddr, addressLength); 00308 if (PAL_ERR_SOCKET_IN_PROGRES == status) 00309 { 00310 pal_osDelay(400); 00311 } 00312 else 00313 { 00314 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00315 } 00316 /*#5*/ 00317 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00318 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00319 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 00320 /*#6*/ 00321 status = pal_initTLS(palTLSConf, &palTLSHandle); 00322 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00323 00324 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 00325 //status = pal_sslSetDebugging(palTLSConf, true); 00326 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00327 #if (PAL_ENABLE_X509 == 1) 00328 /*#7*/ 00329 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00330 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00331 /*#8*/ 00332 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00333 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00334 #elif (PAL_ENABLE_PSK == 1) 00335 /*#7 + 8*/ 00336 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); 00337 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00338 #endif 00339 /*#9*/ 00340 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00341 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00342 /*#10*/ 00343 if (true == socketNonBlocking) 00344 { 00345 status = pal_osSetTime(minSecSinceEpoch); 00346 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success 00347 do 00348 { 00349 curTimeInSec = pal_osGetTime(); 00350 TEST_ASSERT_TRUE(curTimeInSec >= minSecSinceEpoch); 00351 timePassedInSec = curTimeInSec - minSecSinceEpoch; 00352 status = pal_handShake(palTLSHandle, palTLSConf); 00353 } 00354 while ( (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status) && 00355 (timePassedInSec < PAL_SECONDS_PER_MIN)); //2 minutes to wait for handshake 00356 } 00357 else //blocking 00358 { 00359 status = pal_handShake(palTLSHandle, palTLSConf); 00360 } 00361 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00362 00363 /*#11*/ 00364 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00365 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00366 /*#12*/ 00367 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 00368 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00369 /*#13*/ 00370 pal_osDelay(5000); 00371 /*#14*/ 00372 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00373 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00374 00375 /*#15*/ 00376 status = pal_freeTLS(&palTLSHandle); 00377 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00378 /*#16*/ 00379 status = pal_tlsConfigurationFree(&palTLSConf); 00380 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00381 /*#17*/ 00382 status = pal_close(&g_socket); 00383 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00384 00385 } 00386 00387 /** 00388 * @brief Test TLS initialization and uninitialization. 00389 * 00390 * 00391 * | # | Step | Expected | 00392 * |---|--------------------------------|-------------| 00393 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00394 * | 2 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS | 00395 * | 3 | Add a NULL entropy source using `pal_addEntropySource`. | PAL_ERR_INVALID_ARGUMENT | 00396 * | 4 | Add a valid entropy source using `pal_addEntropySource`. | PAL_SUCCESS | 00397 * | 5 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00398 * | 6 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00399 */ 00400 TEST(pal_tls, tlsInitTLS) 00401 { 00402 palStatus_t status = PAL_SUCCESS; 00403 palTLSConfHandle_t palTLSConf = NULLPTR; 00404 palTLSHandle_t palTLSHandle = NULLPTR; 00405 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00406 /*#1*/ 00407 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00408 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00409 /*#2*/ 00410 status = pal_initTLS(palTLSConf, &palTLSHandle); 00411 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00412 #ifdef DEBUG 00413 /*#3*/ 00414 status = pal_addEntropySource(NULL); 00415 TEST_ASSERT_EQUAL_HEX(PAL_ERR_INVALID_ARGUMENT , status); 00416 #endif 00417 /*#4*/ 00418 status = pal_addEntropySource(palTestEntropySource); 00419 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00420 /*#5*/ 00421 status = pal_freeTLS(&palTLSHandle); 00422 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00423 /*#6*/ 00424 status = pal_tlsConfigurationFree(&palTLSConf); 00425 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00426 } 00427 00428 00429 /** 00430 * @brief Test TLS initialization and uninitialization with additional keys. 00431 * 00432 * 00433 * | # | Step | Expected | 00434 * |---|--------------------------------|-------------| 00435 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00436 * | 2 | Add keys to the configuration using `pal_setOwnCertAndPrivateKey`. | PAL_SUCCESS | 00437 * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS | 00438 * | 4 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00439 * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00440 */ 00441 TEST(pal_tls, tlsPrivateAndPublicKeys) 00442 { 00443 #if (PAL_ENABLE_X509 == 1) 00444 palStatus_t status = PAL_SUCCESS; 00445 palTLSConfHandle_t palTLSConf = NULLPTR; 00446 palTLSHandle_t palTLSHandle = NULLPTR; 00447 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00448 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 00449 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 00450 00451 /*#1*/ 00452 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00453 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 00454 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00455 /*#2*/ 00456 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00457 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00458 /*#3*/ 00459 status = pal_initTLS(palTLSConf, &palTLSHandle); 00460 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00461 /*#4*/ 00462 status = pal_freeTLS(&palTLSHandle); 00463 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00464 /*#5*/ 00465 status = pal_tlsConfigurationFree(&palTLSConf); 00466 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00467 #endif 00468 } 00469 00470 00471 /** 00472 * @brief Test TLS initialization and uninitialization with additional certificate and pre-shared keys. 00473 * 00474 * 00475 * | # | Step | Expected | 00476 * |---|--------------------------------|-------------| 00477 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00478 * | 2 | Set pre-shared keys to the configuration using `pal_setPSK`. | PAL_SUCCESS | 00479 * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS 00480 * | 4 | Uninitialize TLS context using `pal_freeTLS`. |PAL_SUCCESS | 00481 * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00482 */ 00483 TEST(pal_tls, tlsCACertandPSK) 00484 { 00485 #if (PAL_ENABLE_PSK == 1) 00486 palStatus_t status = PAL_SUCCESS; 00487 palTLSConfHandle_t palTLSConf = NULLPTR; 00488 palTLSHandle_t palTLSHandle = NULLPTR; 00489 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00490 /*#1*/ 00491 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00492 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 00493 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00494 /*#2*/ 00495 status = pal_setPSK(palTLSConf, g_psk_id, sizeof(g_psk_id) - 1, g_psk, sizeof(g_psk)); 00496 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00497 /*#3*/ 00498 status = pal_initTLS(palTLSConf, &palTLSHandle); 00499 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00500 /*#4*/ 00501 status = pal_freeTLS(&palTLSHandle); 00502 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00503 /*#5*/ 00504 status = pal_tlsConfigurationFree(&palTLSConf); 00505 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00506 #endif 00507 } 00508 00509 00510 /** 00511 * @brief Test TLS handshake (TCP blocking). 00512 * 00513 * 00514 * | # | Step | Expected | 00515 * |---|--------------------------------|-------------| 00516 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 00517 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00518 * | 3 | Set the server port. | PAL_SUCCESS | 00519 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 00520 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00521 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00522 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00523 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00524 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00525 * | 10 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS | 00526 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00527 * | 12 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00528 * | 13 | Wait for the response. | PAL_SUCCESS | 00529 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00530 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00531 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00532 * | 17 | Close the TCP socket. | PAL_SUCCESS | 00533 */ 00534 TEST(pal_tls, tlsHandshakeTCP) 00535 { 00536 handshakeTCP(false); 00537 } 00538 00539 /** 00540 * @brief Test TLS handshake (TCP non-blocking). 00541 * 00542 * 00543 * | # | Step | Expected | 00544 * |---|--------------------------------|-------------| 00545 * | 1 | Create a TCP (non-blocking) socket. | PAL_SUCCESS | 00546 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00547 * | 3 | Set the server port. | PAL_SUCCESS | 00548 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 00549 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00550 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00551 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00552 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00553 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00554 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | 00555 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00556 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00557 * | 13 | Wait for the response. | PAL_SUCCESS | 00558 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00559 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00560 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00561 * | 17 | Close the TCP socket. | PAL_SUCCESS | 00562 */ 00563 TEST(pal_tls, tlsHandshakeTCP_nonBlocking) 00564 { 00565 handshakeTCP(true); 00566 } 00567 00568 /** 00569 * @brief Test (D)TLS handshake (UDP -blocking). 00570 * 00571 * 00572 * | # | Step | Expected | 00573 * |---|--------------------------------|-------------| 00574 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | 00575 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00576 * | 3 | Set the server port. | PAL_SUCCESS | 00577 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00578 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00579 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00580 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00581 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00582 * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | 00583 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | 00584 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00585 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00586 * | 13 | Wait for the response. | PAL_SUCCESS | 00587 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00588 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00589 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00590 * | 17 | Close the UDP socket. | PAL_SUCCESS | 00591 */ 00592 TEST(pal_tls, tlsHandshakeUDP) 00593 { 00594 handshakeUDP(false); 00595 } 00596 00597 /** 00598 * @brief Test (D)TLS handshake (UDP -NonBlocking). 00599 * 00600 * 00601 * | # | Step | Expected | 00602 * |---|--------------------------------|-------------| 00603 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | 00604 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00605 * | 3 | Set the server port. | PAL_SUCCESS | 00606 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00607 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00608 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00609 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00610 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00611 * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | 00612 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | 00613 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00614 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00615 * | 13 | Wait for the response. | PAL_SUCCESS | 00616 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00617 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00618 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00619 * | 17 | Close the UDP socket. | PAL_SUCCESS | 00620 */ 00621 TEST(pal_tls, tlsHandshakeUDP_NonBlocking) 00622 { 00623 handshakeUDP(true); 00624 } 00625 00626 /** 00627 * @brief Test (D)TLS handshake (UDP non-blocking) with a very short timeout to see if you get a timeout. 00628 * 00629 * 00630 * | # | Step | Expected | 00631 * |---|--------------------------------|-------------| 00632 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | 00633 * | 2 | Perform a DNS lookup on server adderss. | PAL_SUCCESS | 00634 * | 3 | Set the server port. | PAL_SUCCESS | 00635 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00636 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00637 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00638 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00639 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00640 * | 9 | Set a short timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | 00641 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_ERR_TIMEOUT_EXPIRED | 00642 * | 11 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00643 * | 12 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00644 */ 00645 TEST(pal_tls, tlsHandshakeUDPTimeOut) 00646 { 00647 palStatus_t status = PAL_SUCCESS; 00648 palTLSConfHandle_t palTLSConf = NULLPTR; 00649 palTLSHandle_t palTLSHandle = NULLPTR; 00650 palTLSTransportMode_t transportationMode = PAL_DTLS_MODE; 00651 palSocketAddress_t socketAddr = { 0 }; 00652 palSocketLength_t addressLength = 0; 00653 #if (PAL_ENABLE_X509 == 1) 00654 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 00655 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 00656 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00657 #elif (PAL_ENABLE_PSK == 1) 00658 const char* identity = PAL_TEST_PSK_IDENTITY; 00659 const char psk[]= PAL_TEST_PSK; 00660 #endif 00661 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00662 00663 uint64_t curTimeInSec; 00664 const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds 00665 00666 /*#1*/ 00667 status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM , false, 0, &g_socket); 00668 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00669 /*#2*/ 00670 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00671 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 00672 { 00673 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 00674 status = pal_close(&g_socket); 00675 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00676 return; 00677 } 00678 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00679 00680 tlsSocket.addressLength = addressLength; 00681 tlsSocket.socket = g_socket; 00682 /*#3*/ 00683 status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT_TIMEOUT); 00684 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00685 /*#4*/ 00686 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00687 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00688 /*#5*/ 00689 status = pal_initTLS(palTLSConf, &palTLSHandle); 00690 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00691 00692 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 00693 //status = pal_sslSetDebugging(palTLSConf, true); 00694 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00695 #if (PAL_ENABLE_X509 == 1) 00696 /*#6*/ 00697 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00698 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00699 /*#7*/ 00700 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00701 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00702 #elif (PAL_ENABLE_PSK == 1) 00703 /*#6 + #7*/ 00704 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); 00705 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00706 #endif 00707 /*#8*/ 00708 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00709 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00710 /*#9*/ 00711 status = pal_setHandShakeTimeOut(palTLSConf, 100); 00712 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00713 00714 status = pal_osSetTime(minSecSinceEpoch); 00715 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success 00716 /*#10*/ 00717 do 00718 { 00719 status = pal_handShake(palTLSHandle, palTLSConf); 00720 } 00721 while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status); 00722 00723 curTimeInSec = pal_osGetTime(); 00724 TEST_ASSERT_EQUAL_HEX(PAL_ERR_TIMEOUT_EXPIRED , status); 00725 TEST_ASSERT_TRUE(curTimeInSec - minSecSinceEpoch <= PAL_WAIT_TIME); //less than PAL_WAIT_TIME seconds 00726 /*#11*/ 00727 status = pal_freeTLS(&palTLSHandle); 00728 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00729 /*#12*/ 00730 status = pal_tlsConfigurationFree(&palTLSConf); 00731 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00732 status = pal_close(&g_socket); 00733 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00734 } 00735 00736 #if PAL_USE_INTERNAL_FLASH 00737 /** 00738 * @brief Test TLS handshake (TCP blocking). 00739 * 00740 * 00741 * | # | Step | Expected | 00742 * |---|--------------------------------|-------------| 00743 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 00744 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00745 * | 3 | Set the server port. | PAL_SUCCESS | 00746 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 00747 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00748 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00749 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00750 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00751 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00752 * | 10 | Set device time to be in future. | PAL_SUCCESS | 00753 * | 11 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS | 00754 * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00755 * | 13 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00756 * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00757 * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00758 * | 16 | Close the TCP socket. | PAL_SUCCESS | 00759 * | 17 | Check that time is updated. | PAL_SUCCESS | 00760 * | 18 | Verify that the SOTP time value was updated. | PAL_SUCCESS | 00761 */ 00762 TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M) 00763 { 00764 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 00765 palStatus_t status = PAL_SUCCESS; 00766 palTLSConfHandle_t palTLSConf = NULLPTR; 00767 palTLSHandle_t palTLSHandle = NULLPTR; 00768 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00769 palSocketAddress_t socketAddr = {0}; 00770 palSocketLength_t addressLength = 0; 00771 uint32_t written = 0; 00772 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 00773 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 00774 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00775 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00776 00777 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00778 uint32_t actualLen = 0; 00779 uint64_t deviceTime = pal_osGetTime(); //get device time to update it in case of failure 00780 uint64_t currentTime = 0; 00781 uint16_t actualSavedTimeSize = 0; 00782 uint64_t initialSOTPTime = 0; 00783 sotp_result_e sotpRes = SOTP_SUCCESS; 00784 int32_t verifyResult = 0; 00785 00786 00787 /*#1*/ 00788 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 00789 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00790 00791 00792 /*#2*/ 00793 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00794 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 00795 { 00796 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 00797 status = pal_close(&g_socket); 00798 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00799 return; 00800 } 00801 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00802 00803 tlsSocket.addressLength = addressLength; 00804 tlsSocket.socket = g_socket; 00805 /*#3*/ 00806 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 00807 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00808 /*#4*/ 00809 status = pal_connect(g_socket, &socketAddr, addressLength); 00810 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00811 /*#5*/ 00812 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00813 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00814 /*#6*/ 00815 status = pal_initTLS(palTLSConf, &palTLSHandle); 00816 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00817 /*#7*/ 00818 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00819 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00820 /*#8*/ 00821 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00822 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00823 /*#9*/ 00824 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00825 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00826 /*#10*/ 00827 00828 sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(initialSOTPTime), (uint32_t*)&initialSOTPTime); 00829 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00830 status = pal_osSetTime(0);//back in the past to set time to the future during handhsake 00831 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00832 /*#11*/ 00833 status = pal_handShake(palTLSHandle, palTLSConf); 00834 if (PAL_SUCCESS != status) 00835 { 00836 pal_osSetTime(deviceTime); 00837 } 00838 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00839 /*#12*/ 00840 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00841 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00842 /*#13*/ 00843 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 00844 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00845 00846 pal_osDelay(5000); 00847 /*#14*/ 00848 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00849 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00850 /*#14*/ 00851 status = pal_freeTLS(&palTLSHandle); 00852 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00853 /*#15*/ 00854 status = pal_tlsConfigurationFree(&palTLSConf); 00855 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00856 /*#16*/ 00857 status = pal_close(&g_socket); 00858 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00859 /*#17*/ 00860 deviceTime = pal_osGetTime(); 00861 TEST_ASSERT_TRUE(0 != deviceTime); 00862 /*#18*/ 00863 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 00864 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00865 TEST_ASSERT_TRUE(0 != currentTime); 00866 #endif 00867 } 00868 00869 /** 00870 * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules) 00871 * 00872 * 00873 * | # | Step | Expected | 00874 * |---|--------------------------------|-------------| 00875 * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS | 00876 * | 2 | Update `SOTP_TYPE_SAVED_TIME` directly in SOTP to the new time from #1 | PAL_SUCCESS | 00877 * | 3 | Create a TCP (blocking) socket. | PAL_SUCCESS | 00878 * | 4 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00879 * | 5 | Set the server port. | PAL_SUCCESS | 00880 * | 6 | Connect the TCP socket to the server. | PAL_SUCCESS | 00881 * | 7 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00882 * | 8 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00883 * | 9 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00884 * | 10 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00885 * | 11 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00886 * | 12 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 00887 * | 13 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00888 * | 14 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00889 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00890 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00891 * | 17 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | 00892 */ 00893 TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M_NoTimeUpdate) 00894 { 00895 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 00896 palStatus_t status = PAL_SUCCESS; 00897 palTLSConfHandle_t palTLSConf = NULLPTR; 00898 palTLSHandle_t palTLSHandle = NULLPTR; 00899 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00900 palSocketAddress_t socketAddr = { 0 }; 00901 palSocketLength_t addressLength = 0; 00902 uint32_t written = 0; 00903 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00904 uint32_t actualLen = 0; 00905 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 00906 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 00907 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00908 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00909 sotp_result_e sotpRes = SOTP_SUCCESS; 00910 uint64_t currentTime = 0; 00911 uint64_t tmpTime = 0; 00912 uint64_t updatedTime = 0; 00913 uint16_t actualSavedTimeSize = 0; 00914 int32_t verifyResult = 0; 00915 00916 /*#1*/ 00917 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(tmpTime), (uint32_t*)&tmpTime, &actualSavedTimeSize); 00918 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00919 00920 currentTime = tmpTime - (PAL_SECONDS_PER_DAY / 2); //going back half day to simulate future server by half day (in order to prevent time update) 00921 status = pal_osSetTime(currentTime); 00922 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00923 /*#2*/ 00924 sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(currentTime), (uint32_t*)¤tTime); 00925 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00926 00927 /*#3*/ 00928 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 00929 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00930 /*#4*/ 00931 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00932 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 00933 { 00934 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 00935 status = pal_close(&g_socket); 00936 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00937 return; 00938 } 00939 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00940 /*#5*/ 00941 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 00942 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00943 00944 tlsSocket.addressLength = addressLength; 00945 tlsSocket.socket = g_socket; 00946 00947 /*#6*/ 00948 status = pal_connect(g_socket, &socketAddr, addressLength); 00949 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00950 /*#7*/ 00951 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00952 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00953 /*#8*/ 00954 status = pal_initTLS(palTLSConf, &palTLSHandle); 00955 if (PAL_SUCCESS != status) 00956 { 00957 pal_freeTLS(&palTLSHandle); 00958 pal_tlsConfigurationFree(&palTLSConf); 00959 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00960 } 00961 00962 /*#9*/ 00963 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00964 if (PAL_SUCCESS != status) 00965 { 00966 pal_freeTLS(&palTLSHandle); 00967 pal_tlsConfigurationFree(&palTLSConf); 00968 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00969 } 00970 /*#10*/ 00971 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00972 if (PAL_SUCCESS != status) 00973 { 00974 pal_freeTLS(&palTLSHandle); 00975 pal_tlsConfigurationFree(&palTLSConf); 00976 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00977 } 00978 /*#11*/ 00979 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00980 if (PAL_SUCCESS != status) 00981 { 00982 pal_freeTLS(&palTLSHandle); 00983 pal_tlsConfigurationFree(&palTLSConf); 00984 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00985 } 00986 /*#12*/ 00987 status = pal_handShake(palTLSHandle, palTLSConf); 00988 if (PAL_SUCCESS != status) 00989 { 00990 pal_freeTLS(&palTLSHandle); 00991 pal_tlsConfigurationFree(&palTLSConf); 00992 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00993 } 00994 /*#13*/ 00995 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00996 if (PAL_SUCCESS != status) 00997 { 00998 pal_freeTLS(&palTLSHandle); 00999 pal_tlsConfigurationFree(&palTLSConf); 01000 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01001 } 01002 /*#14*/ 01003 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01004 if (PAL_SUCCESS != status) 01005 { 01006 pal_freeTLS(&palTLSHandle); 01007 pal_tlsConfigurationFree(&palTLSConf); 01008 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01009 } 01010 01011 pal_osDelay(5000); 01012 /*#14*/ 01013 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01014 if (PAL_SUCCESS != status) 01015 { 01016 pal_freeTLS(&palTLSHandle); 01017 pal_tlsConfigurationFree(&palTLSConf); 01018 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01019 } 01020 01021 /*#15*/ 01022 status = pal_freeTLS(&palTLSHandle); 01023 if (PAL_SUCCESS != status) 01024 { 01025 pal_tlsConfigurationFree(&palTLSConf); 01026 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01027 } 01028 /*#16*/ 01029 status = pal_tlsConfigurationFree(&palTLSConf); 01030 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01031 01032 status = pal_close(&g_socket); 01033 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01034 01035 /*#17*/ 01036 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01037 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01038 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); 01039 #endif 01040 } 01041 01042 01043 /** 01044 * @brief Test TLS handshake (TCP blocking) with future time to make handshake to fail due to bad cert time from server. 01045 * 01046 * 01047 * | # | Step | Expected | 01048 * |---|--------------------------------|-------------| 01049 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01050 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01051 * | 3 | Set the server port. | PAL_SUCCESS | 01052 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 01053 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01054 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01055 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01056 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01057 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01058 * | 10 | Setsystem time to be far in the future `pal_osSetTime`. | PAL_SUCCESS | 01059 * | 11 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_ERR_X509_CERT_VERIFY_FAILED | 01060 * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_ERR_X509_BADCERT_EXPIRED | 01061 * | 13 | Set tme back to the original time before the test. | PAL_SUCCESS | 01062 * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01063 * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01064 * | 16 | Verify that the SOTP time value was not changed. | PAL_SUCCESS | 01065 */ 01066 TEST(pal_tls, tlsHandshakeTCP_ExpiredLWM2MCert) 01067 { 01068 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01069 palStatus_t status = PAL_SUCCESS; 01070 palTLSConfHandle_t palTLSConf = NULLPTR; 01071 palTLSHandle_t palTLSHandle = NULLPTR; 01072 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01073 palSocketAddress_t socketAddr = {0}; 01074 palSocketLength_t addressLength = 0; 01075 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 01076 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 01077 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01078 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01079 uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT 01080 uint64_t currentTime = 0; 01081 uint64_t currentSOTPTime = 0; 01082 uint16_t actualSavedTimeSize = 0; 01083 sotp_result_e sotpRes = SOTP_SUCCESS; 01084 int32_t verifyResult = 0; 01085 01086 01087 /*#1*/ 01088 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01089 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01090 /*#2*/ 01091 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01092 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 01093 { 01094 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 01095 status = pal_close(&g_socket); 01096 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01097 return; 01098 } 01099 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01100 01101 tlsSocket.addressLength = addressLength; 01102 tlsSocket.socket = g_socket; 01103 /*#3*/ 01104 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01105 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01106 /*#4*/ 01107 status = pal_connect(g_socket, &socketAddr, addressLength); 01108 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01109 /*#5*/ 01110 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01111 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01112 /*#6*/ 01113 status = pal_initTLS(palTLSConf, &palTLSHandle); 01114 if (PAL_SUCCESS != status) 01115 { 01116 pal_freeTLS(&palTLSHandle); 01117 pal_tlsConfigurationFree(&palTLSConf); 01118 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01119 } 01120 01121 /*#7*/ 01122 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01123 if (PAL_SUCCESS != status) 01124 { 01125 pal_freeTLS(&palTLSHandle); 01126 pal_tlsConfigurationFree(&palTLSConf); 01127 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01128 } 01129 /*#8*/ 01130 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01131 if (PAL_SUCCESS != status) 01132 { 01133 pal_freeTLS(&palTLSHandle); 01134 pal_tlsConfigurationFree(&palTLSConf); 01135 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01136 } 01137 /*#9*/ 01138 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01139 if (PAL_SUCCESS != status) 01140 { 01141 pal_freeTLS(&palTLSHandle); 01142 pal_tlsConfigurationFree(&palTLSConf); 01143 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01144 } 01145 /*#10*/ 01146 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 01147 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01148 status = pal_osSetTime(futureTime); 01149 if (PAL_SUCCESS != status) 01150 { 01151 pal_freeTLS(&palTLSHandle); 01152 pal_tlsConfigurationFree(&palTLSConf); 01153 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01154 } 01155 /*#11*/ 01156 status = pal_handShake(palTLSHandle, palTLSConf); 01157 if (PAL_ERR_X509_CERT_VERIFY_FAILED != status) 01158 { 01159 pal_osSetTime(currentTime); 01160 pal_freeTLS(&palTLSHandle); 01161 pal_tlsConfigurationFree(&palTLSConf); 01162 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_CERT_VERIFY_FAILED, status); 01163 } 01164 /*#12*/ 01165 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01166 if ((PAL_ERR_X509_CERT_VERIFY_FAILED != status) || (0 == (PAL_ERR_X509_BADCERT_EXPIRED & verifyResult))) 01167 { 01168 pal_osSetTime(currentTime); 01169 pal_freeTLS(&palTLSHandle); 01170 pal_tlsConfigurationFree(&palTLSConf); 01171 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01172 } 01173 /*#13*/ 01174 status = pal_osSetTime(currentTime); 01175 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01176 /*#14*/ 01177 status = pal_freeTLS(&palTLSHandle); 01178 if (PAL_SUCCESS != status) 01179 { 01180 pal_tlsConfigurationFree(&palTLSConf); 01181 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01182 } 01183 /*#15*/ 01184 status = pal_tlsConfigurationFree(&palTLSConf); 01185 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01186 01187 status = pal_close(&g_socket); 01188 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01189 01190 /*#16*/ 01191 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentSOTPTime), (uint32_t*)¤tSOTPTime, &actualSavedTimeSize); 01192 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01193 TEST_ASSERT_TRUE(futureTime <= currentSOTPTime); 01194 #endif 01195 } 01196 01197 /** 01198 * @brief Test TLS handshake (TCP blocking) with future time to make handshake update the device time according to the server time. 01199 * 01200 * 01201 * | # | Step | Expected | 01202 * |---|--------------------------------|-------------| 01203 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01204 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01205 * | 3 | Set the server port. | PAL_SUCCESS | 01206 * | 4 | Parse the CA cert. | PAL_SUCCESS | 01207 * | 5 | Get the CA cert ID. | PAL_SUCCESS | 01208 * | 6 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | 01209 * | 7 | Connect the TCP socket to the server. | PAL_SUCCESS | 01210 * | 8 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01211 * | 9 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01212 * | 10 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01213 * | 11 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01214 * | 12 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01215 * | 13 | Set system time to be far in the future `pal_osSetTime`. | PAL_SUCCESS | 01216 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 01217 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 01218 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 01219 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01220 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01221 * | 19 | Free X509 handle. | PAL_SUCCESS | 01222 * | 20 | Verify that the time updated during the handshake. | PAL_SUCCESS | 01223 */ 01224 TEST(pal_tls, tlsHandshakeTCP_ExpiredServerCert_Trusted) 01225 { 01226 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01227 palStatus_t status = PAL_SUCCESS; 01228 palTLSConfHandle_t palTLSConf = NULLPTR; 01229 palTLSHandle_t palTLSHandle = NULLPTR; 01230 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01231 palSocketAddress_t socketAddr = { 0 }; 01232 palSocketLength_t addressLength = 0; 01233 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01234 uint32_t actualLen = 0; 01235 uint32_t written = 0; 01236 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 01237 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 01238 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01239 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01240 uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT 01241 uint64_t updatedTime = 0; 01242 uint16_t actualSavedTimeSize = 0; 01243 palX509Handle_t trustedServerCA = NULLPTR; 01244 sotp_result_e sotpRes = SOTP_SUCCESS; 01245 int32_t verifyResult = 0; 01246 01247 /*#1*/ 01248 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01249 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01250 /*#2*/ 01251 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01252 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 01253 { 01254 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 01255 status = pal_close(&g_socket); 01256 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01257 return; 01258 } 01259 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01260 /*#3*/ 01261 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01262 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01263 01264 tlsSocket.addressLength = addressLength; 01265 tlsSocket.socket = g_socket; 01266 /*#4*/ 01267 status = pal_x509Initiate(&trustedServerCA); 01268 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); 01269 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01270 01271 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); 01272 if (PAL_SUCCESS != status) 01273 { 01274 pal_x509Free(&trustedServerCA); 01275 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01276 } 01277 /*#5*/ 01278 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); 01279 if (PAL_SUCCESS != status) 01280 { 01281 pal_x509Free(&trustedServerCA); 01282 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01283 } 01284 /*#6*/ 01285 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); 01286 if (SOTP_SUCCESS != sotpRes) 01287 { 01288 pal_x509Free(&trustedServerCA); 01289 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01290 } 01291 01292 /*#7*/ 01293 status = pal_connect(g_socket, &socketAddr, addressLength); 01294 if (PAL_SUCCESS != status) 01295 { 01296 pal_x509Free(&trustedServerCA); 01297 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01298 } 01299 /*#8*/ 01300 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01301 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01302 /*#9*/ 01303 status = pal_initTLS(palTLSConf, &palTLSHandle); 01304 if (PAL_SUCCESS != status) 01305 { 01306 pal_freeTLS(&palTLSHandle); 01307 pal_tlsConfigurationFree(&palTLSConf); 01308 pal_x509Free(&trustedServerCA); 01309 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01310 } 01311 01312 /*#10*/ 01313 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01314 if (PAL_SUCCESS != status) 01315 { 01316 pal_freeTLS(&palTLSHandle); 01317 pal_tlsConfigurationFree(&palTLSConf); 01318 pal_x509Free(&trustedServerCA); 01319 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01320 } 01321 /*#11*/ 01322 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01323 if (PAL_SUCCESS != status) 01324 { 01325 pal_freeTLS(&palTLSHandle); 01326 pal_tlsConfigurationFree(&palTLSConf); 01327 pal_x509Free(&trustedServerCA); 01328 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01329 } 01330 /*#12*/ 01331 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01332 if (PAL_SUCCESS != status) 01333 { 01334 pal_freeTLS(&palTLSHandle); 01335 pal_tlsConfigurationFree(&palTLSConf); 01336 pal_x509Free(&trustedServerCA); 01337 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01338 } 01339 /*#13*/ 01340 status = pal_osSetStrongTime(futureTime); 01341 if (PAL_SUCCESS != status) 01342 { 01343 pal_freeTLS(&palTLSHandle); 01344 pal_tlsConfigurationFree(&palTLSConf); 01345 pal_x509Free(&trustedServerCA); 01346 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01347 } 01348 /*#14*/ 01349 status = pal_handShake(palTLSHandle, palTLSConf); 01350 if (PAL_SUCCESS != status) 01351 { 01352 pal_freeTLS(&palTLSHandle); 01353 pal_tlsConfigurationFree(&palTLSConf); 01354 pal_x509Free(&trustedServerCA); 01355 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01356 } 01357 /*#15*/ 01358 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01359 if (PAL_SUCCESS != status) 01360 { 01361 pal_freeTLS(&palTLSHandle); 01362 pal_tlsConfigurationFree(&palTLSConf); 01363 pal_x509Free(&trustedServerCA); 01364 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01365 } 01366 /*#16*/ 01367 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01368 if (PAL_SUCCESS != status) 01369 { 01370 pal_freeTLS(&palTLSHandle); 01371 pal_tlsConfigurationFree(&palTLSConf); 01372 pal_x509Free(&trustedServerCA); 01373 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status); 01374 } 01375 01376 pal_osDelay(5000); 01377 /*#14*/ 01378 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01379 if (PAL_SUCCESS != status) 01380 { 01381 pal_freeTLS(&palTLSHandle); 01382 pal_tlsConfigurationFree(&palTLSConf); 01383 pal_x509Free(&trustedServerCA); 01384 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status); 01385 } 01386 01387 /*#17*/ 01388 status = pal_freeTLS(&palTLSHandle); 01389 if (PAL_SUCCESS != status) 01390 { 01391 pal_x509Free(&trustedServerCA); 01392 pal_tlsConfigurationFree(&palTLSConf); 01393 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01394 } 01395 /*#18*/ 01396 status = pal_tlsConfigurationFree(&palTLSConf); 01397 if (PAL_SUCCESS != status) 01398 { 01399 pal_x509Free(&trustedServerCA); 01400 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01401 } 01402 /*#19*/ 01403 status = pal_x509Free(&trustedServerCA); 01404 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01405 /*#20*/ 01406 updatedTime = pal_osGetTime(); 01407 TEST_ASSERT_TRUE(updatedTime < futureTime); 01408 01409 status = pal_close(&g_socket); 01410 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01411 01412 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01413 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01414 TEST_ASSERT_TRUE(updatedTime <= futureTime); 01415 01416 sotpRes = sotp_get(SOTP_TYPE_LAST_TIME_BACK, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01417 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01418 TEST_ASSERT_TRUE(updatedTime <= futureTime); 01419 #endif 01420 } 01421 01422 /** 01423 * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules) 01424 * 01425 * 01426 * | # | Step | Expected | 01427 * |---|--------------------------------|-------------| 01428 * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS | 01429 * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01430 * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01431 * | 4 | Set the server port. | PAL_SUCCESS | 01432 * | 5 | Parse the CA cert. | PAL_SUCCESS | 01433 * | 6 | Get the CA cert ID. | PAL_SUCCESS | 01434 * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | 01435 * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS | 01436 * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01437 * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01438 * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01439 * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01440 * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01441 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 01442 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 01443 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 01444 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01445 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01446 * | 19 | Free X509 Handle. | PAL_SUCCESS | 01447 * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | 01448 */ 01449 TEST(pal_tls, tlsHandshakeTCP_FutureTrustedServer_NoTimeUpdate) 01450 { 01451 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01452 palStatus_t status = PAL_SUCCESS; 01453 palTLSConfHandle_t palTLSConf = NULLPTR; 01454 palTLSHandle_t palTLSHandle = NULLPTR; 01455 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01456 palSocketAddress_t socketAddr = { 0 }; 01457 palSocketLength_t addressLength = 0; 01458 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01459 uint32_t actualLen = 0; 01460 uint32_t written = 0; 01461 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 01462 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 01463 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01464 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01465 sotp_result_e sotpRes = SOTP_SUCCESS; 01466 uint64_t currentTime = 0; 01467 uint64_t updatedTime = 0; 01468 uint16_t actualSavedTimeSize = 0; 01469 palX509Handle_t trustedServerCA = NULLPTR; 01470 int32_t verifyResult = 0; 01471 01472 /*#1*/ 01473 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 01474 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01475 TEST_ASSERT_TRUE(0 != currentTime); 01476 01477 status = pal_osSetTime(currentTime - (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update) 01478 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01479 /*#2*/ 01480 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01481 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01482 /*#3*/ 01483 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01484 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 01485 { 01486 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 01487 status = pal_close(&g_socket); 01488 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01489 return; 01490 } 01491 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01492 /*#4*/ 01493 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01494 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01495 01496 tlsSocket.addressLength = addressLength; 01497 tlsSocket.socket = g_socket; 01498 01499 /*#5*/ 01500 status = pal_x509Initiate(&trustedServerCA); 01501 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); 01502 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01503 01504 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); 01505 if (PAL_SUCCESS != status) 01506 { 01507 pal_x509Free(&trustedServerCA); 01508 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01509 } 01510 /*#6*/ 01511 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); 01512 if (PAL_SUCCESS != status) 01513 { 01514 pal_x509Free(&trustedServerCA); 01515 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01516 } 01517 /*#7*/ 01518 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); 01519 if (SOTP_SUCCESS != sotpRes) 01520 { 01521 pal_x509Free(&trustedServerCA); 01522 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01523 } 01524 01525 /*#8*/ 01526 status = pal_connect(g_socket, &socketAddr, addressLength); 01527 if (PAL_SUCCESS != status) 01528 { 01529 pal_x509Free(&trustedServerCA); 01530 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01531 } 01532 /*#9*/ 01533 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01534 if (PAL_SUCCESS != status) 01535 { 01536 pal_x509Free(&trustedServerCA); 01537 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01538 } 01539 /*#10*/ 01540 status = pal_initTLS(palTLSConf, &palTLSHandle); 01541 if (PAL_SUCCESS != status) 01542 { 01543 pal_freeTLS(&palTLSHandle); 01544 pal_tlsConfigurationFree(&palTLSConf); 01545 pal_x509Free(&trustedServerCA); 01546 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01547 } 01548 01549 /*#11*/ 01550 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01551 if (PAL_SUCCESS != status) 01552 { 01553 pal_freeTLS(&palTLSHandle); 01554 pal_tlsConfigurationFree(&palTLSConf); 01555 pal_x509Free(&trustedServerCA); 01556 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01557 } 01558 /*#12*/ 01559 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01560 if (PAL_SUCCESS != status) 01561 { 01562 pal_freeTLS(&palTLSHandle); 01563 pal_tlsConfigurationFree(&palTLSConf); 01564 pal_x509Free(&trustedServerCA); 01565 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01566 } 01567 /*#13*/ 01568 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01569 if (PAL_SUCCESS != status) 01570 { 01571 pal_freeTLS(&palTLSHandle); 01572 pal_tlsConfigurationFree(&palTLSConf); 01573 pal_x509Free(&trustedServerCA); 01574 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01575 } 01576 /*#14*/ 01577 status = pal_handShake(palTLSHandle, palTLSConf); 01578 if (PAL_SUCCESS != status) 01579 { 01580 pal_freeTLS(&palTLSHandle); 01581 pal_tlsConfigurationFree(&palTLSConf); 01582 pal_x509Free(&trustedServerCA); 01583 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01584 } 01585 /*#15*/ 01586 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01587 if (PAL_SUCCESS != status) 01588 { 01589 pal_freeTLS(&palTLSHandle); 01590 pal_tlsConfigurationFree(&palTLSConf); 01591 pal_x509Free(&trustedServerCA); 01592 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01593 } 01594 /*#16*/ 01595 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01596 if (PAL_SUCCESS != status) 01597 { 01598 pal_freeTLS(&palTLSHandle); 01599 pal_tlsConfigurationFree(&palTLSConf); 01600 pal_x509Free(&trustedServerCA); 01601 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01602 } 01603 01604 pal_osDelay(5000); 01605 /*#14*/ 01606 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01607 if (PAL_SUCCESS != status) 01608 { 01609 pal_freeTLS(&palTLSHandle); 01610 pal_tlsConfigurationFree(&palTLSConf); 01611 pal_x509Free(&trustedServerCA); 01612 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01613 } 01614 01615 /*#17*/ 01616 status = pal_freeTLS(&palTLSHandle); 01617 if (PAL_SUCCESS != status) 01618 { 01619 pal_tlsConfigurationFree(&palTLSConf); 01620 pal_x509Free(&trustedServerCA); 01621 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01622 } 01623 /*#18*/ 01624 status = pal_tlsConfigurationFree(&palTLSConf); 01625 if (PAL_SUCCESS != status) 01626 { 01627 pal_x509Free(&trustedServerCA); 01628 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01629 } 01630 /*#19*/ 01631 status = pal_x509Free(&trustedServerCA); 01632 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01633 01634 status = pal_close(&g_socket); 01635 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01636 01637 /*#20*/ 01638 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01639 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01640 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); 01641 #endif 01642 01643 } 01644 01645 /** 01646 * @brief Test TLS handshake (TCP blocking) with near past time and validate that the handshake didn't update the device time (due to set time rules) 01647 * 01648 * 01649 * | # | Step | Expected | 01650 * |---|--------------------------------|-------------| 01651 * | 1 | Get saved time from SOTP, move forward half day and set time to RAM | PAL_SUCCESS | 01652 * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01653 * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01654 * | 4 | Set the server port. | PAL_SUCCESS | 01655 * | 5 | Parse the CA cert. | PAL_SUCCESS | 01656 * | 6 | Get the CA cert ID. | PAL_SUCCESS | 01657 * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | 01658 * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS | 01659 * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01660 * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01661 * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01662 * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01663 * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01664 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 01665 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 01666 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 01667 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01668 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01669 * | 19 | Free X509 handle. | PAL_SUCCESS | 01670 * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | 01671 */ 01672 TEST(pal_tls, tlsHandshakeTCP_NearPastTrustedServer_NoTimeUpdate) 01673 { 01674 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01675 palStatus_t status = PAL_SUCCESS; 01676 palTLSConfHandle_t palTLSConf = NULLPTR; 01677 palTLSHandle_t palTLSHandle = NULLPTR; 01678 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01679 palSocketAddress_t socketAddr = { 0 }; 01680 palSocketLength_t addressLength = 0; 01681 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01682 uint32_t actualLen = 0; 01683 uint32_t written = 0; 01684 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 01685 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 01686 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01687 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01688 sotp_result_e sotpRes = SOTP_SUCCESS; 01689 uint64_t currentTime = 0; 01690 uint64_t updatedTime = 0; 01691 uint16_t actualSavedTimeSize = 0; 01692 palX509Handle_t trustedServerCA = NULLPTR; 01693 int32_t verifyResult = 0; 01694 01695 /*#1*/ 01696 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 01697 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01698 TEST_ASSERT_TRUE(0 != currentTime); 01699 01700 status = pal_osSetTime(currentTime + (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update) 01701 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01702 /*#2*/ 01703 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01704 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01705 /*#3*/ 01706 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01707 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 01708 { 01709 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 01710 status = pal_close(&g_socket); 01711 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01712 return; 01713 } 01714 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01715 /*#4*/ 01716 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01717 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01718 01719 tlsSocket.addressLength = addressLength; 01720 tlsSocket.socket = g_socket; 01721 01722 /*#5*/ 01723 status = pal_x509Initiate(&trustedServerCA); 01724 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); 01725 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01726 01727 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); 01728 if (PAL_SUCCESS != status) 01729 { 01730 pal_x509Free(&trustedServerCA); 01731 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01732 } 01733 /*#6*/ 01734 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); 01735 if (PAL_SUCCESS != status) 01736 { 01737 pal_x509Free(&trustedServerCA); 01738 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01739 } 01740 /*#7*/ 01741 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); 01742 if (SOTP_SUCCESS != sotpRes) 01743 { 01744 pal_x509Free(&trustedServerCA); 01745 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01746 } 01747 01748 /*#8*/ 01749 status = pal_connect(g_socket, &socketAddr, addressLength); 01750 if (PAL_SUCCESS != status) 01751 { 01752 pal_x509Free(&trustedServerCA); 01753 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01754 } 01755 /*#9*/ 01756 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01757 if (PAL_SUCCESS != status) 01758 { 01759 pal_x509Free(&trustedServerCA); 01760 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01761 } 01762 /*#10*/ 01763 status = pal_initTLS(palTLSConf, &palTLSHandle); 01764 if (PAL_SUCCESS != status) 01765 { 01766 pal_freeTLS(&palTLSHandle); 01767 pal_tlsConfigurationFree(&palTLSConf); 01768 pal_x509Free(&trustedServerCA); 01769 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01770 } 01771 01772 /*#11*/ 01773 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01774 if (PAL_SUCCESS != status) 01775 { 01776 pal_freeTLS(&palTLSHandle); 01777 pal_tlsConfigurationFree(&palTLSConf); 01778 pal_x509Free(&trustedServerCA); 01779 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01780 } 01781 /*#12*/ 01782 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01783 if (PAL_SUCCESS != status) 01784 { 01785 pal_freeTLS(&palTLSHandle); 01786 pal_tlsConfigurationFree(&palTLSConf); 01787 pal_x509Free(&trustedServerCA); 01788 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01789 } 01790 /*#13*/ 01791 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01792 if (PAL_SUCCESS != status) 01793 { 01794 pal_freeTLS(&palTLSHandle); 01795 pal_tlsConfigurationFree(&palTLSConf); 01796 pal_x509Free(&trustedServerCA); 01797 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01798 } 01799 /*#14*/ 01800 status = pal_handShake(palTLSHandle, palTLSConf); 01801 if (PAL_SUCCESS != status) 01802 { 01803 pal_freeTLS(&palTLSHandle); 01804 pal_tlsConfigurationFree(&palTLSConf); 01805 pal_x509Free(&trustedServerCA); 01806 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01807 } 01808 /*#15*/ 01809 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01810 if (PAL_SUCCESS != status) 01811 { 01812 pal_freeTLS(&palTLSHandle); 01813 pal_tlsConfigurationFree(&palTLSConf); 01814 pal_x509Free(&trustedServerCA); 01815 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01816 } 01817 /*#16*/ 01818 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01819 if (PAL_SUCCESS != status) 01820 { 01821 pal_freeTLS(&palTLSHandle); 01822 pal_tlsConfigurationFree(&palTLSConf); 01823 pal_x509Free(&trustedServerCA); 01824 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01825 } 01826 01827 pal_osDelay(5000); 01828 /*#14*/ 01829 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01830 if (PAL_SUCCESS != status) 01831 { 01832 pal_freeTLS(&palTLSHandle); 01833 pal_tlsConfigurationFree(&palTLSConf); 01834 pal_x509Free(&trustedServerCA); 01835 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01836 } 01837 01838 /*#17*/ 01839 status = pal_freeTLS(&palTLSHandle); 01840 if (PAL_SUCCESS != status) 01841 { 01842 pal_tlsConfigurationFree(&palTLSConf); 01843 pal_x509Free(&trustedServerCA); 01844 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01845 } 01846 /*#18*/ 01847 status = pal_tlsConfigurationFree(&palTLSConf); 01848 if (PAL_SUCCESS != status) 01849 { 01850 pal_x509Free(&trustedServerCA); 01851 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01852 } 01853 /*#19*/ 01854 status = pal_x509Free(&trustedServerCA); 01855 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01856 01857 status = pal_close(&g_socket); 01858 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01859 /*#20*/ 01860 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01861 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01862 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); 01863 #endif 01864 } 01865 01866 #endif //PAL_USE_INTERNAL_FLASH 01867 01868 static palStatus_t ThreadHandshakeTCP(bool socketNonBlocking) 01869 { 01870 palStatus_t status = PAL_SUCCESS; 01871 palStatus_t tmpStatus = PAL_SUCCESS; 01872 palTLSConfHandle_t palTLSConf = NULLPTR; 01873 palTLSHandle_t palTLSHandle = NULLPTR; 01874 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01875 palSocketAddress_t socketAddr = {0}; 01876 palSocketLength_t addressLength = 0; 01877 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01878 uint32_t actualLen = 0; 01879 uint32_t written = 0; 01880 palSocket_t socketTCP = 0; 01881 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 01882 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 01883 palTLSSocket_t tlsSocket = { socketTCP, &socketAddr, 0, transportationMode }; 01884 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01885 palTLSTest_t *testTLSCtx = NULL; 01886 palStatus_t mutexStatus = PAL_SUCCESS; 01887 bool mutexWait = false; 01888 int32_t verifyResult = 0; 01889 01890 mutexWait = true; 01891 /*#1*/ 01892 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &socketTCP); 01893 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01894 /*#2*/ 01895 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01896 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01897 01898 tlsSocket.addressLength = addressLength; 01899 tlsSocket.socket = socketTCP; 01900 /*#3*/ 01901 if (true == socketNonBlocking) 01902 { 01903 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB); 01904 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01905 } 01906 else //blocking 01907 { 01908 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT); 01909 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01910 } 01911 01912 /*#4*/ 01913 status = pal_connect(socketTCP, &socketAddr, addressLength); 01914 if (PAL_ERR_SOCKET_IN_PROGRES == status) 01915 { 01916 pal_osDelay(500); 01917 } 01918 else 01919 { 01920 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01921 } 01922 /*#5*/ 01923 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01924 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01925 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 01926 /*#6*/ 01927 status = pal_initTLS(palTLSConf, &palTLSHandle); 01928 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01929 01930 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 01931 //status = pal_sslSetDebugging(palTLSConf, true); 01932 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01933 /*#7*/ 01934 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01935 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01936 /*#8*/ 01937 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01938 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01939 /*#9*/ 01940 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01941 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01942 /*#10*/ 01943 testTLSCtx = (palTLSTest_t*)palTLSHandle; //This casting is done to sign that we are in retry situation. 01944 if (true == socketNonBlocking) 01945 { 01946 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); // More than current epoch time -> success 01947 do 01948 { 01949 if (testTLSCtx->retryHandShake && !g_retryHandshake) 01950 { 01951 g_retryHandshake = true; 01952 if (mutexWait) 01953 { 01954 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 01955 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01956 mutexWait = false; 01957 pal_osDelay(600); 01958 } 01959 } 01960 status = pal_handShake(palTLSHandle, palTLSConf); 01961 } 01962 while ( (PAL_ERR_TLS_WANT_READ == status) || (PAL_ERR_TLS_WANT_WRITE == status)); 01963 } 01964 else //blocking 01965 { 01966 status = pal_handShake(palTLSHandle, palTLSConf); 01967 } 01968 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01969 01970 /*#11*/ 01971 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01972 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01973 /*#12*/ 01974 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01975 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01976 /*#13*/ 01977 pal_osDelay(5000); 01978 01979 /*#14*/ 01980 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01981 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01982 01983 finish: 01984 if (mutexWait) 01985 { 01986 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 01987 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01988 } 01989 /*#15*/ 01990 tmpStatus = pal_freeTLS(&palTLSHandle); 01991 if (PAL_SUCCESS != tmpStatus) 01992 { 01993 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 01994 } 01995 /*#16*/ 01996 tmpStatus = pal_tlsConfigurationFree(&palTLSConf); 01997 if (PAL_SUCCESS != tmpStatus) 01998 { 01999 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 02000 } 02001 /*#17*/ 02002 tmpStatus = pal_close(&socketTCP); 02003 if (PAL_SUCCESS != tmpStatus) 02004 { 02005 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 02006 } 02007 if (PAL_SUCCESS == status) 02008 { 02009 status = tmpStatus; 02010 } 02011 return status; 02012 02013 } 02014 02015 void pal_TCPHandshakeFunc3(void const *argument) 02016 { 02017 palStatus_t mutexStatus = PAL_SUCCESS; 02018 palStatus_t* arg = (palStatus_t*)argument; 02019 02020 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); 02021 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02022 02023 mutexStatus = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); 02024 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02025 02026 *arg = ThreadHandshakeTCP(true); 02027 02028 mutexStatus = pal_osMutexRelease(g_mutex1); 02029 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02030 } 02031 02032 void pal_CertVerify(void const *argument) 02033 { 02034 #if (PAL_ENABLE_X509 == 1) 02035 palStatus_t status = PAL_SUCCESS; 02036 palStatus_t mutexStatus = PAL_SUCCESS; 02037 palStatus_t* arg = (palStatus_t*)argument; 02038 palX509Handle_t certHandle = NULLPTR; 02039 int32_t verifyResult = 0; 02040 02041 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); 02042 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02043 02044 status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); 02045 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02046 02047 status = pal_x509Initiate(&certHandle); 02048 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02049 02050 status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas)); 02051 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02052 02053 PAL_LOG(INFO,"Calling Cert Verify.."); 02054 *arg = pal_x509CertVerifyExtended(certHandle, certHandle, &verifyResult); 02055 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_FUTURE & verifyResult); 02056 02057 pal_x509Free(&certHandle); 02058 02059 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 02060 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02061 02062 mutexStatus = pal_osMutexRelease(g_mutex2); 02063 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02064 #endif 02065 } 02066 02067 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_ENABLE_X509 == 1)) 02068 static void runTLSThreadTest(palThreadFuncPtr func1, palThreadFuncPtr func2, palStatus_t test1Result, palStatus_t test2Result) 02069 { 02070 palStatus_t status = PAL_SUCCESS; 02071 palThreadID_t threadID1 = NULLPTR; 02072 palThreadID_t threadID2 = NULLPTR; 02073 palStatus_t tlsArgs1 = PAL_SUCCESS; 02074 palStatus_t tlsArgs2 = PAL_SUCCESS; 02075 02076 status = pal_osMutexCreate(&g_mutexHandShake1); 02077 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02078 02079 status = pal_osMutexCreate(&g_mutex1); 02080 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02081 02082 status = pal_osMutexCreate(&g_mutex2); 02083 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02084 02085 status = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); 02086 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02087 02088 status = pal_osThreadCreateWithAlloc(func1, &tlsArgs1, PAL_osPriorityHigh , 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID1); 02089 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02090 02091 status = pal_osMutexRelease(g_mutexHandShake1); 02092 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02093 02094 pal_osDelay(100); 02095 02096 status = pal_osThreadCreateWithAlloc(func2, &tlsArgs2, PAL_osPriorityAboveNormal, 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID2); 02097 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02098 02099 status = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); 02100 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02101 02102 status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); 02103 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02104 02105 status = pal_osThreadTerminate(&threadID1); 02106 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02107 02108 status = pal_osThreadTerminate(&threadID2); 02109 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02110 02111 status = pal_osMutexRelease(g_mutex1); 02112 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02113 02114 status = pal_osMutexRelease(g_mutex2); 02115 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02116 02117 status = pal_osMutexDelete(&g_mutex1); 02118 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02119 02120 status = pal_osMutexDelete(&g_mutex2); 02121 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02122 02123 status = pal_osMutexDelete(&g_mutexHandShake1); 02124 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02125 02126 TEST_ASSERT_EQUAL_HEX(test1Result, tlsArgs1); 02127 TEST_ASSERT_EQUAL_HEX(test2Result, tlsArgs2); 02128 } 02129 #endif 02130 02131 02132 02133 /** 02134 * @brief Test try to process certificate verification with future certificate validation time while processing handshake 02135 * in another thread to update the device time, we need to check that certificate verification is done against the 02136 * broken device time (0) and after handshake is done, we need to re-verify against the fixed time according to the 02137 * server time sent by the server during handshake. 02138 * 02139 * 02140 * | # | Step | Expected | 02141 * |---|--------------------------------|-------------| 02142 * | 1 | Create Thread1 to process DTLS handshake | PAL_SUCCESS | 02143 * | 1 | Create Thread2 to process TLS handshake | PAL_ERR_X509_CERT_VERIFY_FAILED | 02144 */ 02145 TEST(pal_tls, TCPHandshakeWhileCertVerify_threads) 02146 { 02147 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_ENABLE_X509 == 1)) 02148 palStatus_t status = PAL_SUCCESS; 02149 palX509Handle_t certHandle = NULLPTR; 02150 uint64_t systemTime = 0; 02151 palSocketAddress_t socketAddr = { 0 }; 02152 palSocketLength_t addressLength = 0; 02153 02154 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 02155 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) 02156 { 02157 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); 02158 return; 02159 } 02160 02161 status = pal_osSetTime(0); 02162 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02163 02164 runTLSThreadTest(pal_TCPHandshakeFunc3, pal_CertVerify, PAL_SUCCESS, PAL_ERR_X509_CERT_VERIFY_FAILED); 02165 02166 systemTime = pal_osGetTime(); 02167 TEST_ASSERT_TRUE(0 < systemTime); 02168 02169 status = pal_x509Initiate(&certHandle); 02170 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02171 02172 status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas)); 02173 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02174 02175 status = pal_x509CertVerify(certHandle, certHandle); 02176 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02177 02178 status = pal_x509Free(&certHandle); 02179 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02180 #endif 02181 } 02182 02183 02184 02185 02186 02187 02188 02189
Generated on Tue Jul 12 2022 19:12:15 by 1.7.2