![](/media/cache/profiles/854d9fca60b4bd07f9bb215d59ef5561.jpg.50x50_q85.jpg)
Fork for workshops
simple-mbed-cloud-client/mbed-cloud-client/mbed-client-pal/Test/PAL_Modules/TLS/pal_tls_test.c@0:6b753f761943, 2018-10-12 (annotated)
- Committer:
- JimCarver
- Date:
- Fri Oct 12 21:22:49 2018 +0000
- Revision:
- 0:6b753f761943
Initial commit
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
JimCarver | 0:6b753f761943 | 1 | /******************************************************************************* |
JimCarver | 0:6b753f761943 | 2 | * Copyright 2016, 2017 ARM Ltd. |
JimCarver | 0:6b753f761943 | 3 | * |
JimCarver | 0:6b753f761943 | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
JimCarver | 0:6b753f761943 | 5 | * you may not use this file except in compliance with the License. |
JimCarver | 0:6b753f761943 | 6 | * You may obtain a copy of the License at |
JimCarver | 0:6b753f761943 | 7 | * |
JimCarver | 0:6b753f761943 | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
JimCarver | 0:6b753f761943 | 9 | * |
JimCarver | 0:6b753f761943 | 10 | * Unless required by applicable law or agreed to in writing, software |
JimCarver | 0:6b753f761943 | 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
JimCarver | 0:6b753f761943 | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
JimCarver | 0:6b753f761943 | 13 | * See the License for the specific language governing permissions and |
JimCarver | 0:6b753f761943 | 14 | * limitations under the License. |
JimCarver | 0:6b753f761943 | 15 | *******************************************************************************/ |
JimCarver | 0:6b753f761943 | 16 | |
JimCarver | 0:6b753f761943 | 17 | #include "unity.h" |
JimCarver | 0:6b753f761943 | 18 | #include "unity_fixture.h" |
JimCarver | 0:6b753f761943 | 19 | #include "pal.h" |
JimCarver | 0:6b753f761943 | 20 | #include "pal_tls_utils.h" |
JimCarver | 0:6b753f761943 | 21 | #include "pal_network.h" |
JimCarver | 0:6b753f761943 | 22 | #include "stdlib.h" |
JimCarver | 0:6b753f761943 | 23 | #include "sotp.h" |
JimCarver | 0:6b753f761943 | 24 | #include "test_runners.h" |
JimCarver | 0:6b753f761943 | 25 | |
JimCarver | 0:6b753f761943 | 26 | #define TRACE_GROUP "TLS_TESTS" |
JimCarver | 0:6b753f761943 | 27 | #define PAL_TEST_PSK_IDENTITY "Client_identity" |
JimCarver | 0:6b753f761943 | 28 | |
JimCarver | 0:6b753f761943 | 29 | #define PAL_TEST_PSK {0x12,0x34,0x45,0x67,0x89,0x10} |
JimCarver | 0:6b753f761943 | 30 | #define PAL_WAIT_TIME 3 |
JimCarver | 0:6b753f761943 | 31 | |
JimCarver | 0:6b753f761943 | 32 | PAL_PRIVATE palSocket_t g_socket = 0; |
JimCarver | 0:6b753f761943 | 33 | extern void * g_palTestTLSInterfaceCTX; // this is set by the palTestMain funciton |
JimCarver | 0:6b753f761943 | 34 | PAL_PRIVATE uint32_t g_interfaceCTXIndex = 0; |
JimCarver | 0:6b753f761943 | 35 | |
JimCarver | 0:6b753f761943 | 36 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 37 | PAL_PRIVATE uint8_t g_trustedServerID[PAL_CERT_ID_SIZE] __attribute__((aligned(4))) = { 0 }; |
JimCarver | 0:6b753f761943 | 38 | PAL_PRIVATE size_t g_actualServerIDSize = 0; |
JimCarver | 0:6b753f761943 | 39 | #endif |
JimCarver | 0:6b753f761943 | 40 | |
JimCarver | 0:6b753f761943 | 41 | PAL_PRIVATE palMutexID_t g_mutex1 = NULLPTR; |
JimCarver | 0:6b753f761943 | 42 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 43 | PAL_PRIVATE palMutexID_t g_mutex2 = NULLPTR; |
JimCarver | 0:6b753f761943 | 44 | #endif |
JimCarver | 0:6b753f761943 | 45 | PAL_PRIVATE palMutexID_t g_mutexHandShake1 = NULLPTR; |
JimCarver | 0:6b753f761943 | 46 | PAL_PRIVATE bool g_retryHandshake = false; |
JimCarver | 0:6b753f761943 | 47 | PAL_PRIVATE const uint8_t g_coapHelloWorldRequest[16] = { 0x50,0x01,0x57,0x3e,0xff,0x2f,0x68,0x65,0x6c,0x6c,0x6f,0x57,0x6f,0x72,0x6c,0x64 }; |
JimCarver | 0:6b753f761943 | 48 | |
JimCarver | 0:6b753f761943 | 49 | #define PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(a, b) \ |
JimCarver | 0:6b753f761943 | 50 | if (a != b) \ |
JimCarver | 0:6b753f761943 | 51 | {\ |
JimCarver | 0:6b753f761943 | 52 | PAL_LOG(ERR,"Expected: %" PRId32 " , Actual: %" PRId32 " , Line: %d\n", (int32_t)a, (int32_t)b, __LINE__);\ |
JimCarver | 0:6b753f761943 | 53 | goto finish;\ |
JimCarver | 0:6b753f761943 | 54 | } |
JimCarver | 0:6b753f761943 | 55 | |
JimCarver | 0:6b753f761943 | 56 | |
JimCarver | 0:6b753f761943 | 57 | //! This structre is for tests only and MUST be the same structure as in the pal_TLS.c file |
JimCarver | 0:6b753f761943 | 58 | //! For any change done in the original structure, please make sure to change this structure too. |
JimCarver | 0:6b753f761943 | 59 | typedef struct palTLSService |
JimCarver | 0:6b753f761943 | 60 | { |
JimCarver | 0:6b753f761943 | 61 | bool retryHandShake; |
JimCarver | 0:6b753f761943 | 62 | uint64_t serverTime; |
JimCarver | 0:6b753f761943 | 63 | palTLSHandle_t platTlsHandle; |
JimCarver | 0:6b753f761943 | 64 | }palTLSTest_t; |
JimCarver | 0:6b753f761943 | 65 | |
JimCarver | 0:6b753f761943 | 66 | TEST_GROUP(pal_tls); |
JimCarver | 0:6b753f761943 | 67 | |
JimCarver | 0:6b753f761943 | 68 | TEST_SETUP(pal_tls) |
JimCarver | 0:6b753f761943 | 69 | { |
JimCarver | 0:6b753f761943 | 70 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 71 | uint64_t currentTime = 1504893346; //GMT: Friday, September 8, 2017 5:55:46 PM |
JimCarver | 0:6b753f761943 | 72 | |
JimCarver | 0:6b753f761943 | 73 | pal_init(); |
JimCarver | 0:6b753f761943 | 74 | |
JimCarver | 0:6b753f761943 | 75 | if (g_palTestTLSInterfaceCTX == NULL) |
JimCarver | 0:6b753f761943 | 76 | { |
JimCarver | 0:6b753f761943 | 77 | PAL_LOG(ERR, "error: net interface not configutred correctly"); |
JimCarver | 0:6b753f761943 | 78 | } |
JimCarver | 0:6b753f761943 | 79 | else |
JimCarver | 0:6b753f761943 | 80 | { |
JimCarver | 0:6b753f761943 | 81 | status = pal_registerNetworkInterface(g_palTestTLSInterfaceCTX, &g_interfaceCTXIndex); |
JimCarver | 0:6b753f761943 | 82 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 83 | } |
JimCarver | 0:6b753f761943 | 84 | |
JimCarver | 0:6b753f761943 | 85 | g_socket = 0; |
JimCarver | 0:6b753f761943 | 86 | |
JimCarver | 0:6b753f761943 | 87 | status = pal_osSetTime(currentTime); |
JimCarver | 0:6b753f761943 | 88 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 89 | |
JimCarver | 0:6b753f761943 | 90 | } |
JimCarver | 0:6b753f761943 | 91 | |
JimCarver | 0:6b753f761943 | 92 | TEST_TEAR_DOWN(pal_tls) |
JimCarver | 0:6b753f761943 | 93 | { |
JimCarver | 0:6b753f761943 | 94 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 95 | if (0 != g_socket) |
JimCarver | 0:6b753f761943 | 96 | { |
JimCarver | 0:6b753f761943 | 97 | pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 98 | } |
JimCarver | 0:6b753f761943 | 99 | |
JimCarver | 0:6b753f761943 | 100 | sotpRes = sotp_delete(SOTP_TYPE_TRUSTED_TIME_SRV_ID); |
JimCarver | 0:6b753f761943 | 101 | TEST_ASSERT_TRUE((SOTP_SUCCESS == sotpRes) || (SOTP_NOT_FOUND == sotpRes)); |
JimCarver | 0:6b753f761943 | 102 | |
JimCarver | 0:6b753f761943 | 103 | pal_destroy(); |
JimCarver | 0:6b753f761943 | 104 | } |
JimCarver | 0:6b753f761943 | 105 | |
JimCarver | 0:6b753f761943 | 106 | /** |
JimCarver | 0:6b753f761943 | 107 | * @brief Test TLS cofiguration initialization and uninitialization. |
JimCarver | 0:6b753f761943 | 108 | * |
JimCarver | 0:6b753f761943 | 109 | * |
JimCarver | 0:6b753f761943 | 110 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 111 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 112 | * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 113 | * | 2 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 114 | */ |
JimCarver | 0:6b753f761943 | 115 | TEST(pal_tls, tlsConfiguration) |
JimCarver | 0:6b753f761943 | 116 | { |
JimCarver | 0:6b753f761943 | 117 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 118 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 119 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 120 | /*#1*/ |
JimCarver | 0:6b753f761943 | 121 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 122 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 123 | TEST_ASSERT_TRUE(NULLPTR != palTLSConf); |
JimCarver | 0:6b753f761943 | 124 | /*#2*/ |
JimCarver | 0:6b753f761943 | 125 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 126 | TEST_ASSERT_EQUAL_HEX(NULLPTR, palTLSConf); |
JimCarver | 0:6b753f761943 | 127 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 128 | } |
JimCarver | 0:6b753f761943 | 129 | |
JimCarver | 0:6b753f761943 | 130 | int palTestEntropySource(void *data, unsigned char *output, size_t len, size_t *olen) |
JimCarver | 0:6b753f761943 | 131 | { |
JimCarver | 0:6b753f761943 | 132 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 133 | (void)data; |
JimCarver | 0:6b753f761943 | 134 | |
JimCarver | 0:6b753f761943 | 135 | status = pal_osRandomBuffer(output, len); |
JimCarver | 0:6b753f761943 | 136 | if (PAL_SUCCESS == status) |
JimCarver | 0:6b753f761943 | 137 | { |
JimCarver | 0:6b753f761943 | 138 | *olen = len; |
JimCarver | 0:6b753f761943 | 139 | } |
JimCarver | 0:6b753f761943 | 140 | else |
JimCarver | 0:6b753f761943 | 141 | { |
JimCarver | 0:6b753f761943 | 142 | return -1; |
JimCarver | 0:6b753f761943 | 143 | } |
JimCarver | 0:6b753f761943 | 144 | return 0; |
JimCarver | 0:6b753f761943 | 145 | } |
JimCarver | 0:6b753f761943 | 146 | |
JimCarver | 0:6b753f761943 | 147 | static void handshakeUDP(bool socketNonBlocking) |
JimCarver | 0:6b753f761943 | 148 | { |
JimCarver | 0:6b753f761943 | 149 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 150 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 151 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 152 | palTLSTransportMode_t transportationMode = PAL_DTLS_MODE; |
JimCarver | 0:6b753f761943 | 153 | palSocketAddress_t socketAddr = {0}; |
JimCarver | 0:6b753f761943 | 154 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 155 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 156 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 157 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 158 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 159 | palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; |
JimCarver | 0:6b753f761943 | 160 | palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; |
JimCarver | 0:6b753f761943 | 161 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 162 | #elif (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 163 | const char* identity = PAL_TEST_PSK_IDENTITY; |
JimCarver | 0:6b753f761943 | 164 | const char psk[]= PAL_TEST_PSK; |
JimCarver | 0:6b753f761943 | 165 | #endif |
JimCarver | 0:6b753f761943 | 166 | palTLSSocket_t tlsSocket = {g_socket, &socketAddr, 0, transportationMode}; |
JimCarver | 0:6b753f761943 | 167 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 168 | |
JimCarver | 0:6b753f761943 | 169 | /*#1*/ |
JimCarver | 0:6b753f761943 | 170 | status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM, socketNonBlocking, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 171 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 172 | /*#2*/ |
JimCarver | 0:6b753f761943 | 173 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 174 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 175 | { |
JimCarver | 0:6b753f761943 | 176 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 177 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 178 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 179 | return; |
JimCarver | 0:6b753f761943 | 180 | } |
JimCarver | 0:6b753f761943 | 181 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 182 | |
JimCarver | 0:6b753f761943 | 183 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 184 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 185 | /*#3*/ |
JimCarver | 0:6b753f761943 | 186 | status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 187 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 188 | /*#4*/ |
JimCarver | 0:6b753f761943 | 189 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 190 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 191 | /*#5*/ |
JimCarver | 0:6b753f761943 | 192 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 193 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 194 | |
JimCarver | 0:6b753f761943 | 195 | // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. |
JimCarver | 0:6b753f761943 | 196 | //status = pal_sslSetDebugging(palTLSConf, true); |
JimCarver | 0:6b753f761943 | 197 | //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 198 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 199 | /*#6*/ |
JimCarver | 0:6b753f761943 | 200 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 201 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 202 | /*#7*/ |
JimCarver | 0:6b753f761943 | 203 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 204 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 205 | #elif (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 206 | /*#6 + #7*/ |
JimCarver | 0:6b753f761943 | 207 | status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); |
JimCarver | 0:6b753f761943 | 208 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 209 | #endif |
JimCarver | 0:6b753f761943 | 210 | /*#8*/ |
JimCarver | 0:6b753f761943 | 211 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 212 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 213 | /*#9*/ |
JimCarver | 0:6b753f761943 | 214 | |
JimCarver | 0:6b753f761943 | 215 | status = pal_setHandShakeTimeOut(palTLSConf, 30000); |
JimCarver | 0:6b753f761943 | 216 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 217 | /*#10*/ |
JimCarver | 0:6b753f761943 | 218 | |
JimCarver | 0:6b753f761943 | 219 | do |
JimCarver | 0:6b753f761943 | 220 | { |
JimCarver | 0:6b753f761943 | 221 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 222 | } |
JimCarver | 0:6b753f761943 | 223 | while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status); |
JimCarver | 0:6b753f761943 | 224 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 225 | |
JimCarver | 0:6b753f761943 | 226 | /*#11*/ |
JimCarver | 0:6b753f761943 | 227 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 228 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 229 | /*#12*/ |
JimCarver | 0:6b753f761943 | 230 | status = pal_sslWrite(palTLSHandle, g_coapHelloWorldRequest, sizeof(g_coapHelloWorldRequest), &written); |
JimCarver | 0:6b753f761943 | 231 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 232 | /*#13*/ |
JimCarver | 0:6b753f761943 | 233 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 234 | /*#14*/ |
JimCarver | 0:6b753f761943 | 235 | do |
JimCarver | 0:6b753f761943 | 236 | { |
JimCarver | 0:6b753f761943 | 237 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 238 | }while (PAL_ERR_TLS_WANT_READ == status); |
JimCarver | 0:6b753f761943 | 239 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 240 | |
JimCarver | 0:6b753f761943 | 241 | /*#15*/ |
JimCarver | 0:6b753f761943 | 242 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 243 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 244 | /*#16*/ |
JimCarver | 0:6b753f761943 | 245 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 246 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 247 | /*#17*/ |
JimCarver | 0:6b753f761943 | 248 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 249 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 250 | } |
JimCarver | 0:6b753f761943 | 251 | |
JimCarver | 0:6b753f761943 | 252 | |
JimCarver | 0:6b753f761943 | 253 | static void handshakeTCP(bool socketNonBlocking) |
JimCarver | 0:6b753f761943 | 254 | { |
JimCarver | 0:6b753f761943 | 255 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 256 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 257 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 258 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 259 | palSocketAddress_t socketAddr = {0}; |
JimCarver | 0:6b753f761943 | 260 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 261 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 262 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 263 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 264 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 265 | palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; |
JimCarver | 0:6b753f761943 | 266 | palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; |
JimCarver | 0:6b753f761943 | 267 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 268 | #elif (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 269 | const char* identity = PAL_TEST_PSK_IDENTITY; |
JimCarver | 0:6b753f761943 | 270 | const char psk[]= PAL_TEST_PSK; |
JimCarver | 0:6b753f761943 | 271 | #endif |
JimCarver | 0:6b753f761943 | 272 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 273 | uint64_t curTimeInSec, timePassedInSec; |
JimCarver | 0:6b753f761943 | 274 | const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds |
JimCarver | 0:6b753f761943 | 275 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 276 | |
JimCarver | 0:6b753f761943 | 277 | |
JimCarver | 0:6b753f761943 | 278 | /*#1*/ |
JimCarver | 0:6b753f761943 | 279 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 280 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 281 | /*#2*/ |
JimCarver | 0:6b753f761943 | 282 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 283 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 284 | { |
JimCarver | 0:6b753f761943 | 285 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 286 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 287 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 288 | return; |
JimCarver | 0:6b753f761943 | 289 | } |
JimCarver | 0:6b753f761943 | 290 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 291 | |
JimCarver | 0:6b753f761943 | 292 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 293 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 294 | /*#3*/ |
JimCarver | 0:6b753f761943 | 295 | if (true == socketNonBlocking) |
JimCarver | 0:6b753f761943 | 296 | { |
JimCarver | 0:6b753f761943 | 297 | status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB); |
JimCarver | 0:6b753f761943 | 298 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 299 | } |
JimCarver | 0:6b753f761943 | 300 | else //blocking |
JimCarver | 0:6b753f761943 | 301 | { |
JimCarver | 0:6b753f761943 | 302 | status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 303 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 304 | } |
JimCarver | 0:6b753f761943 | 305 | |
JimCarver | 0:6b753f761943 | 306 | /*#4*/ |
JimCarver | 0:6b753f761943 | 307 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 308 | if (PAL_ERR_SOCKET_IN_PROGRES == status) |
JimCarver | 0:6b753f761943 | 309 | { |
JimCarver | 0:6b753f761943 | 310 | pal_osDelay(400); |
JimCarver | 0:6b753f761943 | 311 | } |
JimCarver | 0:6b753f761943 | 312 | else |
JimCarver | 0:6b753f761943 | 313 | { |
JimCarver | 0:6b753f761943 | 314 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 315 | } |
JimCarver | 0:6b753f761943 | 316 | /*#5*/ |
JimCarver | 0:6b753f761943 | 317 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 318 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 319 | TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); |
JimCarver | 0:6b753f761943 | 320 | /*#6*/ |
JimCarver | 0:6b753f761943 | 321 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 322 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 323 | |
JimCarver | 0:6b753f761943 | 324 | // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. |
JimCarver | 0:6b753f761943 | 325 | //status = pal_sslSetDebugging(palTLSConf, true); |
JimCarver | 0:6b753f761943 | 326 | //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 327 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 328 | /*#7*/ |
JimCarver | 0:6b753f761943 | 329 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 330 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 331 | /*#8*/ |
JimCarver | 0:6b753f761943 | 332 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 333 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 334 | #elif (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 335 | /*#7 + 8*/ |
JimCarver | 0:6b753f761943 | 336 | status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); |
JimCarver | 0:6b753f761943 | 337 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 338 | #endif |
JimCarver | 0:6b753f761943 | 339 | /*#9*/ |
JimCarver | 0:6b753f761943 | 340 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 341 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 342 | /*#10*/ |
JimCarver | 0:6b753f761943 | 343 | if (true == socketNonBlocking) |
JimCarver | 0:6b753f761943 | 344 | { |
JimCarver | 0:6b753f761943 | 345 | status = pal_osSetTime(minSecSinceEpoch); |
JimCarver | 0:6b753f761943 | 346 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success |
JimCarver | 0:6b753f761943 | 347 | do |
JimCarver | 0:6b753f761943 | 348 | { |
JimCarver | 0:6b753f761943 | 349 | curTimeInSec = pal_osGetTime(); |
JimCarver | 0:6b753f761943 | 350 | TEST_ASSERT_TRUE(curTimeInSec >= minSecSinceEpoch); |
JimCarver | 0:6b753f761943 | 351 | timePassedInSec = curTimeInSec - minSecSinceEpoch; |
JimCarver | 0:6b753f761943 | 352 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 353 | } |
JimCarver | 0:6b753f761943 | 354 | while ( (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status) && |
JimCarver | 0:6b753f761943 | 355 | (timePassedInSec < PAL_SECONDS_PER_MIN)); //2 minutes to wait for handshake |
JimCarver | 0:6b753f761943 | 356 | } |
JimCarver | 0:6b753f761943 | 357 | else //blocking |
JimCarver | 0:6b753f761943 | 358 | { |
JimCarver | 0:6b753f761943 | 359 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 360 | } |
JimCarver | 0:6b753f761943 | 361 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 362 | |
JimCarver | 0:6b753f761943 | 363 | /*#11*/ |
JimCarver | 0:6b753f761943 | 364 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 365 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 366 | /*#12*/ |
JimCarver | 0:6b753f761943 | 367 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 368 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 369 | /*#13*/ |
JimCarver | 0:6b753f761943 | 370 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 371 | /*#14*/ |
JimCarver | 0:6b753f761943 | 372 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 373 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 374 | |
JimCarver | 0:6b753f761943 | 375 | /*#15*/ |
JimCarver | 0:6b753f761943 | 376 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 377 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 378 | /*#16*/ |
JimCarver | 0:6b753f761943 | 379 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 380 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 381 | /*#17*/ |
JimCarver | 0:6b753f761943 | 382 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 383 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 384 | |
JimCarver | 0:6b753f761943 | 385 | } |
JimCarver | 0:6b753f761943 | 386 | |
JimCarver | 0:6b753f761943 | 387 | /** |
JimCarver | 0:6b753f761943 | 388 | * @brief Test TLS initialization and uninitialization. |
JimCarver | 0:6b753f761943 | 389 | * |
JimCarver | 0:6b753f761943 | 390 | * |
JimCarver | 0:6b753f761943 | 391 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 392 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 393 | * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 394 | * | 2 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 395 | * | 3 | Add a NULL entropy source using `pal_addEntropySource`. | PAL_ERR_INVALID_ARGUMENT | |
JimCarver | 0:6b753f761943 | 396 | * | 4 | Add a valid entropy source using `pal_addEntropySource`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 397 | * | 5 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 398 | * | 6 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 399 | */ |
JimCarver | 0:6b753f761943 | 400 | TEST(pal_tls, tlsInitTLS) |
JimCarver | 0:6b753f761943 | 401 | { |
JimCarver | 0:6b753f761943 | 402 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 403 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 404 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 405 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 406 | /*#1*/ |
JimCarver | 0:6b753f761943 | 407 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 408 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 409 | /*#2*/ |
JimCarver | 0:6b753f761943 | 410 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 411 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 412 | #ifdef DEBUG |
JimCarver | 0:6b753f761943 | 413 | /*#3*/ |
JimCarver | 0:6b753f761943 | 414 | status = pal_addEntropySource(NULL); |
JimCarver | 0:6b753f761943 | 415 | TEST_ASSERT_EQUAL_HEX(PAL_ERR_INVALID_ARGUMENT, status); |
JimCarver | 0:6b753f761943 | 416 | #endif |
JimCarver | 0:6b753f761943 | 417 | /*#4*/ |
JimCarver | 0:6b753f761943 | 418 | status = pal_addEntropySource(palTestEntropySource); |
JimCarver | 0:6b753f761943 | 419 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 420 | /*#5*/ |
JimCarver | 0:6b753f761943 | 421 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 422 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 423 | /*#6*/ |
JimCarver | 0:6b753f761943 | 424 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 425 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 426 | } |
JimCarver | 0:6b753f761943 | 427 | |
JimCarver | 0:6b753f761943 | 428 | |
JimCarver | 0:6b753f761943 | 429 | /** |
JimCarver | 0:6b753f761943 | 430 | * @brief Test TLS initialization and uninitialization with additional keys. |
JimCarver | 0:6b753f761943 | 431 | * |
JimCarver | 0:6b753f761943 | 432 | * |
JimCarver | 0:6b753f761943 | 433 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 434 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 435 | * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 436 | * | 2 | Add keys to the configuration using `pal_setOwnCertAndPrivateKey`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 437 | * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 438 | * | 4 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 439 | * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 440 | */ |
JimCarver | 0:6b753f761943 | 441 | TEST(pal_tls, tlsPrivateAndPublicKeys) |
JimCarver | 0:6b753f761943 | 442 | { |
JimCarver | 0:6b753f761943 | 443 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 444 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 445 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 446 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 447 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 448 | palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; |
JimCarver | 0:6b753f761943 | 449 | palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; |
JimCarver | 0:6b753f761943 | 450 | |
JimCarver | 0:6b753f761943 | 451 | /*#1*/ |
JimCarver | 0:6b753f761943 | 452 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 453 | TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); |
JimCarver | 0:6b753f761943 | 454 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 455 | /*#2*/ |
JimCarver | 0:6b753f761943 | 456 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 457 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 458 | /*#3*/ |
JimCarver | 0:6b753f761943 | 459 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 460 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 461 | /*#4*/ |
JimCarver | 0:6b753f761943 | 462 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 463 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 464 | /*#5*/ |
JimCarver | 0:6b753f761943 | 465 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 466 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 467 | #endif |
JimCarver | 0:6b753f761943 | 468 | } |
JimCarver | 0:6b753f761943 | 469 | |
JimCarver | 0:6b753f761943 | 470 | |
JimCarver | 0:6b753f761943 | 471 | /** |
JimCarver | 0:6b753f761943 | 472 | * @brief Test TLS initialization and uninitialization with additional certificate and pre-shared keys. |
JimCarver | 0:6b753f761943 | 473 | * |
JimCarver | 0:6b753f761943 | 474 | * |
JimCarver | 0:6b753f761943 | 475 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 476 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 477 | * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 478 | * | 2 | Set pre-shared keys to the configuration using `pal_setPSK`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 479 | * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver | 0:6b753f761943 | 480 | * | 4 | Uninitialize TLS context using `pal_freeTLS`. |PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 481 | * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 482 | */ |
JimCarver | 0:6b753f761943 | 483 | TEST(pal_tls, tlsCACertandPSK) |
JimCarver | 0:6b753f761943 | 484 | { |
JimCarver | 0:6b753f761943 | 485 | #if (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 486 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 487 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 488 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 489 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 490 | /*#1*/ |
JimCarver | 0:6b753f761943 | 491 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 492 | TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); |
JimCarver | 0:6b753f761943 | 493 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 494 | /*#2*/ |
JimCarver | 0:6b753f761943 | 495 | status = pal_setPSK(palTLSConf, g_psk_id, sizeof(g_psk_id) - 1, g_psk, sizeof(g_psk)); |
JimCarver | 0:6b753f761943 | 496 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 497 | /*#3*/ |
JimCarver | 0:6b753f761943 | 498 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 499 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 500 | /*#4*/ |
JimCarver | 0:6b753f761943 | 501 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 502 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 503 | /*#5*/ |
JimCarver | 0:6b753f761943 | 504 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 505 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 506 | #endif |
JimCarver | 0:6b753f761943 | 507 | } |
JimCarver | 0:6b753f761943 | 508 | |
JimCarver | 0:6b753f761943 | 509 | |
JimCarver | 0:6b753f761943 | 510 | /** |
JimCarver | 0:6b753f761943 | 511 | * @brief Test TLS handshake (TCP blocking). |
JimCarver | 0:6b753f761943 | 512 | * |
JimCarver | 0:6b753f761943 | 513 | * |
JimCarver | 0:6b753f761943 | 514 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 515 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 516 | * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 517 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 518 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 519 | * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 520 | * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 521 | * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 522 | * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 523 | * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 524 | * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 525 | * | 10 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 526 | * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 527 | * | 12 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 528 | * | 13 | Wait for the response. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 529 | * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 530 | * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 531 | * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 532 | * | 17 | Close the TCP socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 533 | */ |
JimCarver | 0:6b753f761943 | 534 | TEST(pal_tls, tlsHandshakeTCP) |
JimCarver | 0:6b753f761943 | 535 | { |
JimCarver | 0:6b753f761943 | 536 | handshakeTCP(false); |
JimCarver | 0:6b753f761943 | 537 | } |
JimCarver | 0:6b753f761943 | 538 | |
JimCarver | 0:6b753f761943 | 539 | /** |
JimCarver | 0:6b753f761943 | 540 | * @brief Test TLS handshake (TCP non-blocking). |
JimCarver | 0:6b753f761943 | 541 | * |
JimCarver | 0:6b753f761943 | 542 | * |
JimCarver | 0:6b753f761943 | 543 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 544 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 545 | * | 1 | Create a TCP (non-blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 546 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 547 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 548 | * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 549 | * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 550 | * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 551 | * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 552 | * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 553 | * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 554 | * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 555 | * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 556 | * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 557 | * | 13 | Wait for the response. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 558 | * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 559 | * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 560 | * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 561 | * | 17 | Close the TCP socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 562 | */ |
JimCarver | 0:6b753f761943 | 563 | TEST(pal_tls, tlsHandshakeTCP_nonBlocking) |
JimCarver | 0:6b753f761943 | 564 | { |
JimCarver | 0:6b753f761943 | 565 | handshakeTCP(true); |
JimCarver | 0:6b753f761943 | 566 | } |
JimCarver | 0:6b753f761943 | 567 | |
JimCarver | 0:6b753f761943 | 568 | /** |
JimCarver | 0:6b753f761943 | 569 | * @brief Test (D)TLS handshake (UDP -blocking). |
JimCarver | 0:6b753f761943 | 570 | * |
JimCarver | 0:6b753f761943 | 571 | * |
JimCarver | 0:6b753f761943 | 572 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 573 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 574 | * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 575 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 576 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 577 | * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 578 | * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 579 | * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 580 | * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 581 | * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 582 | * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 583 | * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 584 | * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 585 | * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 586 | * | 13 | Wait for the response. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 587 | * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 588 | * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 589 | * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 590 | * | 17 | Close the UDP socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 591 | */ |
JimCarver | 0:6b753f761943 | 592 | TEST(pal_tls, tlsHandshakeUDP) |
JimCarver | 0:6b753f761943 | 593 | { |
JimCarver | 0:6b753f761943 | 594 | handshakeUDP(false); |
JimCarver | 0:6b753f761943 | 595 | } |
JimCarver | 0:6b753f761943 | 596 | |
JimCarver | 0:6b753f761943 | 597 | /** |
JimCarver | 0:6b753f761943 | 598 | * @brief Test (D)TLS handshake (UDP -NonBlocking). |
JimCarver | 0:6b753f761943 | 599 | * |
JimCarver | 0:6b753f761943 | 600 | * |
JimCarver | 0:6b753f761943 | 601 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 602 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 603 | * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 604 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 605 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 606 | * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 607 | * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 608 | * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 609 | * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 610 | * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 611 | * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 612 | * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 613 | * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 614 | * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 615 | * | 13 | Wait for the response. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 616 | * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 617 | * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 618 | * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 619 | * | 17 | Close the UDP socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 620 | */ |
JimCarver | 0:6b753f761943 | 621 | TEST(pal_tls, tlsHandshakeUDP_NonBlocking) |
JimCarver | 0:6b753f761943 | 622 | { |
JimCarver | 0:6b753f761943 | 623 | handshakeUDP(true); |
JimCarver | 0:6b753f761943 | 624 | } |
JimCarver | 0:6b753f761943 | 625 | |
JimCarver | 0:6b753f761943 | 626 | /** |
JimCarver | 0:6b753f761943 | 627 | * @brief Test (D)TLS handshake (UDP non-blocking) with a very short timeout to see if you get a timeout. |
JimCarver | 0:6b753f761943 | 628 | * |
JimCarver | 0:6b753f761943 | 629 | * |
JimCarver | 0:6b753f761943 | 630 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 631 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 632 | * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 633 | * | 2 | Perform a DNS lookup on server adderss. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 634 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 635 | * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 636 | * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 637 | * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 638 | * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 639 | * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 640 | * | 9 | Set a short timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 641 | * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_ERR_TIMEOUT_EXPIRED | |
JimCarver | 0:6b753f761943 | 642 | * | 11 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 643 | * | 12 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 644 | */ |
JimCarver | 0:6b753f761943 | 645 | TEST(pal_tls, tlsHandshakeUDPTimeOut) |
JimCarver | 0:6b753f761943 | 646 | { |
JimCarver | 0:6b753f761943 | 647 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 648 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 649 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 650 | palTLSTransportMode_t transportationMode = PAL_DTLS_MODE; |
JimCarver | 0:6b753f761943 | 651 | palSocketAddress_t socketAddr = { 0 }; |
JimCarver | 0:6b753f761943 | 652 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 653 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 654 | palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; |
JimCarver | 0:6b753f761943 | 655 | palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; |
JimCarver | 0:6b753f761943 | 656 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 657 | #elif (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 658 | const char* identity = PAL_TEST_PSK_IDENTITY; |
JimCarver | 0:6b753f761943 | 659 | const char psk[]= PAL_TEST_PSK; |
JimCarver | 0:6b753f761943 | 660 | #endif |
JimCarver | 0:6b753f761943 | 661 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 662 | |
JimCarver | 0:6b753f761943 | 663 | uint64_t curTimeInSec; |
JimCarver | 0:6b753f761943 | 664 | const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds |
JimCarver | 0:6b753f761943 | 665 | |
JimCarver | 0:6b753f761943 | 666 | /*#1*/ |
JimCarver | 0:6b753f761943 | 667 | status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 668 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 669 | /*#2*/ |
JimCarver | 0:6b753f761943 | 670 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 671 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 672 | { |
JimCarver | 0:6b753f761943 | 673 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 674 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 675 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 676 | return; |
JimCarver | 0:6b753f761943 | 677 | } |
JimCarver | 0:6b753f761943 | 678 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 679 | |
JimCarver | 0:6b753f761943 | 680 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 681 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 682 | /*#3*/ |
JimCarver | 0:6b753f761943 | 683 | status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT_TIMEOUT); |
JimCarver | 0:6b753f761943 | 684 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 685 | /*#4*/ |
JimCarver | 0:6b753f761943 | 686 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 687 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 688 | /*#5*/ |
JimCarver | 0:6b753f761943 | 689 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 690 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 691 | |
JimCarver | 0:6b753f761943 | 692 | // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. |
JimCarver | 0:6b753f761943 | 693 | //status = pal_sslSetDebugging(palTLSConf, true); |
JimCarver | 0:6b753f761943 | 694 | //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 695 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 696 | /*#6*/ |
JimCarver | 0:6b753f761943 | 697 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 698 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 699 | /*#7*/ |
JimCarver | 0:6b753f761943 | 700 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 701 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 702 | #elif (PAL_ENABLE_PSK == 1) |
JimCarver | 0:6b753f761943 | 703 | /*#6 + #7*/ |
JimCarver | 0:6b753f761943 | 704 | status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); |
JimCarver | 0:6b753f761943 | 705 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 706 | #endif |
JimCarver | 0:6b753f761943 | 707 | /*#8*/ |
JimCarver | 0:6b753f761943 | 708 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 709 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 710 | /*#9*/ |
JimCarver | 0:6b753f761943 | 711 | status = pal_setHandShakeTimeOut(palTLSConf, 100); |
JimCarver | 0:6b753f761943 | 712 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 713 | |
JimCarver | 0:6b753f761943 | 714 | status = pal_osSetTime(minSecSinceEpoch); |
JimCarver | 0:6b753f761943 | 715 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success |
JimCarver | 0:6b753f761943 | 716 | /*#10*/ |
JimCarver | 0:6b753f761943 | 717 | do |
JimCarver | 0:6b753f761943 | 718 | { |
JimCarver | 0:6b753f761943 | 719 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 720 | } |
JimCarver | 0:6b753f761943 | 721 | while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status); |
JimCarver | 0:6b753f761943 | 722 | |
JimCarver | 0:6b753f761943 | 723 | curTimeInSec = pal_osGetTime(); |
JimCarver | 0:6b753f761943 | 724 | TEST_ASSERT_EQUAL_HEX(PAL_ERR_TIMEOUT_EXPIRED, status); |
JimCarver | 0:6b753f761943 | 725 | TEST_ASSERT_TRUE(curTimeInSec - minSecSinceEpoch <= PAL_WAIT_TIME); //less than PAL_WAIT_TIME seconds |
JimCarver | 0:6b753f761943 | 726 | /*#11*/ |
JimCarver | 0:6b753f761943 | 727 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 728 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 729 | /*#12*/ |
JimCarver | 0:6b753f761943 | 730 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 731 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 732 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 733 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 734 | } |
JimCarver | 0:6b753f761943 | 735 | |
JimCarver | 0:6b753f761943 | 736 | #if PAL_USE_INTERNAL_FLASH |
JimCarver | 0:6b753f761943 | 737 | /** |
JimCarver | 0:6b753f761943 | 738 | * @brief Test TLS handshake (TCP blocking). |
JimCarver | 0:6b753f761943 | 739 | * |
JimCarver | 0:6b753f761943 | 740 | * |
JimCarver | 0:6b753f761943 | 741 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 742 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 743 | * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 744 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 745 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 746 | * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 747 | * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 748 | * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 749 | * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 750 | * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 751 | * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 752 | * | 10 | Set device time to be in future. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 753 | * | 11 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 754 | * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 755 | * | 13 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 756 | * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 757 | * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 758 | * | 16 | Close the TCP socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 759 | * | 17 | Check that time is updated. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 760 | * | 18 | Verify that the SOTP time value was updated. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 761 | */ |
JimCarver | 0:6b753f761943 | 762 | TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M) |
JimCarver | 0:6b753f761943 | 763 | { |
JimCarver | 0:6b753f761943 | 764 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 765 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 766 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 767 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 768 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 769 | palSocketAddress_t socketAddr = {0}; |
JimCarver | 0:6b753f761943 | 770 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 771 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 772 | palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; |
JimCarver | 0:6b753f761943 | 773 | palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; |
JimCarver | 0:6b753f761943 | 774 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 775 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 776 | |
JimCarver | 0:6b753f761943 | 777 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 778 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 779 | uint64_t deviceTime = pal_osGetTime(); //get device time to update it in case of failure |
JimCarver | 0:6b753f761943 | 780 | uint64_t currentTime = 0; |
JimCarver | 0:6b753f761943 | 781 | uint16_t actualSavedTimeSize = 0; |
JimCarver | 0:6b753f761943 | 782 | uint64_t initialSOTPTime = 0; |
JimCarver | 0:6b753f761943 | 783 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 784 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 785 | |
JimCarver | 0:6b753f761943 | 786 | |
JimCarver | 0:6b753f761943 | 787 | /*#1*/ |
JimCarver | 0:6b753f761943 | 788 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 789 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 790 | |
JimCarver | 0:6b753f761943 | 791 | |
JimCarver | 0:6b753f761943 | 792 | /*#2*/ |
JimCarver | 0:6b753f761943 | 793 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 794 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 795 | { |
JimCarver | 0:6b753f761943 | 796 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 797 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 798 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 799 | return; |
JimCarver | 0:6b753f761943 | 800 | } |
JimCarver | 0:6b753f761943 | 801 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 802 | |
JimCarver | 0:6b753f761943 | 803 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 804 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 805 | /*#3*/ |
JimCarver | 0:6b753f761943 | 806 | status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 807 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 808 | /*#4*/ |
JimCarver | 0:6b753f761943 | 809 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 810 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 811 | /*#5*/ |
JimCarver | 0:6b753f761943 | 812 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 813 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 814 | /*#6*/ |
JimCarver | 0:6b753f761943 | 815 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 816 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 817 | /*#7*/ |
JimCarver | 0:6b753f761943 | 818 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 819 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 820 | /*#8*/ |
JimCarver | 0:6b753f761943 | 821 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 822 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 823 | /*#9*/ |
JimCarver | 0:6b753f761943 | 824 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 825 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 826 | /*#10*/ |
JimCarver | 0:6b753f761943 | 827 | |
JimCarver | 0:6b753f761943 | 828 | sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(initialSOTPTime), (uint32_t*)&initialSOTPTime); |
JimCarver | 0:6b753f761943 | 829 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 830 | status = pal_osSetTime(0);//back in the past to set time to the future during handhsake |
JimCarver | 0:6b753f761943 | 831 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 832 | /*#11*/ |
JimCarver | 0:6b753f761943 | 833 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 834 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 835 | { |
JimCarver | 0:6b753f761943 | 836 | pal_osSetTime(deviceTime); |
JimCarver | 0:6b753f761943 | 837 | } |
JimCarver | 0:6b753f761943 | 838 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 839 | /*#12*/ |
JimCarver | 0:6b753f761943 | 840 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 841 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 842 | /*#13*/ |
JimCarver | 0:6b753f761943 | 843 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 844 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 845 | |
JimCarver | 0:6b753f761943 | 846 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 847 | /*#14*/ |
JimCarver | 0:6b753f761943 | 848 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 849 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 850 | /*#14*/ |
JimCarver | 0:6b753f761943 | 851 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 852 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 853 | /*#15*/ |
JimCarver | 0:6b753f761943 | 854 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 855 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 856 | /*#16*/ |
JimCarver | 0:6b753f761943 | 857 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 858 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 859 | /*#17*/ |
JimCarver | 0:6b753f761943 | 860 | deviceTime = pal_osGetTime(); |
JimCarver | 0:6b753f761943 | 861 | TEST_ASSERT_TRUE(0 != deviceTime); |
JimCarver | 0:6b753f761943 | 862 | /*#18*/ |
JimCarver | 0:6b753f761943 | 863 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 864 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 865 | TEST_ASSERT_TRUE(0 != currentTime); |
JimCarver | 0:6b753f761943 | 866 | #endif |
JimCarver | 0:6b753f761943 | 867 | } |
JimCarver | 0:6b753f761943 | 868 | |
JimCarver | 0:6b753f761943 | 869 | /** |
JimCarver | 0:6b753f761943 | 870 | * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules) |
JimCarver | 0:6b753f761943 | 871 | * |
JimCarver | 0:6b753f761943 | 872 | * |
JimCarver | 0:6b753f761943 | 873 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 874 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 875 | * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 876 | * | 2 | Update `SOTP_TYPE_SAVED_TIME` directly in SOTP to the new time from #1 | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 877 | * | 3 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 878 | * | 4 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 879 | * | 5 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 880 | * | 6 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 881 | * | 7 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 882 | * | 8 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 883 | * | 9 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 884 | * | 10 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 885 | * | 11 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 886 | * | 12 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 887 | * | 13 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 888 | * | 14 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 889 | * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 890 | * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 891 | * | 17 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 892 | */ |
JimCarver | 0:6b753f761943 | 893 | TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M_NoTimeUpdate) |
JimCarver | 0:6b753f761943 | 894 | { |
JimCarver | 0:6b753f761943 | 895 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 896 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 897 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 898 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 899 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 900 | palSocketAddress_t socketAddr = { 0 }; |
JimCarver | 0:6b753f761943 | 901 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 902 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 903 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 904 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 905 | palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; |
JimCarver | 0:6b753f761943 | 906 | palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; |
JimCarver | 0:6b753f761943 | 907 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 908 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 909 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 910 | uint64_t currentTime = 0; |
JimCarver | 0:6b753f761943 | 911 | uint64_t tmpTime = 0; |
JimCarver | 0:6b753f761943 | 912 | uint64_t updatedTime = 0; |
JimCarver | 0:6b753f761943 | 913 | uint16_t actualSavedTimeSize = 0; |
JimCarver | 0:6b753f761943 | 914 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 915 | |
JimCarver | 0:6b753f761943 | 916 | /*#1*/ |
JimCarver | 0:6b753f761943 | 917 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(tmpTime), (uint32_t*)&tmpTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 918 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 919 | |
JimCarver | 0:6b753f761943 | 920 | currentTime = tmpTime - (PAL_SECONDS_PER_DAY / 2); //going back half day to simulate future server by half day (in order to prevent time update) |
JimCarver | 0:6b753f761943 | 921 | status = pal_osSetTime(currentTime); |
JimCarver | 0:6b753f761943 | 922 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 923 | /*#2*/ |
JimCarver | 0:6b753f761943 | 924 | sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(currentTime), (uint32_t*)¤tTime); |
JimCarver | 0:6b753f761943 | 925 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 926 | |
JimCarver | 0:6b753f761943 | 927 | /*#3*/ |
JimCarver | 0:6b753f761943 | 928 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 929 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 930 | /*#4*/ |
JimCarver | 0:6b753f761943 | 931 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 932 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 933 | { |
JimCarver | 0:6b753f761943 | 934 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 935 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 936 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 937 | return; |
JimCarver | 0:6b753f761943 | 938 | } |
JimCarver | 0:6b753f761943 | 939 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 940 | /*#5*/ |
JimCarver | 0:6b753f761943 | 941 | status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 942 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 943 | |
JimCarver | 0:6b753f761943 | 944 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 945 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 946 | |
JimCarver | 0:6b753f761943 | 947 | /*#6*/ |
JimCarver | 0:6b753f761943 | 948 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 949 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 950 | /*#7*/ |
JimCarver | 0:6b753f761943 | 951 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 952 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 953 | /*#8*/ |
JimCarver | 0:6b753f761943 | 954 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 955 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 956 | { |
JimCarver | 0:6b753f761943 | 957 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 958 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 959 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 960 | } |
JimCarver | 0:6b753f761943 | 961 | |
JimCarver | 0:6b753f761943 | 962 | /*#9*/ |
JimCarver | 0:6b753f761943 | 963 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 964 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 965 | { |
JimCarver | 0:6b753f761943 | 966 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 967 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 968 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 969 | } |
JimCarver | 0:6b753f761943 | 970 | /*#10*/ |
JimCarver | 0:6b753f761943 | 971 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 972 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 973 | { |
JimCarver | 0:6b753f761943 | 974 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 975 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 976 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 977 | } |
JimCarver | 0:6b753f761943 | 978 | /*#11*/ |
JimCarver | 0:6b753f761943 | 979 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 980 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 981 | { |
JimCarver | 0:6b753f761943 | 982 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 983 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 984 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 985 | } |
JimCarver | 0:6b753f761943 | 986 | /*#12*/ |
JimCarver | 0:6b753f761943 | 987 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 988 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 989 | { |
JimCarver | 0:6b753f761943 | 990 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 991 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 992 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 993 | } |
JimCarver | 0:6b753f761943 | 994 | /*#13*/ |
JimCarver | 0:6b753f761943 | 995 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 996 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 997 | { |
JimCarver | 0:6b753f761943 | 998 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 999 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1000 | TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); |
JimCarver | 0:6b753f761943 | 1001 | } |
JimCarver | 0:6b753f761943 | 1002 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1003 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 1004 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1005 | { |
JimCarver | 0:6b753f761943 | 1006 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1007 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1008 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1009 | } |
JimCarver | 0:6b753f761943 | 1010 | |
JimCarver | 0:6b753f761943 | 1011 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 1012 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1013 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 1014 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1015 | { |
JimCarver | 0:6b753f761943 | 1016 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1017 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1018 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1019 | } |
JimCarver | 0:6b753f761943 | 1020 | |
JimCarver | 0:6b753f761943 | 1021 | /*#15*/ |
JimCarver | 0:6b753f761943 | 1022 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1023 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1024 | { |
JimCarver | 0:6b753f761943 | 1025 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1026 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1027 | } |
JimCarver | 0:6b753f761943 | 1028 | /*#16*/ |
JimCarver | 0:6b753f761943 | 1029 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1030 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1031 | |
JimCarver | 0:6b753f761943 | 1032 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1033 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1034 | |
JimCarver | 0:6b753f761943 | 1035 | /*#17*/ |
JimCarver | 0:6b753f761943 | 1036 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1037 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1038 | TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); |
JimCarver | 0:6b753f761943 | 1039 | #endif |
JimCarver | 0:6b753f761943 | 1040 | } |
JimCarver | 0:6b753f761943 | 1041 | |
JimCarver | 0:6b753f761943 | 1042 | |
JimCarver | 0:6b753f761943 | 1043 | /** |
JimCarver | 0:6b753f761943 | 1044 | * @brief Test TLS handshake (TCP blocking) with future time to make handshake to fail due to bad cert time from server. |
JimCarver | 0:6b753f761943 | 1045 | * |
JimCarver | 0:6b753f761943 | 1046 | * |
JimCarver | 0:6b753f761943 | 1047 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 1048 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 1049 | * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1050 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1051 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1052 | * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1053 | * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1054 | * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1055 | * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1056 | * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1057 | * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1058 | * | 10 | Setsystem time to be far in the future `pal_osSetTime`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1059 | * | 11 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_ERR_X509_CERT_VERIFY_FAILED | |
JimCarver | 0:6b753f761943 | 1060 | * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_ERR_X509_BADCERT_EXPIRED | |
JimCarver | 0:6b753f761943 | 1061 | * | 13 | Set tme back to the original time before the test. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1062 | * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1063 | * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1064 | * | 16 | Verify that the SOTP time value was not changed. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1065 | */ |
JimCarver | 0:6b753f761943 | 1066 | TEST(pal_tls, tlsHandshakeTCP_ExpiredLWM2MCert) |
JimCarver | 0:6b753f761943 | 1067 | { |
JimCarver | 0:6b753f761943 | 1068 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 1069 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1070 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 1071 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 1072 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 1073 | palSocketAddress_t socketAddr = {0}; |
JimCarver | 0:6b753f761943 | 1074 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 1075 | palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; |
JimCarver | 0:6b753f761943 | 1076 | palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; |
JimCarver | 0:6b753f761943 | 1077 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 1078 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 1079 | uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT |
JimCarver | 0:6b753f761943 | 1080 | uint64_t currentTime = 0; |
JimCarver | 0:6b753f761943 | 1081 | uint64_t currentSOTPTime = 0; |
JimCarver | 0:6b753f761943 | 1082 | uint16_t actualSavedTimeSize = 0; |
JimCarver | 0:6b753f761943 | 1083 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 1084 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 1085 | |
JimCarver | 0:6b753f761943 | 1086 | |
JimCarver | 0:6b753f761943 | 1087 | /*#1*/ |
JimCarver | 0:6b753f761943 | 1088 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 1089 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1090 | /*#2*/ |
JimCarver | 0:6b753f761943 | 1091 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 1092 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 1093 | { |
JimCarver | 0:6b753f761943 | 1094 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 1095 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1096 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1097 | return; |
JimCarver | 0:6b753f761943 | 1098 | } |
JimCarver | 0:6b753f761943 | 1099 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1100 | |
JimCarver | 0:6b753f761943 | 1101 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 1102 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 1103 | /*#3*/ |
JimCarver | 0:6b753f761943 | 1104 | status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 1105 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1106 | /*#4*/ |
JimCarver | 0:6b753f761943 | 1107 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 1108 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1109 | /*#5*/ |
JimCarver | 0:6b753f761943 | 1110 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 1111 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1112 | /*#6*/ |
JimCarver | 0:6b753f761943 | 1113 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 1114 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1115 | { |
JimCarver | 0:6b753f761943 | 1116 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1117 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1118 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1119 | } |
JimCarver | 0:6b753f761943 | 1120 | |
JimCarver | 0:6b753f761943 | 1121 | /*#7*/ |
JimCarver | 0:6b753f761943 | 1122 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 1123 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1124 | { |
JimCarver | 0:6b753f761943 | 1125 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1126 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1127 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1128 | } |
JimCarver | 0:6b753f761943 | 1129 | /*#8*/ |
JimCarver | 0:6b753f761943 | 1130 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 1131 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1132 | { |
JimCarver | 0:6b753f761943 | 1133 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1134 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1135 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1136 | } |
JimCarver | 0:6b753f761943 | 1137 | /*#9*/ |
JimCarver | 0:6b753f761943 | 1138 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 1139 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1140 | { |
JimCarver | 0:6b753f761943 | 1141 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1142 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1143 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1144 | } |
JimCarver | 0:6b753f761943 | 1145 | /*#10*/ |
JimCarver | 0:6b753f761943 | 1146 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1147 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1148 | status = pal_osSetTime(futureTime); |
JimCarver | 0:6b753f761943 | 1149 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1150 | { |
JimCarver | 0:6b753f761943 | 1151 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1152 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1153 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1154 | } |
JimCarver | 0:6b753f761943 | 1155 | /*#11*/ |
JimCarver | 0:6b753f761943 | 1156 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 1157 | if (PAL_ERR_X509_CERT_VERIFY_FAILED != status) |
JimCarver | 0:6b753f761943 | 1158 | { |
JimCarver | 0:6b753f761943 | 1159 | pal_osSetTime(currentTime); |
JimCarver | 0:6b753f761943 | 1160 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1161 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1162 | TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_CERT_VERIFY_FAILED, status); |
JimCarver | 0:6b753f761943 | 1163 | } |
JimCarver | 0:6b753f761943 | 1164 | /*#12*/ |
JimCarver | 0:6b753f761943 | 1165 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 1166 | if ((PAL_ERR_X509_CERT_VERIFY_FAILED != status) || (0 == (PAL_ERR_X509_BADCERT_EXPIRED & verifyResult))) |
JimCarver | 0:6b753f761943 | 1167 | { |
JimCarver | 0:6b753f761943 | 1168 | pal_osSetTime(currentTime); |
JimCarver | 0:6b753f761943 | 1169 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1170 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1171 | TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); |
JimCarver | 0:6b753f761943 | 1172 | } |
JimCarver | 0:6b753f761943 | 1173 | /*#13*/ |
JimCarver | 0:6b753f761943 | 1174 | status = pal_osSetTime(currentTime); |
JimCarver | 0:6b753f761943 | 1175 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1176 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1177 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1178 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1179 | { |
JimCarver | 0:6b753f761943 | 1180 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1181 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1182 | } |
JimCarver | 0:6b753f761943 | 1183 | /*#15*/ |
JimCarver | 0:6b753f761943 | 1184 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1185 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1186 | |
JimCarver | 0:6b753f761943 | 1187 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1188 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1189 | |
JimCarver | 0:6b753f761943 | 1190 | /*#16*/ |
JimCarver | 0:6b753f761943 | 1191 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentSOTPTime), (uint32_t*)¤tSOTPTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1192 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1193 | TEST_ASSERT_TRUE(futureTime <= currentSOTPTime); |
JimCarver | 0:6b753f761943 | 1194 | #endif |
JimCarver | 0:6b753f761943 | 1195 | } |
JimCarver | 0:6b753f761943 | 1196 | |
JimCarver | 0:6b753f761943 | 1197 | /** |
JimCarver | 0:6b753f761943 | 1198 | * @brief Test TLS handshake (TCP blocking) with future time to make handshake update the device time according to the server time. |
JimCarver | 0:6b753f761943 | 1199 | * |
JimCarver | 0:6b753f761943 | 1200 | * |
JimCarver | 0:6b753f761943 | 1201 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 1202 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 1203 | * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1204 | * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1205 | * | 3 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1206 | * | 4 | Parse the CA cert. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1207 | * | 5 | Get the CA cert ID. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1208 | * | 6 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1209 | * | 7 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1210 | * | 8 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1211 | * | 9 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1212 | * | 10 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1213 | * | 11 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1214 | * | 12 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1215 | * | 13 | Set system time to be far in the future `pal_osSetTime`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1216 | * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1217 | * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1218 | * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1219 | * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1220 | * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1221 | * | 19 | Free X509 handle. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1222 | * | 20 | Verify that the time updated during the handshake. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1223 | */ |
JimCarver | 0:6b753f761943 | 1224 | TEST(pal_tls, tlsHandshakeTCP_ExpiredServerCert_Trusted) |
JimCarver | 0:6b753f761943 | 1225 | { |
JimCarver | 0:6b753f761943 | 1226 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 1227 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1228 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 1229 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 1230 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 1231 | palSocketAddress_t socketAddr = { 0 }; |
JimCarver | 0:6b753f761943 | 1232 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 1233 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 1234 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 1235 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 1236 | palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; |
JimCarver | 0:6b753f761943 | 1237 | palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; |
JimCarver | 0:6b753f761943 | 1238 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 1239 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 1240 | uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT |
JimCarver | 0:6b753f761943 | 1241 | uint64_t updatedTime = 0; |
JimCarver | 0:6b753f761943 | 1242 | uint16_t actualSavedTimeSize = 0; |
JimCarver | 0:6b753f761943 | 1243 | palX509Handle_t trustedServerCA = NULLPTR; |
JimCarver | 0:6b753f761943 | 1244 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 1245 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 1246 | |
JimCarver | 0:6b753f761943 | 1247 | /*#1*/ |
JimCarver | 0:6b753f761943 | 1248 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 1249 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1250 | /*#2*/ |
JimCarver | 0:6b753f761943 | 1251 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 1252 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 1253 | { |
JimCarver | 0:6b753f761943 | 1254 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 1255 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1256 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1257 | return; |
JimCarver | 0:6b753f761943 | 1258 | } |
JimCarver | 0:6b753f761943 | 1259 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1260 | /*#3*/ |
JimCarver | 0:6b753f761943 | 1261 | status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 1262 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1263 | |
JimCarver | 0:6b753f761943 | 1264 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 1265 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 1266 | /*#4*/ |
JimCarver | 0:6b753f761943 | 1267 | status = pal_x509Initiate(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1268 | TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); |
JimCarver | 0:6b753f761943 | 1269 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1270 | |
JimCarver | 0:6b753f761943 | 1271 | status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); |
JimCarver | 0:6b753f761943 | 1272 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1273 | { |
JimCarver | 0:6b753f761943 | 1274 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1275 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1276 | } |
JimCarver | 0:6b753f761943 | 1277 | /*#5*/ |
JimCarver | 0:6b753f761943 | 1278 | status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); |
JimCarver | 0:6b753f761943 | 1279 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1280 | { |
JimCarver | 0:6b753f761943 | 1281 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1282 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1283 | } |
JimCarver | 0:6b753f761943 | 1284 | /*#6*/ |
JimCarver | 0:6b753f761943 | 1285 | sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); |
JimCarver | 0:6b753f761943 | 1286 | if (SOTP_SUCCESS != sotpRes) |
JimCarver | 0:6b753f761943 | 1287 | { |
JimCarver | 0:6b753f761943 | 1288 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1289 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1290 | } |
JimCarver | 0:6b753f761943 | 1291 | |
JimCarver | 0:6b753f761943 | 1292 | /*#7*/ |
JimCarver | 0:6b753f761943 | 1293 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 1294 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1295 | { |
JimCarver | 0:6b753f761943 | 1296 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1297 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1298 | } |
JimCarver | 0:6b753f761943 | 1299 | /*#8*/ |
JimCarver | 0:6b753f761943 | 1300 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 1301 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1302 | /*#9*/ |
JimCarver | 0:6b753f761943 | 1303 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 1304 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1305 | { |
JimCarver | 0:6b753f761943 | 1306 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1307 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1308 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1309 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1310 | } |
JimCarver | 0:6b753f761943 | 1311 | |
JimCarver | 0:6b753f761943 | 1312 | /*#10*/ |
JimCarver | 0:6b753f761943 | 1313 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 1314 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1315 | { |
JimCarver | 0:6b753f761943 | 1316 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1317 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1318 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1319 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1320 | } |
JimCarver | 0:6b753f761943 | 1321 | /*#11*/ |
JimCarver | 0:6b753f761943 | 1322 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 1323 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1324 | { |
JimCarver | 0:6b753f761943 | 1325 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1326 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1327 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1328 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1329 | } |
JimCarver | 0:6b753f761943 | 1330 | /*#12*/ |
JimCarver | 0:6b753f761943 | 1331 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 1332 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1333 | { |
JimCarver | 0:6b753f761943 | 1334 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1335 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1336 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1337 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1338 | } |
JimCarver | 0:6b753f761943 | 1339 | /*#13*/ |
JimCarver | 0:6b753f761943 | 1340 | status = pal_osSetStrongTime(futureTime); |
JimCarver | 0:6b753f761943 | 1341 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1342 | { |
JimCarver | 0:6b753f761943 | 1343 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1344 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1345 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1346 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1347 | } |
JimCarver | 0:6b753f761943 | 1348 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1349 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 1350 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1351 | { |
JimCarver | 0:6b753f761943 | 1352 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1353 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1354 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1355 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1356 | } |
JimCarver | 0:6b753f761943 | 1357 | /*#15*/ |
JimCarver | 0:6b753f761943 | 1358 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 1359 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1360 | { |
JimCarver | 0:6b753f761943 | 1361 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1362 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1363 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1364 | TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); |
JimCarver | 0:6b753f761943 | 1365 | } |
JimCarver | 0:6b753f761943 | 1366 | /*#16*/ |
JimCarver | 0:6b753f761943 | 1367 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 1368 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1369 | { |
JimCarver | 0:6b753f761943 | 1370 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1371 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1372 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1373 | TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status); |
JimCarver | 0:6b753f761943 | 1374 | } |
JimCarver | 0:6b753f761943 | 1375 | |
JimCarver | 0:6b753f761943 | 1376 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 1377 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1378 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 1379 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1380 | { |
JimCarver | 0:6b753f761943 | 1381 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1382 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1383 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1384 | TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status); |
JimCarver | 0:6b753f761943 | 1385 | } |
JimCarver | 0:6b753f761943 | 1386 | |
JimCarver | 0:6b753f761943 | 1387 | /*#17*/ |
JimCarver | 0:6b753f761943 | 1388 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1389 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1390 | { |
JimCarver | 0:6b753f761943 | 1391 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1392 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1393 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1394 | } |
JimCarver | 0:6b753f761943 | 1395 | /*#18*/ |
JimCarver | 0:6b753f761943 | 1396 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1397 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1398 | { |
JimCarver | 0:6b753f761943 | 1399 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1400 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1401 | } |
JimCarver | 0:6b753f761943 | 1402 | /*#19*/ |
JimCarver | 0:6b753f761943 | 1403 | status = pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1404 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1405 | /*#20*/ |
JimCarver | 0:6b753f761943 | 1406 | updatedTime = pal_osGetTime(); |
JimCarver | 0:6b753f761943 | 1407 | TEST_ASSERT_TRUE(updatedTime < futureTime); |
JimCarver | 0:6b753f761943 | 1408 | |
JimCarver | 0:6b753f761943 | 1409 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1410 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1411 | |
JimCarver | 0:6b753f761943 | 1412 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1413 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1414 | TEST_ASSERT_TRUE(updatedTime <= futureTime); |
JimCarver | 0:6b753f761943 | 1415 | |
JimCarver | 0:6b753f761943 | 1416 | sotpRes = sotp_get(SOTP_TYPE_LAST_TIME_BACK, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1417 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1418 | TEST_ASSERT_TRUE(updatedTime <= futureTime); |
JimCarver | 0:6b753f761943 | 1419 | #endif |
JimCarver | 0:6b753f761943 | 1420 | } |
JimCarver | 0:6b753f761943 | 1421 | |
JimCarver | 0:6b753f761943 | 1422 | /** |
JimCarver | 0:6b753f761943 | 1423 | * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules) |
JimCarver | 0:6b753f761943 | 1424 | * |
JimCarver | 0:6b753f761943 | 1425 | * |
JimCarver | 0:6b753f761943 | 1426 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 1427 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 1428 | * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1429 | * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1430 | * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1431 | * | 4 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1432 | * | 5 | Parse the CA cert. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1433 | * | 6 | Get the CA cert ID. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1434 | * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1435 | * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1436 | * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1437 | * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1438 | * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1439 | * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1440 | * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1441 | * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1442 | * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1443 | * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1444 | * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1445 | * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1446 | * | 19 | Free X509 Handle. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1447 | * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1448 | */ |
JimCarver | 0:6b753f761943 | 1449 | TEST(pal_tls, tlsHandshakeTCP_FutureTrustedServer_NoTimeUpdate) |
JimCarver | 0:6b753f761943 | 1450 | { |
JimCarver | 0:6b753f761943 | 1451 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 1452 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1453 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 1454 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 1455 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 1456 | palSocketAddress_t socketAddr = { 0 }; |
JimCarver | 0:6b753f761943 | 1457 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 1458 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 1459 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 1460 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 1461 | palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; |
JimCarver | 0:6b753f761943 | 1462 | palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; |
JimCarver | 0:6b753f761943 | 1463 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 1464 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 1465 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 1466 | uint64_t currentTime = 0; |
JimCarver | 0:6b753f761943 | 1467 | uint64_t updatedTime = 0; |
JimCarver | 0:6b753f761943 | 1468 | uint16_t actualSavedTimeSize = 0; |
JimCarver | 0:6b753f761943 | 1469 | palX509Handle_t trustedServerCA = NULLPTR; |
JimCarver | 0:6b753f761943 | 1470 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 1471 | |
JimCarver | 0:6b753f761943 | 1472 | /*#1*/ |
JimCarver | 0:6b753f761943 | 1473 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1474 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1475 | TEST_ASSERT_TRUE(0 != currentTime); |
JimCarver | 0:6b753f761943 | 1476 | |
JimCarver | 0:6b753f761943 | 1477 | status = pal_osSetTime(currentTime - (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update) |
JimCarver | 0:6b753f761943 | 1478 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1479 | /*#2*/ |
JimCarver | 0:6b753f761943 | 1480 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 1481 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1482 | /*#3*/ |
JimCarver | 0:6b753f761943 | 1483 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 1484 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 1485 | { |
JimCarver | 0:6b753f761943 | 1486 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 1487 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1488 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1489 | return; |
JimCarver | 0:6b753f761943 | 1490 | } |
JimCarver | 0:6b753f761943 | 1491 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1492 | /*#4*/ |
JimCarver | 0:6b753f761943 | 1493 | status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 1494 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1495 | |
JimCarver | 0:6b753f761943 | 1496 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 1497 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 1498 | |
JimCarver | 0:6b753f761943 | 1499 | /*#5*/ |
JimCarver | 0:6b753f761943 | 1500 | status = pal_x509Initiate(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1501 | TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); |
JimCarver | 0:6b753f761943 | 1502 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1503 | |
JimCarver | 0:6b753f761943 | 1504 | status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); |
JimCarver | 0:6b753f761943 | 1505 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1506 | { |
JimCarver | 0:6b753f761943 | 1507 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1508 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1509 | } |
JimCarver | 0:6b753f761943 | 1510 | /*#6*/ |
JimCarver | 0:6b753f761943 | 1511 | status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); |
JimCarver | 0:6b753f761943 | 1512 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1513 | { |
JimCarver | 0:6b753f761943 | 1514 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1515 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1516 | } |
JimCarver | 0:6b753f761943 | 1517 | /*#7*/ |
JimCarver | 0:6b753f761943 | 1518 | sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); |
JimCarver | 0:6b753f761943 | 1519 | if (SOTP_SUCCESS != sotpRes) |
JimCarver | 0:6b753f761943 | 1520 | { |
JimCarver | 0:6b753f761943 | 1521 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1522 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1523 | } |
JimCarver | 0:6b753f761943 | 1524 | |
JimCarver | 0:6b753f761943 | 1525 | /*#8*/ |
JimCarver | 0:6b753f761943 | 1526 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 1527 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1528 | { |
JimCarver | 0:6b753f761943 | 1529 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1530 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1531 | } |
JimCarver | 0:6b753f761943 | 1532 | /*#9*/ |
JimCarver | 0:6b753f761943 | 1533 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 1534 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1535 | { |
JimCarver | 0:6b753f761943 | 1536 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1537 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1538 | } |
JimCarver | 0:6b753f761943 | 1539 | /*#10*/ |
JimCarver | 0:6b753f761943 | 1540 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 1541 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1542 | { |
JimCarver | 0:6b753f761943 | 1543 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1544 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1545 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1546 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1547 | } |
JimCarver | 0:6b753f761943 | 1548 | |
JimCarver | 0:6b753f761943 | 1549 | /*#11*/ |
JimCarver | 0:6b753f761943 | 1550 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 1551 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1552 | { |
JimCarver | 0:6b753f761943 | 1553 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1554 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1555 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1556 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1557 | } |
JimCarver | 0:6b753f761943 | 1558 | /*#12*/ |
JimCarver | 0:6b753f761943 | 1559 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 1560 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1561 | { |
JimCarver | 0:6b753f761943 | 1562 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1563 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1564 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1565 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1566 | } |
JimCarver | 0:6b753f761943 | 1567 | /*#13*/ |
JimCarver | 0:6b753f761943 | 1568 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 1569 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1570 | { |
JimCarver | 0:6b753f761943 | 1571 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1572 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1573 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1574 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1575 | } |
JimCarver | 0:6b753f761943 | 1576 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1577 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 1578 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1579 | { |
JimCarver | 0:6b753f761943 | 1580 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1581 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1582 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1583 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1584 | } |
JimCarver | 0:6b753f761943 | 1585 | /*#15*/ |
JimCarver | 0:6b753f761943 | 1586 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 1587 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1588 | { |
JimCarver | 0:6b753f761943 | 1589 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1590 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1591 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1592 | TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); |
JimCarver | 0:6b753f761943 | 1593 | } |
JimCarver | 0:6b753f761943 | 1594 | /*#16*/ |
JimCarver | 0:6b753f761943 | 1595 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 1596 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1597 | { |
JimCarver | 0:6b753f761943 | 1598 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1599 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1600 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1601 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1602 | } |
JimCarver | 0:6b753f761943 | 1603 | |
JimCarver | 0:6b753f761943 | 1604 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 1605 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1606 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 1607 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1608 | { |
JimCarver | 0:6b753f761943 | 1609 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1610 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1611 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1612 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1613 | } |
JimCarver | 0:6b753f761943 | 1614 | |
JimCarver | 0:6b753f761943 | 1615 | /*#17*/ |
JimCarver | 0:6b753f761943 | 1616 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1617 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1618 | { |
JimCarver | 0:6b753f761943 | 1619 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1620 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1621 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1622 | } |
JimCarver | 0:6b753f761943 | 1623 | /*#18*/ |
JimCarver | 0:6b753f761943 | 1624 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1625 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1626 | { |
JimCarver | 0:6b753f761943 | 1627 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1628 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1629 | } |
JimCarver | 0:6b753f761943 | 1630 | /*#19*/ |
JimCarver | 0:6b753f761943 | 1631 | status = pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1632 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1633 | |
JimCarver | 0:6b753f761943 | 1634 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1635 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1636 | |
JimCarver | 0:6b753f761943 | 1637 | /*#20*/ |
JimCarver | 0:6b753f761943 | 1638 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1639 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1640 | TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); |
JimCarver | 0:6b753f761943 | 1641 | #endif |
JimCarver | 0:6b753f761943 | 1642 | |
JimCarver | 0:6b753f761943 | 1643 | } |
JimCarver | 0:6b753f761943 | 1644 | |
JimCarver | 0:6b753f761943 | 1645 | /** |
JimCarver | 0:6b753f761943 | 1646 | * @brief Test TLS handshake (TCP blocking) with near past time and validate that the handshake didn't update the device time (due to set time rules) |
JimCarver | 0:6b753f761943 | 1647 | * |
JimCarver | 0:6b753f761943 | 1648 | * |
JimCarver | 0:6b753f761943 | 1649 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 1650 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 1651 | * | 1 | Get saved time from SOTP, move forward half day and set time to RAM | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1652 | * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1653 | * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1654 | * | 4 | Set the server port. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1655 | * | 5 | Parse the CA cert. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1656 | * | 6 | Get the CA cert ID. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1657 | * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1658 | * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1659 | * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1660 | * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1661 | * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1662 | * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1663 | * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1664 | * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1665 | * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1666 | * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1667 | * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1668 | * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1669 | * | 19 | Free X509 handle. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1670 | * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 1671 | */ |
JimCarver | 0:6b753f761943 | 1672 | TEST(pal_tls, tlsHandshakeTCP_NearPastTrustedServer_NoTimeUpdate) |
JimCarver | 0:6b753f761943 | 1673 | { |
JimCarver | 0:6b753f761943 | 1674 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) |
JimCarver | 0:6b753f761943 | 1675 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1676 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 1677 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 1678 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 1679 | palSocketAddress_t socketAddr = { 0 }; |
JimCarver | 0:6b753f761943 | 1680 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 1681 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 1682 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 1683 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 1684 | palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; |
JimCarver | 0:6b753f761943 | 1685 | palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; |
JimCarver | 0:6b753f761943 | 1686 | palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 1687 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 1688 | sotp_result_e sotpRes = SOTP_SUCCESS; |
JimCarver | 0:6b753f761943 | 1689 | uint64_t currentTime = 0; |
JimCarver | 0:6b753f761943 | 1690 | uint64_t updatedTime = 0; |
JimCarver | 0:6b753f761943 | 1691 | uint16_t actualSavedTimeSize = 0; |
JimCarver | 0:6b753f761943 | 1692 | palX509Handle_t trustedServerCA = NULLPTR; |
JimCarver | 0:6b753f761943 | 1693 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 1694 | |
JimCarver | 0:6b753f761943 | 1695 | /*#1*/ |
JimCarver | 0:6b753f761943 | 1696 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1697 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1698 | TEST_ASSERT_TRUE(0 != currentTime); |
JimCarver | 0:6b753f761943 | 1699 | |
JimCarver | 0:6b753f761943 | 1700 | status = pal_osSetTime(currentTime + (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update) |
JimCarver | 0:6b753f761943 | 1701 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1702 | /*#2*/ |
JimCarver | 0:6b753f761943 | 1703 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); |
JimCarver | 0:6b753f761943 | 1704 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1705 | /*#3*/ |
JimCarver | 0:6b753f761943 | 1706 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 1707 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 1708 | { |
JimCarver | 0:6b753f761943 | 1709 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 1710 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1711 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1712 | return; |
JimCarver | 0:6b753f761943 | 1713 | } |
JimCarver | 0:6b753f761943 | 1714 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1715 | /*#4*/ |
JimCarver | 0:6b753f761943 | 1716 | status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 1717 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1718 | |
JimCarver | 0:6b753f761943 | 1719 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 1720 | tlsSocket.socket = g_socket; |
JimCarver | 0:6b753f761943 | 1721 | |
JimCarver | 0:6b753f761943 | 1722 | /*#5*/ |
JimCarver | 0:6b753f761943 | 1723 | status = pal_x509Initiate(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1724 | TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); |
JimCarver | 0:6b753f761943 | 1725 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1726 | |
JimCarver | 0:6b753f761943 | 1727 | status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); |
JimCarver | 0:6b753f761943 | 1728 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1729 | { |
JimCarver | 0:6b753f761943 | 1730 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1731 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1732 | } |
JimCarver | 0:6b753f761943 | 1733 | /*#6*/ |
JimCarver | 0:6b753f761943 | 1734 | status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); |
JimCarver | 0:6b753f761943 | 1735 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1736 | { |
JimCarver | 0:6b753f761943 | 1737 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1738 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1739 | } |
JimCarver | 0:6b753f761943 | 1740 | /*#7*/ |
JimCarver | 0:6b753f761943 | 1741 | sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); |
JimCarver | 0:6b753f761943 | 1742 | if (SOTP_SUCCESS != sotpRes) |
JimCarver | 0:6b753f761943 | 1743 | { |
JimCarver | 0:6b753f761943 | 1744 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1745 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1746 | } |
JimCarver | 0:6b753f761943 | 1747 | |
JimCarver | 0:6b753f761943 | 1748 | /*#8*/ |
JimCarver | 0:6b753f761943 | 1749 | status = pal_connect(g_socket, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 1750 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1751 | { |
JimCarver | 0:6b753f761943 | 1752 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1753 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1754 | } |
JimCarver | 0:6b753f761943 | 1755 | /*#9*/ |
JimCarver | 0:6b753f761943 | 1756 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 1757 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1758 | { |
JimCarver | 0:6b753f761943 | 1759 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1760 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1761 | } |
JimCarver | 0:6b753f761943 | 1762 | /*#10*/ |
JimCarver | 0:6b753f761943 | 1763 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 1764 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1765 | { |
JimCarver | 0:6b753f761943 | 1766 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1767 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1768 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1769 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1770 | } |
JimCarver | 0:6b753f761943 | 1771 | |
JimCarver | 0:6b753f761943 | 1772 | /*#11*/ |
JimCarver | 0:6b753f761943 | 1773 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 1774 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1775 | { |
JimCarver | 0:6b753f761943 | 1776 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1777 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1778 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1779 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1780 | } |
JimCarver | 0:6b753f761943 | 1781 | /*#12*/ |
JimCarver | 0:6b753f761943 | 1782 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 1783 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1784 | { |
JimCarver | 0:6b753f761943 | 1785 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1786 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1787 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1788 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1789 | } |
JimCarver | 0:6b753f761943 | 1790 | /*#13*/ |
JimCarver | 0:6b753f761943 | 1791 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 1792 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1793 | { |
JimCarver | 0:6b753f761943 | 1794 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1795 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1796 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1797 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1798 | } |
JimCarver | 0:6b753f761943 | 1799 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1800 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 1801 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1802 | { |
JimCarver | 0:6b753f761943 | 1803 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1804 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1805 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1806 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1807 | } |
JimCarver | 0:6b753f761943 | 1808 | /*#15*/ |
JimCarver | 0:6b753f761943 | 1809 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 1810 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1811 | { |
JimCarver | 0:6b753f761943 | 1812 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1813 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1814 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1815 | TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); |
JimCarver | 0:6b753f761943 | 1816 | } |
JimCarver | 0:6b753f761943 | 1817 | /*#16*/ |
JimCarver | 0:6b753f761943 | 1818 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 1819 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1820 | { |
JimCarver | 0:6b753f761943 | 1821 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1822 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1823 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1824 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1825 | } |
JimCarver | 0:6b753f761943 | 1826 | |
JimCarver | 0:6b753f761943 | 1827 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 1828 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1829 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 1830 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1831 | { |
JimCarver | 0:6b753f761943 | 1832 | pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1833 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1834 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1835 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1836 | } |
JimCarver | 0:6b753f761943 | 1837 | |
JimCarver | 0:6b753f761943 | 1838 | /*#17*/ |
JimCarver | 0:6b753f761943 | 1839 | status = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1840 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1841 | { |
JimCarver | 0:6b753f761943 | 1842 | pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1843 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1844 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1845 | } |
JimCarver | 0:6b753f761943 | 1846 | /*#18*/ |
JimCarver | 0:6b753f761943 | 1847 | status = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1848 | if (PAL_SUCCESS != status) |
JimCarver | 0:6b753f761943 | 1849 | { |
JimCarver | 0:6b753f761943 | 1850 | pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1851 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1852 | } |
JimCarver | 0:6b753f761943 | 1853 | /*#19*/ |
JimCarver | 0:6b753f761943 | 1854 | status = pal_x509Free(&trustedServerCA); |
JimCarver | 0:6b753f761943 | 1855 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1856 | |
JimCarver | 0:6b753f761943 | 1857 | status = pal_close(&g_socket); |
JimCarver | 0:6b753f761943 | 1858 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1859 | /*#20*/ |
JimCarver | 0:6b753f761943 | 1860 | sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); |
JimCarver | 0:6b753f761943 | 1861 | TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); |
JimCarver | 0:6b753f761943 | 1862 | TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); |
JimCarver | 0:6b753f761943 | 1863 | #endif |
JimCarver | 0:6b753f761943 | 1864 | } |
JimCarver | 0:6b753f761943 | 1865 | |
JimCarver | 0:6b753f761943 | 1866 | #endif //PAL_USE_INTERNAL_FLASH |
JimCarver | 0:6b753f761943 | 1867 | |
JimCarver | 0:6b753f761943 | 1868 | static palStatus_t ThreadHandshakeTCP(bool socketNonBlocking) |
JimCarver | 0:6b753f761943 | 1869 | { |
JimCarver | 0:6b753f761943 | 1870 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1871 | palStatus_t tmpStatus = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1872 | palTLSConfHandle_t palTLSConf = NULLPTR; |
JimCarver | 0:6b753f761943 | 1873 | palTLSHandle_t palTLSHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 1874 | palTLSTransportMode_t transportationMode = PAL_TLS_MODE; |
JimCarver | 0:6b753f761943 | 1875 | palSocketAddress_t socketAddr = {0}; |
JimCarver | 0:6b753f761943 | 1876 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 1877 | char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; |
JimCarver | 0:6b753f761943 | 1878 | uint32_t actualLen = 0; |
JimCarver | 0:6b753f761943 | 1879 | uint32_t written = 0; |
JimCarver | 0:6b753f761943 | 1880 | palSocket_t socketTCP = 0; |
JimCarver | 0:6b753f761943 | 1881 | palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; |
JimCarver | 0:6b753f761943 | 1882 | palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; |
JimCarver | 0:6b753f761943 | 1883 | palTLSSocket_t tlsSocket = { socketTCP, &socketAddr, 0, transportationMode }; |
JimCarver | 0:6b753f761943 | 1884 | palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; |
JimCarver | 0:6b753f761943 | 1885 | palTLSTest_t *testTLSCtx = NULL; |
JimCarver | 0:6b753f761943 | 1886 | palStatus_t mutexStatus = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 1887 | bool mutexWait = false; |
JimCarver | 0:6b753f761943 | 1888 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 1889 | |
JimCarver | 0:6b753f761943 | 1890 | mutexWait = true; |
JimCarver | 0:6b753f761943 | 1891 | /*#1*/ |
JimCarver | 0:6b753f761943 | 1892 | status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &socketTCP); |
JimCarver | 0:6b753f761943 | 1893 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1894 | /*#2*/ |
JimCarver | 0:6b753f761943 | 1895 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 1896 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1897 | |
JimCarver | 0:6b753f761943 | 1898 | tlsSocket.addressLength = addressLength; |
JimCarver | 0:6b753f761943 | 1899 | tlsSocket.socket = socketTCP; |
JimCarver | 0:6b753f761943 | 1900 | /*#3*/ |
JimCarver | 0:6b753f761943 | 1901 | if (true == socketNonBlocking) |
JimCarver | 0:6b753f761943 | 1902 | { |
JimCarver | 0:6b753f761943 | 1903 | status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB); |
JimCarver | 0:6b753f761943 | 1904 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1905 | } |
JimCarver | 0:6b753f761943 | 1906 | else //blocking |
JimCarver | 0:6b753f761943 | 1907 | { |
JimCarver | 0:6b753f761943 | 1908 | status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT); |
JimCarver | 0:6b753f761943 | 1909 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1910 | } |
JimCarver | 0:6b753f761943 | 1911 | |
JimCarver | 0:6b753f761943 | 1912 | /*#4*/ |
JimCarver | 0:6b753f761943 | 1913 | status = pal_connect(socketTCP, &socketAddr, addressLength); |
JimCarver | 0:6b753f761943 | 1914 | if (PAL_ERR_SOCKET_IN_PROGRES == status) |
JimCarver | 0:6b753f761943 | 1915 | { |
JimCarver | 0:6b753f761943 | 1916 | pal_osDelay(500); |
JimCarver | 0:6b753f761943 | 1917 | } |
JimCarver | 0:6b753f761943 | 1918 | else |
JimCarver | 0:6b753f761943 | 1919 | { |
JimCarver | 0:6b753f761943 | 1920 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1921 | } |
JimCarver | 0:6b753f761943 | 1922 | /*#5*/ |
JimCarver | 0:6b753f761943 | 1923 | status = pal_initTLSConfiguration(&palTLSConf, transportationMode); |
JimCarver | 0:6b753f761943 | 1924 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1925 | TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); |
JimCarver | 0:6b753f761943 | 1926 | /*#6*/ |
JimCarver | 0:6b753f761943 | 1927 | status = pal_initTLS(palTLSConf, &palTLSHandle); |
JimCarver | 0:6b753f761943 | 1928 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1929 | |
JimCarver | 0:6b753f761943 | 1930 | // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. |
JimCarver | 0:6b753f761943 | 1931 | //status = pal_sslSetDebugging(palTLSConf, true); |
JimCarver | 0:6b753f761943 | 1932 | //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1933 | /*#7*/ |
JimCarver | 0:6b753f761943 | 1934 | status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); |
JimCarver | 0:6b753f761943 | 1935 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1936 | /*#8*/ |
JimCarver | 0:6b753f761943 | 1937 | status = pal_setCAChain(palTLSConf, &caCert, NULL); |
JimCarver | 0:6b753f761943 | 1938 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1939 | /*#9*/ |
JimCarver | 0:6b753f761943 | 1940 | status = pal_tlsSetSocket(palTLSConf, &tlsSocket); |
JimCarver | 0:6b753f761943 | 1941 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1942 | /*#10*/ |
JimCarver | 0:6b753f761943 | 1943 | testTLSCtx = (palTLSTest_t*)palTLSHandle; //This casting is done to sign that we are in retry situation. |
JimCarver | 0:6b753f761943 | 1944 | if (true == socketNonBlocking) |
JimCarver | 0:6b753f761943 | 1945 | { |
JimCarver | 0:6b753f761943 | 1946 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); // More than current epoch time -> success |
JimCarver | 0:6b753f761943 | 1947 | do |
JimCarver | 0:6b753f761943 | 1948 | { |
JimCarver | 0:6b753f761943 | 1949 | if (testTLSCtx->retryHandShake && !g_retryHandshake) |
JimCarver | 0:6b753f761943 | 1950 | { |
JimCarver | 0:6b753f761943 | 1951 | g_retryHandshake = true; |
JimCarver | 0:6b753f761943 | 1952 | if (mutexWait) |
JimCarver | 0:6b753f761943 | 1953 | { |
JimCarver | 0:6b753f761943 | 1954 | mutexStatus = pal_osMutexRelease(g_mutexHandShake1); |
JimCarver | 0:6b753f761943 | 1955 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 1956 | mutexWait = false; |
JimCarver | 0:6b753f761943 | 1957 | pal_osDelay(600); |
JimCarver | 0:6b753f761943 | 1958 | } |
JimCarver | 0:6b753f761943 | 1959 | } |
JimCarver | 0:6b753f761943 | 1960 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 1961 | } |
JimCarver | 0:6b753f761943 | 1962 | while ( (PAL_ERR_TLS_WANT_READ == status) || (PAL_ERR_TLS_WANT_WRITE == status)); |
JimCarver | 0:6b753f761943 | 1963 | } |
JimCarver | 0:6b753f761943 | 1964 | else //blocking |
JimCarver | 0:6b753f761943 | 1965 | { |
JimCarver | 0:6b753f761943 | 1966 | status = pal_handShake(palTLSHandle, palTLSConf); |
JimCarver | 0:6b753f761943 | 1967 | } |
JimCarver | 0:6b753f761943 | 1968 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1969 | |
JimCarver | 0:6b753f761943 | 1970 | /*#11*/ |
JimCarver | 0:6b753f761943 | 1971 | status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 1972 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1973 | /*#12*/ |
JimCarver | 0:6b753f761943 | 1974 | status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); |
JimCarver | 0:6b753f761943 | 1975 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1976 | /*#13*/ |
JimCarver | 0:6b753f761943 | 1977 | pal_osDelay(5000); |
JimCarver | 0:6b753f761943 | 1978 | |
JimCarver | 0:6b753f761943 | 1979 | /*#14*/ |
JimCarver | 0:6b753f761943 | 1980 | status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); |
JimCarver | 0:6b753f761943 | 1981 | PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 1982 | |
JimCarver | 0:6b753f761943 | 1983 | finish: |
JimCarver | 0:6b753f761943 | 1984 | if (mutexWait) |
JimCarver | 0:6b753f761943 | 1985 | { |
JimCarver | 0:6b753f761943 | 1986 | mutexStatus = pal_osMutexRelease(g_mutexHandShake1); |
JimCarver | 0:6b753f761943 | 1987 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 1988 | } |
JimCarver | 0:6b753f761943 | 1989 | /*#15*/ |
JimCarver | 0:6b753f761943 | 1990 | tmpStatus = pal_freeTLS(&palTLSHandle); |
JimCarver | 0:6b753f761943 | 1991 | if (PAL_SUCCESS != tmpStatus) |
JimCarver | 0:6b753f761943 | 1992 | { |
JimCarver | 0:6b753f761943 | 1993 | PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); |
JimCarver | 0:6b753f761943 | 1994 | } |
JimCarver | 0:6b753f761943 | 1995 | /*#16*/ |
JimCarver | 0:6b753f761943 | 1996 | tmpStatus = pal_tlsConfigurationFree(&palTLSConf); |
JimCarver | 0:6b753f761943 | 1997 | if (PAL_SUCCESS != tmpStatus) |
JimCarver | 0:6b753f761943 | 1998 | { |
JimCarver | 0:6b753f761943 | 1999 | PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); |
JimCarver | 0:6b753f761943 | 2000 | } |
JimCarver | 0:6b753f761943 | 2001 | /*#17*/ |
JimCarver | 0:6b753f761943 | 2002 | tmpStatus = pal_close(&socketTCP); |
JimCarver | 0:6b753f761943 | 2003 | if (PAL_SUCCESS != tmpStatus) |
JimCarver | 0:6b753f761943 | 2004 | { |
JimCarver | 0:6b753f761943 | 2005 | PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); |
JimCarver | 0:6b753f761943 | 2006 | } |
JimCarver | 0:6b753f761943 | 2007 | if (PAL_SUCCESS == status) |
JimCarver | 0:6b753f761943 | 2008 | { |
JimCarver | 0:6b753f761943 | 2009 | status = tmpStatus; |
JimCarver | 0:6b753f761943 | 2010 | } |
JimCarver | 0:6b753f761943 | 2011 | return status; |
JimCarver | 0:6b753f761943 | 2012 | |
JimCarver | 0:6b753f761943 | 2013 | } |
JimCarver | 0:6b753f761943 | 2014 | |
JimCarver | 0:6b753f761943 | 2015 | void pal_TCPHandshakeFunc3(void const *argument) |
JimCarver | 0:6b753f761943 | 2016 | { |
JimCarver | 0:6b753f761943 | 2017 | palStatus_t mutexStatus = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2018 | palStatus_t* arg = (palStatus_t*)argument; |
JimCarver | 0:6b753f761943 | 2019 | |
JimCarver | 0:6b753f761943 | 2020 | mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2021 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 2022 | |
JimCarver | 0:6b753f761943 | 2023 | mutexStatus = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2024 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 2025 | |
JimCarver | 0:6b753f761943 | 2026 | *arg = ThreadHandshakeTCP(true); |
JimCarver | 0:6b753f761943 | 2027 | |
JimCarver | 0:6b753f761943 | 2028 | mutexStatus = pal_osMutexRelease(g_mutex1); |
JimCarver | 0:6b753f761943 | 2029 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 2030 | } |
JimCarver | 0:6b753f761943 | 2031 | |
JimCarver | 0:6b753f761943 | 2032 | void pal_CertVerify(void const *argument) |
JimCarver | 0:6b753f761943 | 2033 | { |
JimCarver | 0:6b753f761943 | 2034 | #if (PAL_ENABLE_X509 == 1) |
JimCarver | 0:6b753f761943 | 2035 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2036 | palStatus_t mutexStatus = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2037 | palStatus_t* arg = (palStatus_t*)argument; |
JimCarver | 0:6b753f761943 | 2038 | palX509Handle_t certHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 2039 | int32_t verifyResult = 0; |
JimCarver | 0:6b753f761943 | 2040 | |
JimCarver | 0:6b753f761943 | 2041 | mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2042 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 2043 | |
JimCarver | 0:6b753f761943 | 2044 | status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2045 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2046 | |
JimCarver | 0:6b753f761943 | 2047 | status = pal_x509Initiate(&certHandle); |
JimCarver | 0:6b753f761943 | 2048 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2049 | |
JimCarver | 0:6b753f761943 | 2050 | status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas)); |
JimCarver | 0:6b753f761943 | 2051 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2052 | |
JimCarver | 0:6b753f761943 | 2053 | PAL_LOG(INFO,"Calling Cert Verify.."); |
JimCarver | 0:6b753f761943 | 2054 | *arg = pal_x509CertVerifyExtended(certHandle, certHandle, &verifyResult); |
JimCarver | 0:6b753f761943 | 2055 | TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_FUTURE & verifyResult); |
JimCarver | 0:6b753f761943 | 2056 | |
JimCarver | 0:6b753f761943 | 2057 | pal_x509Free(&certHandle); |
JimCarver | 0:6b753f761943 | 2058 | |
JimCarver | 0:6b753f761943 | 2059 | mutexStatus = pal_osMutexRelease(g_mutexHandShake1); |
JimCarver | 0:6b753f761943 | 2060 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 2061 | |
JimCarver | 0:6b753f761943 | 2062 | mutexStatus = pal_osMutexRelease(g_mutex2); |
JimCarver | 0:6b753f761943 | 2063 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); |
JimCarver | 0:6b753f761943 | 2064 | #endif |
JimCarver | 0:6b753f761943 | 2065 | } |
JimCarver | 0:6b753f761943 | 2066 | |
JimCarver | 0:6b753f761943 | 2067 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_ENABLE_X509 == 1)) |
JimCarver | 0:6b753f761943 | 2068 | static void runTLSThreadTest(palThreadFuncPtr func1, palThreadFuncPtr func2, palStatus_t test1Result, palStatus_t test2Result) |
JimCarver | 0:6b753f761943 | 2069 | { |
JimCarver | 0:6b753f761943 | 2070 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2071 | palThreadID_t threadID1 = NULLPTR; |
JimCarver | 0:6b753f761943 | 2072 | palThreadID_t threadID2 = NULLPTR; |
JimCarver | 0:6b753f761943 | 2073 | palStatus_t tlsArgs1 = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2074 | palStatus_t tlsArgs2 = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2075 | |
JimCarver | 0:6b753f761943 | 2076 | status = pal_osMutexCreate(&g_mutexHandShake1); |
JimCarver | 0:6b753f761943 | 2077 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2078 | |
JimCarver | 0:6b753f761943 | 2079 | status = pal_osMutexCreate(&g_mutex1); |
JimCarver | 0:6b753f761943 | 2080 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2081 | |
JimCarver | 0:6b753f761943 | 2082 | status = pal_osMutexCreate(&g_mutex2); |
JimCarver | 0:6b753f761943 | 2083 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2084 | |
JimCarver | 0:6b753f761943 | 2085 | status = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2086 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2087 | |
JimCarver | 0:6b753f761943 | 2088 | status = pal_osThreadCreateWithAlloc(func1, &tlsArgs1, PAL_osPriorityHigh, 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID1); |
JimCarver | 0:6b753f761943 | 2089 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2090 | |
JimCarver | 0:6b753f761943 | 2091 | status = pal_osMutexRelease(g_mutexHandShake1); |
JimCarver | 0:6b753f761943 | 2092 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2093 | |
JimCarver | 0:6b753f761943 | 2094 | pal_osDelay(100); |
JimCarver | 0:6b753f761943 | 2095 | |
JimCarver | 0:6b753f761943 | 2096 | status = pal_osThreadCreateWithAlloc(func2, &tlsArgs2, PAL_osPriorityAboveNormal, 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID2); |
JimCarver | 0:6b753f761943 | 2097 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2098 | |
JimCarver | 0:6b753f761943 | 2099 | status = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2100 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2101 | |
JimCarver | 0:6b753f761943 | 2102 | status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); |
JimCarver | 0:6b753f761943 | 2103 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2104 | |
JimCarver | 0:6b753f761943 | 2105 | status = pal_osThreadTerminate(&threadID1); |
JimCarver | 0:6b753f761943 | 2106 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2107 | |
JimCarver | 0:6b753f761943 | 2108 | status = pal_osThreadTerminate(&threadID2); |
JimCarver | 0:6b753f761943 | 2109 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2110 | |
JimCarver | 0:6b753f761943 | 2111 | status = pal_osMutexRelease(g_mutex1); |
JimCarver | 0:6b753f761943 | 2112 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2113 | |
JimCarver | 0:6b753f761943 | 2114 | status = pal_osMutexRelease(g_mutex2); |
JimCarver | 0:6b753f761943 | 2115 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2116 | |
JimCarver | 0:6b753f761943 | 2117 | status = pal_osMutexDelete(&g_mutex1); |
JimCarver | 0:6b753f761943 | 2118 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2119 | |
JimCarver | 0:6b753f761943 | 2120 | status = pal_osMutexDelete(&g_mutex2); |
JimCarver | 0:6b753f761943 | 2121 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2122 | |
JimCarver | 0:6b753f761943 | 2123 | status = pal_osMutexDelete(&g_mutexHandShake1); |
JimCarver | 0:6b753f761943 | 2124 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2125 | |
JimCarver | 0:6b753f761943 | 2126 | TEST_ASSERT_EQUAL_HEX(test1Result, tlsArgs1); |
JimCarver | 0:6b753f761943 | 2127 | TEST_ASSERT_EQUAL_HEX(test2Result, tlsArgs2); |
JimCarver | 0:6b753f761943 | 2128 | } |
JimCarver | 0:6b753f761943 | 2129 | #endif |
JimCarver | 0:6b753f761943 | 2130 | |
JimCarver | 0:6b753f761943 | 2131 | |
JimCarver | 0:6b753f761943 | 2132 | |
JimCarver | 0:6b753f761943 | 2133 | /** |
JimCarver | 0:6b753f761943 | 2134 | * @brief Test try to process certificate verification with future certificate validation time while processing handshake |
JimCarver | 0:6b753f761943 | 2135 | * in another thread to update the device time, we need to check that certificate verification is done against the |
JimCarver | 0:6b753f761943 | 2136 | * broken device time (0) and after handshake is done, we need to re-verify against the fixed time according to the |
JimCarver | 0:6b753f761943 | 2137 | * server time sent by the server during handshake. |
JimCarver | 0:6b753f761943 | 2138 | * |
JimCarver | 0:6b753f761943 | 2139 | * |
JimCarver | 0:6b753f761943 | 2140 | * | # | Step | Expected | |
JimCarver | 0:6b753f761943 | 2141 | * |---|--------------------------------|-------------| |
JimCarver | 0:6b753f761943 | 2142 | * | 1 | Create Thread1 to process DTLS handshake | PAL_SUCCESS | |
JimCarver | 0:6b753f761943 | 2143 | * | 1 | Create Thread2 to process TLS handshake | PAL_ERR_X509_CERT_VERIFY_FAILED | |
JimCarver | 0:6b753f761943 | 2144 | */ |
JimCarver | 0:6b753f761943 | 2145 | TEST(pal_tls, TCPHandshakeWhileCertVerify_threads) |
JimCarver | 0:6b753f761943 | 2146 | { |
JimCarver | 0:6b753f761943 | 2147 | #if ((PAL_USE_SECURE_TIME == 1) && (PAL_ENABLE_X509 == 1)) |
JimCarver | 0:6b753f761943 | 2148 | palStatus_t status = PAL_SUCCESS; |
JimCarver | 0:6b753f761943 | 2149 | palX509Handle_t certHandle = NULLPTR; |
JimCarver | 0:6b753f761943 | 2150 | uint64_t systemTime = 0; |
JimCarver | 0:6b753f761943 | 2151 | palSocketAddress_t socketAddr = { 0 }; |
JimCarver | 0:6b753f761943 | 2152 | palSocketLength_t addressLength = 0; |
JimCarver | 0:6b753f761943 | 2153 | |
JimCarver | 0:6b753f761943 | 2154 | status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); |
JimCarver | 0:6b753f761943 | 2155 | if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status)) |
JimCarver | 0:6b753f761943 | 2156 | { |
JimCarver | 0:6b753f761943 | 2157 | PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)"); |
JimCarver | 0:6b753f761943 | 2158 | return; |
JimCarver | 0:6b753f761943 | 2159 | } |
JimCarver | 0:6b753f761943 | 2160 | |
JimCarver | 0:6b753f761943 | 2161 | status = pal_osSetTime(0); |
JimCarver | 0:6b753f761943 | 2162 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2163 | |
JimCarver | 0:6b753f761943 | 2164 | runTLSThreadTest(pal_TCPHandshakeFunc3, pal_CertVerify, PAL_SUCCESS, PAL_ERR_X509_CERT_VERIFY_FAILED); |
JimCarver | 0:6b753f761943 | 2165 | |
JimCarver | 0:6b753f761943 | 2166 | systemTime = pal_osGetTime(); |
JimCarver | 0:6b753f761943 | 2167 | TEST_ASSERT_TRUE(0 < systemTime); |
JimCarver | 0:6b753f761943 | 2168 | |
JimCarver | 0:6b753f761943 | 2169 | status = pal_x509Initiate(&certHandle); |
JimCarver | 0:6b753f761943 | 2170 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2171 | |
JimCarver | 0:6b753f761943 | 2172 | status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas)); |
JimCarver | 0:6b753f761943 | 2173 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2174 | |
JimCarver | 0:6b753f761943 | 2175 | status = pal_x509CertVerify(certHandle, certHandle); |
JimCarver | 0:6b753f761943 | 2176 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2177 | |
JimCarver | 0:6b753f761943 | 2178 | status = pal_x509Free(&certHandle); |
JimCarver | 0:6b753f761943 | 2179 | TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); |
JimCarver | 0:6b753f761943 | 2180 | #endif |
JimCarver | 0:6b753f761943 | 2181 | } |
JimCarver | 0:6b753f761943 | 2182 | |
JimCarver | 0:6b753f761943 | 2183 | |
JimCarver | 0:6b753f761943 | 2184 | |
JimCarver | 0:6b753f761943 | 2185 | |
JimCarver | 0:6b753f761943 | 2186 | |
JimCarver | 0:6b753f761943 | 2187 | |
JimCarver | 0:6b753f761943 | 2188 | |
JimCarver | 0:6b753f761943 | 2189 |