Jim Carver / Mbed OS mbed-cloud-workshop-connect

Fork for workshops

simple-mbed-cloud-client/mbed-cloud-client/mbed-client-pal/Test/PAL_Modules/TLS/pal_tls_test.c@0:6b753f761943, 2018-10-12 (annotated)

Committer:
JimCarver
Date:
Fri Oct 12 21:22:49 2018 +0000
Revision:
0:6b753f761943
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
JimCarver 0:6b753f761943 1 /*******************************************************************************
JimCarver 0:6b753f761943 2 * Copyright 2016, 2017 ARM Ltd.
JimCarver 0:6b753f761943 3 *
JimCarver 0:6b753f761943 4 * Licensed under the Apache License, Version 2.0 (the "License");
JimCarver 0:6b753f761943 5 * you may not use this file except in compliance with the License.
JimCarver 0:6b753f761943 6 * You may obtain a copy of the License at
JimCarver 0:6b753f761943 7 *
JimCarver 0:6b753f761943 8 * http://www.apache.org/licenses/LICENSE-2.0
JimCarver 0:6b753f761943 9 *
JimCarver 0:6b753f761943 10 * Unless required by applicable law or agreed to in writing, software
JimCarver 0:6b753f761943 11 * distributed under the License is distributed on an "AS IS" BASIS,
JimCarver 0:6b753f761943 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
JimCarver 0:6b753f761943 13 * See the License for the specific language governing permissions and
JimCarver 0:6b753f761943 14 * limitations under the License.
JimCarver 0:6b753f761943 15 *******************************************************************************/
JimCarver 0:6b753f761943 16
JimCarver 0:6b753f761943 17 #include "unity.h"
JimCarver 0:6b753f761943 18 #include "unity_fixture.h"
JimCarver 0:6b753f761943 19 #include "pal.h"
JimCarver 0:6b753f761943 20 #include "pal_tls_utils.h"
JimCarver 0:6b753f761943 21 #include "pal_network.h"
JimCarver 0:6b753f761943 22 #include "stdlib.h"
JimCarver 0:6b753f761943 23 #include "sotp.h"
JimCarver 0:6b753f761943 24 #include "test_runners.h"
JimCarver 0:6b753f761943 25
JimCarver 0:6b753f761943 26 #define TRACE_GROUP "TLS_TESTS"
JimCarver 0:6b753f761943 27 #define PAL_TEST_PSK_IDENTITY "Client_identity"
JimCarver 0:6b753f761943 28
JimCarver 0:6b753f761943 29 #define PAL_TEST_PSK {0x12,0x34,0x45,0x67,0x89,0x10}
JimCarver 0:6b753f761943 30 #define PAL_WAIT_TIME 3
JimCarver 0:6b753f761943 31
JimCarver 0:6b753f761943 32 PAL_PRIVATE palSocket_t g_socket = 0;
JimCarver 0:6b753f761943 33 extern void * g_palTestTLSInterfaceCTX; // this is set by the palTestMain funciton
JimCarver 0:6b753f761943 34 PAL_PRIVATE uint32_t g_interfaceCTXIndex = 0;
JimCarver 0:6b753f761943 35
JimCarver 0:6b753f761943 36 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 37 PAL_PRIVATE uint8_t g_trustedServerID[PAL_CERT_ID_SIZE] __attribute__((aligned(4))) = { 0 };
JimCarver 0:6b753f761943 38 PAL_PRIVATE size_t g_actualServerIDSize = 0;
JimCarver 0:6b753f761943 39 #endif
JimCarver 0:6b753f761943 40
JimCarver 0:6b753f761943 41 PAL_PRIVATE palMutexID_t g_mutex1 = NULLPTR;
JimCarver 0:6b753f761943 42 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 43 PAL_PRIVATE palMutexID_t g_mutex2 = NULLPTR;
JimCarver 0:6b753f761943 44 #endif
JimCarver 0:6b753f761943 45 PAL_PRIVATE palMutexID_t g_mutexHandShake1 = NULLPTR;
JimCarver 0:6b753f761943 46 PAL_PRIVATE bool g_retryHandshake = false;
JimCarver 0:6b753f761943 47 PAL_PRIVATE const uint8_t g_coapHelloWorldRequest[16] = { 0x50,0x01,0x57,0x3e,0xff,0x2f,0x68,0x65,0x6c,0x6c,0x6f,0x57,0x6f,0x72,0x6c,0x64 };
JimCarver 0:6b753f761943 48
JimCarver 0:6b753f761943 49 #define PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(a, b) \
JimCarver 0:6b753f761943 50 if (a != b) \
JimCarver 0:6b753f761943 51 {\
JimCarver 0:6b753f761943 52 PAL_LOG(ERR,"Expected: %" PRId32 " , Actual: %" PRId32 " , Line: %d\n", (int32_t)a, (int32_t)b, __LINE__);\
JimCarver 0:6b753f761943 53 goto finish;\
JimCarver 0:6b753f761943 54 }
JimCarver 0:6b753f761943 55
JimCarver 0:6b753f761943 56
JimCarver 0:6b753f761943 57 //! This structre is for tests only and MUST be the same structure as in the pal_TLS.c file
JimCarver 0:6b753f761943 58 //! For any change done in the original structure, please make sure to change this structure too.
JimCarver 0:6b753f761943 59 typedef struct palTLSService
JimCarver 0:6b753f761943 60 {
JimCarver 0:6b753f761943 61 bool retryHandShake;
JimCarver 0:6b753f761943 62 uint64_t serverTime;
JimCarver 0:6b753f761943 63 palTLSHandle_t platTlsHandle;
JimCarver 0:6b753f761943 64 }palTLSTest_t;
JimCarver 0:6b753f761943 65
JimCarver 0:6b753f761943 66 TEST_GROUP(pal_tls);
JimCarver 0:6b753f761943 67
JimCarver 0:6b753f761943 68 TEST_SETUP(pal_tls)
JimCarver 0:6b753f761943 69 {
JimCarver 0:6b753f761943 70 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 71 uint64_t currentTime = 1504893346; //GMT: Friday, September 8, 2017 5:55:46 PM
JimCarver 0:6b753f761943 72
JimCarver 0:6b753f761943 73 pal_init();
JimCarver 0:6b753f761943 74
JimCarver 0:6b753f761943 75 if (g_palTestTLSInterfaceCTX == NULL)
JimCarver 0:6b753f761943 76 {
JimCarver 0:6b753f761943 77 PAL_LOG(ERR, "error: net interface not configutred correctly");
JimCarver 0:6b753f761943 78 }
JimCarver 0:6b753f761943 79 else
JimCarver 0:6b753f761943 80 {
JimCarver 0:6b753f761943 81 status = pal_registerNetworkInterface(g_palTestTLSInterfaceCTX, &g_interfaceCTXIndex);
JimCarver 0:6b753f761943 82 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 83 }
JimCarver 0:6b753f761943 84
JimCarver 0:6b753f761943 85 g_socket = 0;
JimCarver 0:6b753f761943 86
JimCarver 0:6b753f761943 87 status = pal_osSetTime(currentTime);
JimCarver 0:6b753f761943 88 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 89
JimCarver 0:6b753f761943 90 }
JimCarver 0:6b753f761943 91
JimCarver 0:6b753f761943 92 TEST_TEAR_DOWN(pal_tls)
JimCarver 0:6b753f761943 93 {
JimCarver 0:6b753f761943 94 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 95 if (0 != g_socket)
JimCarver 0:6b753f761943 96 {
JimCarver 0:6b753f761943 97 pal_close(&g_socket);
JimCarver 0:6b753f761943 98 }
JimCarver 0:6b753f761943 99
JimCarver 0:6b753f761943 100 sotpRes = sotp_delete(SOTP_TYPE_TRUSTED_TIME_SRV_ID);
JimCarver 0:6b753f761943 101 TEST_ASSERT_TRUE((SOTP_SUCCESS == sotpRes) || (SOTP_NOT_FOUND == sotpRes));
JimCarver 0:6b753f761943 102
JimCarver 0:6b753f761943 103 pal_destroy();
JimCarver 0:6b753f761943 104 }
JimCarver 0:6b753f761943 105
JimCarver 0:6b753f761943 106 /**
JimCarver 0:6b753f761943 107 * @brief Test TLS cofiguration initialization and uninitialization.
JimCarver 0:6b753f761943 108 *
JimCarver 0:6b753f761943 109 *
JimCarver 0:6b753f761943 110 * | # | Step | Expected |
JimCarver 0:6b753f761943 111 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 112 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 113 * | 2 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 114 */
JimCarver 0:6b753f761943 115 TEST(pal_tls, tlsConfiguration)
JimCarver 0:6b753f761943 116 {
JimCarver 0:6b753f761943 117 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 118 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 119 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 120 /*#1*/
JimCarver 0:6b753f761943 121 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 122 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 123 TEST_ASSERT_TRUE(NULLPTR != palTLSConf);
JimCarver 0:6b753f761943 124 /*#2*/
JimCarver 0:6b753f761943 125 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 126 TEST_ASSERT_EQUAL_HEX(NULLPTR, palTLSConf);
JimCarver 0:6b753f761943 127 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 128 }
JimCarver 0:6b753f761943 129
JimCarver 0:6b753f761943 130 int palTestEntropySource(void *data, unsigned char *output, size_t len, size_t *olen)
JimCarver 0:6b753f761943 131 {
JimCarver 0:6b753f761943 132 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 133 (void)data;
JimCarver 0:6b753f761943 134
JimCarver 0:6b753f761943 135 status = pal_osRandomBuffer(output, len);
JimCarver 0:6b753f761943 136 if (PAL_SUCCESS == status)
JimCarver 0:6b753f761943 137 {
JimCarver 0:6b753f761943 138 *olen = len;
JimCarver 0:6b753f761943 139 }
JimCarver 0:6b753f761943 140 else
JimCarver 0:6b753f761943 141 {
JimCarver 0:6b753f761943 142 return -1;
JimCarver 0:6b753f761943 143 }
JimCarver 0:6b753f761943 144 return 0;
JimCarver 0:6b753f761943 145 }
JimCarver 0:6b753f761943 146
JimCarver 0:6b753f761943 147 static void handshakeUDP(bool socketNonBlocking)
JimCarver 0:6b753f761943 148 {
JimCarver 0:6b753f761943 149 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 150 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 151 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 152 palTLSTransportMode_t transportationMode = PAL_DTLS_MODE;
JimCarver 0:6b753f761943 153 palSocketAddress_t socketAddr = {0};
JimCarver 0:6b753f761943 154 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 155 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 156 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 157 uint32_t written = 0;
JimCarver 0:6b753f761943 158 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 159 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)};
JimCarver 0:6b753f761943 160 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)};
JimCarver 0:6b753f761943 161 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 162 #elif (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 163 const char* identity = PAL_TEST_PSK_IDENTITY;
JimCarver 0:6b753f761943 164 const char psk[]= PAL_TEST_PSK;
JimCarver 0:6b753f761943 165 #endif
JimCarver 0:6b753f761943 166 palTLSSocket_t tlsSocket = {g_socket, &socketAddr, 0, transportationMode};
JimCarver 0:6b753f761943 167 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 168
JimCarver 0:6b753f761943 169 /*#1*/
JimCarver 0:6b753f761943 170 status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM, socketNonBlocking, 0, &g_socket);
JimCarver 0:6b753f761943 171 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 172 /*#2*/
JimCarver 0:6b753f761943 173 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 174 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 175 {
JimCarver 0:6b753f761943 176 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 177 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 178 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 179 return;
JimCarver 0:6b753f761943 180 }
JimCarver 0:6b753f761943 181 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 182
JimCarver 0:6b753f761943 183 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 184 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 185 /*#3*/
JimCarver 0:6b753f761943 186 status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT);
JimCarver 0:6b753f761943 187 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 188 /*#4*/
JimCarver 0:6b753f761943 189 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 190 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 191 /*#5*/
JimCarver 0:6b753f761943 192 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 193 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 194
JimCarver 0:6b753f761943 195 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them.
JimCarver 0:6b753f761943 196 //status = pal_sslSetDebugging(palTLSConf, true);
JimCarver 0:6b753f761943 197 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 198 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 199 /*#6*/
JimCarver 0:6b753f761943 200 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 201 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 202 /*#7*/
JimCarver 0:6b753f761943 203 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 204 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 205 #elif (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 206 /*#6 + #7*/
JimCarver 0:6b753f761943 207 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk));
JimCarver 0:6b753f761943 208 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 209 #endif
JimCarver 0:6b753f761943 210 /*#8*/
JimCarver 0:6b753f761943 211 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 212 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 213 /*#9*/
JimCarver 0:6b753f761943 214
JimCarver 0:6b753f761943 215 status = pal_setHandShakeTimeOut(palTLSConf, 30000);
JimCarver 0:6b753f761943 216 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 217 /*#10*/
JimCarver 0:6b753f761943 218
JimCarver 0:6b753f761943 219 do
JimCarver 0:6b753f761943 220 {
JimCarver 0:6b753f761943 221 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 222 }
JimCarver 0:6b753f761943 223 while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status);
JimCarver 0:6b753f761943 224 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 225
JimCarver 0:6b753f761943 226 /*#11*/
JimCarver 0:6b753f761943 227 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 228 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 229 /*#12*/
JimCarver 0:6b753f761943 230 status = pal_sslWrite(palTLSHandle, g_coapHelloWorldRequest, sizeof(g_coapHelloWorldRequest), &written);
JimCarver 0:6b753f761943 231 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 232 /*#13*/
JimCarver 0:6b753f761943 233 pal_osDelay(5000);
JimCarver 0:6b753f761943 234 /*#14*/
JimCarver 0:6b753f761943 235 do
JimCarver 0:6b753f761943 236 {
JimCarver 0:6b753f761943 237 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 238 }while (PAL_ERR_TLS_WANT_READ == status);
JimCarver 0:6b753f761943 239 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 240
JimCarver 0:6b753f761943 241 /*#15*/
JimCarver 0:6b753f761943 242 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 243 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 244 /*#16*/
JimCarver 0:6b753f761943 245 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 246 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 247 /*#17*/
JimCarver 0:6b753f761943 248 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 249 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 250 }
JimCarver 0:6b753f761943 251
JimCarver 0:6b753f761943 252
JimCarver 0:6b753f761943 253 static void handshakeTCP(bool socketNonBlocking)
JimCarver 0:6b753f761943 254 {
JimCarver 0:6b753f761943 255 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 256 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 257 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 258 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 259 palSocketAddress_t socketAddr = {0};
JimCarver 0:6b753f761943 260 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 261 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 262 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 263 uint32_t written = 0;
JimCarver 0:6b753f761943 264 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 265 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)};
JimCarver 0:6b753f761943 266 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)};
JimCarver 0:6b753f761943 267 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 268 #elif (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 269 const char* identity = PAL_TEST_PSK_IDENTITY;
JimCarver 0:6b753f761943 270 const char psk[]= PAL_TEST_PSK;
JimCarver 0:6b753f761943 271 #endif
JimCarver 0:6b753f761943 272 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 273 uint64_t curTimeInSec, timePassedInSec;
JimCarver 0:6b753f761943 274 const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds
JimCarver 0:6b753f761943 275 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 276
JimCarver 0:6b753f761943 277
JimCarver 0:6b753f761943 278 /*#1*/
JimCarver 0:6b753f761943 279 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &g_socket);
JimCarver 0:6b753f761943 280 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 281 /*#2*/
JimCarver 0:6b753f761943 282 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 283 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 284 {
JimCarver 0:6b753f761943 285 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 286 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 287 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 288 return;
JimCarver 0:6b753f761943 289 }
JimCarver 0:6b753f761943 290 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 291
JimCarver 0:6b753f761943 292 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 293 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 294 /*#3*/
JimCarver 0:6b753f761943 295 if (true == socketNonBlocking)
JimCarver 0:6b753f761943 296 {
JimCarver 0:6b753f761943 297 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB);
JimCarver 0:6b753f761943 298 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 299 }
JimCarver 0:6b753f761943 300 else //blocking
JimCarver 0:6b753f761943 301 {
JimCarver 0:6b753f761943 302 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT);
JimCarver 0:6b753f761943 303 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 304 }
JimCarver 0:6b753f761943 305
JimCarver 0:6b753f761943 306 /*#4*/
JimCarver 0:6b753f761943 307 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 308 if (PAL_ERR_SOCKET_IN_PROGRES == status)
JimCarver 0:6b753f761943 309 {
JimCarver 0:6b753f761943 310 pal_osDelay(400);
JimCarver 0:6b753f761943 311 }
JimCarver 0:6b753f761943 312 else
JimCarver 0:6b753f761943 313 {
JimCarver 0:6b753f761943 314 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 315 }
JimCarver 0:6b753f761943 316 /*#5*/
JimCarver 0:6b753f761943 317 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 318 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 319 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR);
JimCarver 0:6b753f761943 320 /*#6*/
JimCarver 0:6b753f761943 321 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 322 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 323
JimCarver 0:6b753f761943 324 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them.
JimCarver 0:6b753f761943 325 //status = pal_sslSetDebugging(palTLSConf, true);
JimCarver 0:6b753f761943 326 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 327 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 328 /*#7*/
JimCarver 0:6b753f761943 329 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 330 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 331 /*#8*/
JimCarver 0:6b753f761943 332 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 333 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 334 #elif (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 335 /*#7 + 8*/
JimCarver 0:6b753f761943 336 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk));
JimCarver 0:6b753f761943 337 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 338 #endif
JimCarver 0:6b753f761943 339 /*#9*/
JimCarver 0:6b753f761943 340 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 341 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 342 /*#10*/
JimCarver 0:6b753f761943 343 if (true == socketNonBlocking)
JimCarver 0:6b753f761943 344 {
JimCarver 0:6b753f761943 345 status = pal_osSetTime(minSecSinceEpoch);
JimCarver 0:6b753f761943 346 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success
JimCarver 0:6b753f761943 347 do
JimCarver 0:6b753f761943 348 {
JimCarver 0:6b753f761943 349 curTimeInSec = pal_osGetTime();
JimCarver 0:6b753f761943 350 TEST_ASSERT_TRUE(curTimeInSec >= minSecSinceEpoch);
JimCarver 0:6b753f761943 351 timePassedInSec = curTimeInSec - minSecSinceEpoch;
JimCarver 0:6b753f761943 352 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 353 }
JimCarver 0:6b753f761943 354 while ( (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status) &&
JimCarver 0:6b753f761943 355 (timePassedInSec < PAL_SECONDS_PER_MIN)); //2 minutes to wait for handshake
JimCarver 0:6b753f761943 356 }
JimCarver 0:6b753f761943 357 else //blocking
JimCarver 0:6b753f761943 358 {
JimCarver 0:6b753f761943 359 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 360 }
JimCarver 0:6b753f761943 361 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 362
JimCarver 0:6b753f761943 363 /*#11*/
JimCarver 0:6b753f761943 364 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 365 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 366 /*#12*/
JimCarver 0:6b753f761943 367 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 368 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 369 /*#13*/
JimCarver 0:6b753f761943 370 pal_osDelay(5000);
JimCarver 0:6b753f761943 371 /*#14*/
JimCarver 0:6b753f761943 372 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 373 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 374
JimCarver 0:6b753f761943 375 /*#15*/
JimCarver 0:6b753f761943 376 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 377 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 378 /*#16*/
JimCarver 0:6b753f761943 379 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 380 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 381 /*#17*/
JimCarver 0:6b753f761943 382 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 383 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 384
JimCarver 0:6b753f761943 385 }
JimCarver 0:6b753f761943 386
JimCarver 0:6b753f761943 387 /**
JimCarver 0:6b753f761943 388 * @brief Test TLS initialization and uninitialization.
JimCarver 0:6b753f761943 389 *
JimCarver 0:6b753f761943 390 *
JimCarver 0:6b753f761943 391 * | # | Step | Expected |
JimCarver 0:6b753f761943 392 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 393 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 394 * | 2 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 395 * | 3 | Add a NULL entropy source using `pal_addEntropySource`. | PAL_ERR_INVALID_ARGUMENT |
JimCarver 0:6b753f761943 396 * | 4 | Add a valid entropy source using `pal_addEntropySource`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 397 * | 5 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 398 * | 6 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 399 */
JimCarver 0:6b753f761943 400 TEST(pal_tls, tlsInitTLS)
JimCarver 0:6b753f761943 401 {
JimCarver 0:6b753f761943 402 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 403 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 404 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 405 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 406 /*#1*/
JimCarver 0:6b753f761943 407 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 408 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 409 /*#2*/
JimCarver 0:6b753f761943 410 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 411 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 412 #ifdef DEBUG
JimCarver 0:6b753f761943 413 /*#3*/
JimCarver 0:6b753f761943 414 status = pal_addEntropySource(NULL);
JimCarver 0:6b753f761943 415 TEST_ASSERT_EQUAL_HEX(PAL_ERR_INVALID_ARGUMENT, status);
JimCarver 0:6b753f761943 416 #endif
JimCarver 0:6b753f761943 417 /*#4*/
JimCarver 0:6b753f761943 418 status = pal_addEntropySource(palTestEntropySource);
JimCarver 0:6b753f761943 419 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 420 /*#5*/
JimCarver 0:6b753f761943 421 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 422 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 423 /*#6*/
JimCarver 0:6b753f761943 424 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 425 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 426 }
JimCarver 0:6b753f761943 427
JimCarver 0:6b753f761943 428
JimCarver 0:6b753f761943 429 /**
JimCarver 0:6b753f761943 430 * @brief Test TLS initialization and uninitialization with additional keys.
JimCarver 0:6b753f761943 431 *
JimCarver 0:6b753f761943 432 *
JimCarver 0:6b753f761943 433 * | # | Step | Expected |
JimCarver 0:6b753f761943 434 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 435 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 436 * | 2 | Add keys to the configuration using `pal_setOwnCertAndPrivateKey`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 437 * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 438 * | 4 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 439 * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 440 */
JimCarver 0:6b753f761943 441 TEST(pal_tls, tlsPrivateAndPublicKeys)
JimCarver 0:6b753f761943 442 {
JimCarver 0:6b753f761943 443 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 444 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 445 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 446 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 447 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 448 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) };
JimCarver 0:6b753f761943 449 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) };
JimCarver 0:6b753f761943 450
JimCarver 0:6b753f761943 451 /*#1*/
JimCarver 0:6b753f761943 452 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 453 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR);
JimCarver 0:6b753f761943 454 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 455 /*#2*/
JimCarver 0:6b753f761943 456 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 457 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 458 /*#3*/
JimCarver 0:6b753f761943 459 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 460 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 461 /*#4*/
JimCarver 0:6b753f761943 462 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 463 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 464 /*#5*/
JimCarver 0:6b753f761943 465 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 466 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 467 #endif
JimCarver 0:6b753f761943 468 }
JimCarver 0:6b753f761943 469
JimCarver 0:6b753f761943 470
JimCarver 0:6b753f761943 471 /**
JimCarver 0:6b753f761943 472 * @brief Test TLS initialization and uninitialization with additional certificate and pre-shared keys.
JimCarver 0:6b753f761943 473 *
JimCarver 0:6b753f761943 474 *
JimCarver 0:6b753f761943 475 * | # | Step | Expected |
JimCarver 0:6b753f761943 476 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 477 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 478 * | 2 | Set pre-shared keys to the configuration using `pal_setPSK`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 479 * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS
JimCarver 0:6b753f761943 480 * | 4 | Uninitialize TLS context using `pal_freeTLS`. |PAL_SUCCESS |
JimCarver 0:6b753f761943 481 * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 482 */
JimCarver 0:6b753f761943 483 TEST(pal_tls, tlsCACertandPSK)
JimCarver 0:6b753f761943 484 {
JimCarver 0:6b753f761943 485 #if (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 486 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 487 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 488 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 489 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 490 /*#1*/
JimCarver 0:6b753f761943 491 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 492 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR);
JimCarver 0:6b753f761943 493 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 494 /*#2*/
JimCarver 0:6b753f761943 495 status = pal_setPSK(palTLSConf, g_psk_id, sizeof(g_psk_id) - 1, g_psk, sizeof(g_psk));
JimCarver 0:6b753f761943 496 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 497 /*#3*/
JimCarver 0:6b753f761943 498 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 499 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 500 /*#4*/
JimCarver 0:6b753f761943 501 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 502 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 503 /*#5*/
JimCarver 0:6b753f761943 504 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 505 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 506 #endif
JimCarver 0:6b753f761943 507 }
JimCarver 0:6b753f761943 508
JimCarver 0:6b753f761943 509
JimCarver 0:6b753f761943 510 /**
JimCarver 0:6b753f761943 511 * @brief Test TLS handshake (TCP blocking).
JimCarver 0:6b753f761943 512 *
JimCarver 0:6b753f761943 513 *
JimCarver 0:6b753f761943 514 * | # | Step | Expected |
JimCarver 0:6b753f761943 515 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 516 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 517 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 518 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 519 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 520 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 521 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 522 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 523 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 524 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 525 * | 10 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 526 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 527 * | 12 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 528 * | 13 | Wait for the response. | PAL_SUCCESS |
JimCarver 0:6b753f761943 529 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 530 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 531 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 532 * | 17 | Close the TCP socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 533 */
JimCarver 0:6b753f761943 534 TEST(pal_tls, tlsHandshakeTCP)
JimCarver 0:6b753f761943 535 {
JimCarver 0:6b753f761943 536 handshakeTCP(false);
JimCarver 0:6b753f761943 537 }
JimCarver 0:6b753f761943 538
JimCarver 0:6b753f761943 539 /**
JimCarver 0:6b753f761943 540 * @brief Test TLS handshake (TCP non-blocking).
JimCarver 0:6b753f761943 541 *
JimCarver 0:6b753f761943 542 *
JimCarver 0:6b753f761943 543 * | # | Step | Expected |
JimCarver 0:6b753f761943 544 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 545 * | 1 | Create a TCP (non-blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 546 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 547 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 548 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 549 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 550 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 551 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 552 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 553 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 554 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS |
JimCarver 0:6b753f761943 555 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 556 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 557 * | 13 | Wait for the response. | PAL_SUCCESS |
JimCarver 0:6b753f761943 558 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 559 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 560 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 561 * | 17 | Close the TCP socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 562 */
JimCarver 0:6b753f761943 563 TEST(pal_tls, tlsHandshakeTCP_nonBlocking)
JimCarver 0:6b753f761943 564 {
JimCarver 0:6b753f761943 565 handshakeTCP(true);
JimCarver 0:6b753f761943 566 }
JimCarver 0:6b753f761943 567
JimCarver 0:6b753f761943 568 /**
JimCarver 0:6b753f761943 569 * @brief Test (D)TLS handshake (UDP -blocking).
JimCarver 0:6b753f761943 570 *
JimCarver 0:6b753f761943 571 *
JimCarver 0:6b753f761943 572 * | # | Step | Expected |
JimCarver 0:6b753f761943 573 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 574 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 575 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 576 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 577 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 578 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 579 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 580 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 581 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 582 * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 583 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS |
JimCarver 0:6b753f761943 584 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 585 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 586 * | 13 | Wait for the response. | PAL_SUCCESS |
JimCarver 0:6b753f761943 587 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 588 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 589 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 590 * | 17 | Close the UDP socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 591 */
JimCarver 0:6b753f761943 592 TEST(pal_tls, tlsHandshakeUDP)
JimCarver 0:6b753f761943 593 {
JimCarver 0:6b753f761943 594 handshakeUDP(false);
JimCarver 0:6b753f761943 595 }
JimCarver 0:6b753f761943 596
JimCarver 0:6b753f761943 597 /**
JimCarver 0:6b753f761943 598 * @brief Test (D)TLS handshake (UDP -NonBlocking).
JimCarver 0:6b753f761943 599 *
JimCarver 0:6b753f761943 600 *
JimCarver 0:6b753f761943 601 * | # | Step | Expected |
JimCarver 0:6b753f761943 602 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 603 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 604 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 605 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 606 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 607 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 608 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 609 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 610 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 611 * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 612 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS |
JimCarver 0:6b753f761943 613 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 614 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 615 * | 13 | Wait for the response. | PAL_SUCCESS |
JimCarver 0:6b753f761943 616 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 617 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 618 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 619 * | 17 | Close the UDP socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 620 */
JimCarver 0:6b753f761943 621 TEST(pal_tls, tlsHandshakeUDP_NonBlocking)
JimCarver 0:6b753f761943 622 {
JimCarver 0:6b753f761943 623 handshakeUDP(true);
JimCarver 0:6b753f761943 624 }
JimCarver 0:6b753f761943 625
JimCarver 0:6b753f761943 626 /**
JimCarver 0:6b753f761943 627 * @brief Test (D)TLS handshake (UDP non-blocking) with a very short timeout to see if you get a timeout.
JimCarver 0:6b753f761943 628 *
JimCarver 0:6b753f761943 629 *
JimCarver 0:6b753f761943 630 * | # | Step | Expected |
JimCarver 0:6b753f761943 631 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 632 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 633 * | 2 | Perform a DNS lookup on server adderss. | PAL_SUCCESS |
JimCarver 0:6b753f761943 634 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 635 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 636 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 637 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 638 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 639 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 640 * | 9 | Set a short timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 641 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_ERR_TIMEOUT_EXPIRED |
JimCarver 0:6b753f761943 642 * | 11 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 643 * | 12 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 644 */
JimCarver 0:6b753f761943 645 TEST(pal_tls, tlsHandshakeUDPTimeOut)
JimCarver 0:6b753f761943 646 {
JimCarver 0:6b753f761943 647 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 648 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 649 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 650 palTLSTransportMode_t transportationMode = PAL_DTLS_MODE;
JimCarver 0:6b753f761943 651 palSocketAddress_t socketAddr = { 0 };
JimCarver 0:6b753f761943 652 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 653 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 654 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) };
JimCarver 0:6b753f761943 655 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) };
JimCarver 0:6b753f761943 656 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 657 #elif (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 658 const char* identity = PAL_TEST_PSK_IDENTITY;
JimCarver 0:6b753f761943 659 const char psk[]= PAL_TEST_PSK;
JimCarver 0:6b753f761943 660 #endif
JimCarver 0:6b753f761943 661 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 662
JimCarver 0:6b753f761943 663 uint64_t curTimeInSec;
JimCarver 0:6b753f761943 664 const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds
JimCarver 0:6b753f761943 665
JimCarver 0:6b753f761943 666 /*#1*/
JimCarver 0:6b753f761943 667 status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 668 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 669 /*#2*/
JimCarver 0:6b753f761943 670 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 671 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 672 {
JimCarver 0:6b753f761943 673 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 674 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 675 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 676 return;
JimCarver 0:6b753f761943 677 }
JimCarver 0:6b753f761943 678 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 679
JimCarver 0:6b753f761943 680 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 681 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 682 /*#3*/
JimCarver 0:6b753f761943 683 status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT_TIMEOUT);
JimCarver 0:6b753f761943 684 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 685 /*#4*/
JimCarver 0:6b753f761943 686 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 687 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 688 /*#5*/
JimCarver 0:6b753f761943 689 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 690 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 691
JimCarver 0:6b753f761943 692 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them.
JimCarver 0:6b753f761943 693 //status = pal_sslSetDebugging(palTLSConf, true);
JimCarver 0:6b753f761943 694 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 695 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 696 /*#6*/
JimCarver 0:6b753f761943 697 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 698 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 699 /*#7*/
JimCarver 0:6b753f761943 700 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 701 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 702 #elif (PAL_ENABLE_PSK == 1)
JimCarver 0:6b753f761943 703 /*#6 + #7*/
JimCarver 0:6b753f761943 704 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk));
JimCarver 0:6b753f761943 705 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 706 #endif
JimCarver 0:6b753f761943 707 /*#8*/
JimCarver 0:6b753f761943 708 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 709 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 710 /*#9*/
JimCarver 0:6b753f761943 711 status = pal_setHandShakeTimeOut(palTLSConf, 100);
JimCarver 0:6b753f761943 712 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 713
JimCarver 0:6b753f761943 714 status = pal_osSetTime(minSecSinceEpoch);
JimCarver 0:6b753f761943 715 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success
JimCarver 0:6b753f761943 716 /*#10*/
JimCarver 0:6b753f761943 717 do
JimCarver 0:6b753f761943 718 {
JimCarver 0:6b753f761943 719 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 720 }
JimCarver 0:6b753f761943 721 while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status);
JimCarver 0:6b753f761943 722
JimCarver 0:6b753f761943 723 curTimeInSec = pal_osGetTime();
JimCarver 0:6b753f761943 724 TEST_ASSERT_EQUAL_HEX(PAL_ERR_TIMEOUT_EXPIRED, status);
JimCarver 0:6b753f761943 725 TEST_ASSERT_TRUE(curTimeInSec - minSecSinceEpoch <= PAL_WAIT_TIME); //less than PAL_WAIT_TIME seconds
JimCarver 0:6b753f761943 726 /*#11*/
JimCarver 0:6b753f761943 727 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 728 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 729 /*#12*/
JimCarver 0:6b753f761943 730 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 731 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 732 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 733 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 734 }
JimCarver 0:6b753f761943 735
JimCarver 0:6b753f761943 736 #if PAL_USE_INTERNAL_FLASH
JimCarver 0:6b753f761943 737 /**
JimCarver 0:6b753f761943 738 * @brief Test TLS handshake (TCP blocking).
JimCarver 0:6b753f761943 739 *
JimCarver 0:6b753f761943 740 *
JimCarver 0:6b753f761943 741 * | # | Step | Expected |
JimCarver 0:6b753f761943 742 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 743 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 744 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 745 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 746 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 747 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 748 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 749 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 750 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 751 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 752 * | 10 | Set device time to be in future. | PAL_SUCCESS |
JimCarver 0:6b753f761943 753 * | 11 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 754 * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 755 * | 13 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 756 * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 757 * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 758 * | 16 | Close the TCP socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 759 * | 17 | Check that time is updated. | PAL_SUCCESS |
JimCarver 0:6b753f761943 760 * | 18 | Verify that the SOTP time value was updated. | PAL_SUCCESS |
JimCarver 0:6b753f761943 761 */
JimCarver 0:6b753f761943 762 TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M)
JimCarver 0:6b753f761943 763 {
JimCarver 0:6b753f761943 764 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 765 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 766 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 767 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 768 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 769 palSocketAddress_t socketAddr = {0};
JimCarver 0:6b753f761943 770 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 771 uint32_t written = 0;
JimCarver 0:6b753f761943 772 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)};
JimCarver 0:6b753f761943 773 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)};
JimCarver 0:6b753f761943 774 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 775 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 776
JimCarver 0:6b753f761943 777 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 778 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 779 uint64_t deviceTime = pal_osGetTime(); //get device time to update it in case of failure
JimCarver 0:6b753f761943 780 uint64_t currentTime = 0;
JimCarver 0:6b753f761943 781 uint16_t actualSavedTimeSize = 0;
JimCarver 0:6b753f761943 782 uint64_t initialSOTPTime = 0;
JimCarver 0:6b753f761943 783 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 784 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 785
JimCarver 0:6b753f761943 786
JimCarver 0:6b753f761943 787 /*#1*/
JimCarver 0:6b753f761943 788 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 789 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 790
JimCarver 0:6b753f761943 791
JimCarver 0:6b753f761943 792 /*#2*/
JimCarver 0:6b753f761943 793 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 794 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 795 {
JimCarver 0:6b753f761943 796 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 797 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 798 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 799 return;
JimCarver 0:6b753f761943 800 }
JimCarver 0:6b753f761943 801 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 802
JimCarver 0:6b753f761943 803 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 804 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 805 /*#3*/
JimCarver 0:6b753f761943 806 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT);
JimCarver 0:6b753f761943 807 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 808 /*#4*/
JimCarver 0:6b753f761943 809 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 810 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 811 /*#5*/
JimCarver 0:6b753f761943 812 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 813 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 814 /*#6*/
JimCarver 0:6b753f761943 815 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 816 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 817 /*#7*/
JimCarver 0:6b753f761943 818 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 819 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 820 /*#8*/
JimCarver 0:6b753f761943 821 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 822 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 823 /*#9*/
JimCarver 0:6b753f761943 824 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 825 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 826 /*#10*/
JimCarver 0:6b753f761943 827
JimCarver 0:6b753f761943 828 sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(initialSOTPTime), (uint32_t*)&initialSOTPTime);
JimCarver 0:6b753f761943 829 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 830 status = pal_osSetTime(0);//back in the past to set time to the future during handhsake
JimCarver 0:6b753f761943 831 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 832 /*#11*/
JimCarver 0:6b753f761943 833 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 834 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 835 {
JimCarver 0:6b753f761943 836 pal_osSetTime(deviceTime);
JimCarver 0:6b753f761943 837 }
JimCarver 0:6b753f761943 838 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 839 /*#12*/
JimCarver 0:6b753f761943 840 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 841 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 842 /*#13*/
JimCarver 0:6b753f761943 843 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 844 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 845
JimCarver 0:6b753f761943 846 pal_osDelay(5000);
JimCarver 0:6b753f761943 847 /*#14*/
JimCarver 0:6b753f761943 848 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 849 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 850 /*#14*/
JimCarver 0:6b753f761943 851 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 852 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 853 /*#15*/
JimCarver 0:6b753f761943 854 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 855 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 856 /*#16*/
JimCarver 0:6b753f761943 857 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 858 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 859 /*#17*/
JimCarver 0:6b753f761943 860 deviceTime = pal_osGetTime();
JimCarver 0:6b753f761943 861 TEST_ASSERT_TRUE(0 != deviceTime);
JimCarver 0:6b753f761943 862 /*#18*/
JimCarver 0:6b753f761943 863 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)&currentTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 864 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 865 TEST_ASSERT_TRUE(0 != currentTime);
JimCarver 0:6b753f761943 866 #endif
JimCarver 0:6b753f761943 867 }
JimCarver 0:6b753f761943 868
JimCarver 0:6b753f761943 869 /**
JimCarver 0:6b753f761943 870 * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules)
JimCarver 0:6b753f761943 871 *
JimCarver 0:6b753f761943 872 *
JimCarver 0:6b753f761943 873 * | # | Step | Expected |
JimCarver 0:6b753f761943 874 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 875 * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS |
JimCarver 0:6b753f761943 876 * | 2 | Update `SOTP_TYPE_SAVED_TIME` directly in SOTP to the new time from #1 | PAL_SUCCESS |
JimCarver 0:6b753f761943 877 * | 3 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 878 * | 4 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 879 * | 5 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 880 * | 6 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 881 * | 7 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 882 * | 8 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 883 * | 9 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 884 * | 10 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 885 * | 11 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 886 * | 12 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 887 * | 13 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 888 * | 14 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 889 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 890 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 891 * | 17 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS |
JimCarver 0:6b753f761943 892 */
JimCarver 0:6b753f761943 893 TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M_NoTimeUpdate)
JimCarver 0:6b753f761943 894 {
JimCarver 0:6b753f761943 895 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 896 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 897 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 898 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 899 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 900 palSocketAddress_t socketAddr = { 0 };
JimCarver 0:6b753f761943 901 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 902 uint32_t written = 0;
JimCarver 0:6b753f761943 903 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 904 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 905 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) };
JimCarver 0:6b753f761943 906 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) };
JimCarver 0:6b753f761943 907 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 908 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 909 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 910 uint64_t currentTime = 0;
JimCarver 0:6b753f761943 911 uint64_t tmpTime = 0;
JimCarver 0:6b753f761943 912 uint64_t updatedTime = 0;
JimCarver 0:6b753f761943 913 uint16_t actualSavedTimeSize = 0;
JimCarver 0:6b753f761943 914 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 915
JimCarver 0:6b753f761943 916 /*#1*/
JimCarver 0:6b753f761943 917 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(tmpTime), (uint32_t*)&tmpTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 918 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 919
JimCarver 0:6b753f761943 920 currentTime = tmpTime - (PAL_SECONDS_PER_DAY / 2); //going back half day to simulate future server by half day (in order to prevent time update)
JimCarver 0:6b753f761943 921 status = pal_osSetTime(currentTime);
JimCarver 0:6b753f761943 922 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 923 /*#2*/
JimCarver 0:6b753f761943 924 sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(currentTime), (uint32_t*)&currentTime);
JimCarver 0:6b753f761943 925 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 926
JimCarver 0:6b753f761943 927 /*#3*/
JimCarver 0:6b753f761943 928 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 929 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 930 /*#4*/
JimCarver 0:6b753f761943 931 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 932 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 933 {
JimCarver 0:6b753f761943 934 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 935 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 936 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 937 return;
JimCarver 0:6b753f761943 938 }
JimCarver 0:6b753f761943 939 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 940 /*#5*/
JimCarver 0:6b753f761943 941 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT);
JimCarver 0:6b753f761943 942 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 943
JimCarver 0:6b753f761943 944 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 945 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 946
JimCarver 0:6b753f761943 947 /*#6*/
JimCarver 0:6b753f761943 948 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 949 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 950 /*#7*/
JimCarver 0:6b753f761943 951 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 952 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 953 /*#8*/
JimCarver 0:6b753f761943 954 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 955 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 956 {
JimCarver 0:6b753f761943 957 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 958 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 959 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 960 }
JimCarver 0:6b753f761943 961
JimCarver 0:6b753f761943 962 /*#9*/
JimCarver 0:6b753f761943 963 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 964 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 965 {
JimCarver 0:6b753f761943 966 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 967 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 968 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 969 }
JimCarver 0:6b753f761943 970 /*#10*/
JimCarver 0:6b753f761943 971 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 972 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 973 {
JimCarver 0:6b753f761943 974 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 975 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 976 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 977 }
JimCarver 0:6b753f761943 978 /*#11*/
JimCarver 0:6b753f761943 979 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 980 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 981 {
JimCarver 0:6b753f761943 982 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 983 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 984 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 985 }
JimCarver 0:6b753f761943 986 /*#12*/
JimCarver 0:6b753f761943 987 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 988 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 989 {
JimCarver 0:6b753f761943 990 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 991 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 992 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 993 }
JimCarver 0:6b753f761943 994 /*#13*/
JimCarver 0:6b753f761943 995 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 996 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 997 {
JimCarver 0:6b753f761943 998 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 999 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1000 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult);
JimCarver 0:6b753f761943 1001 }
JimCarver 0:6b753f761943 1002 /*#14*/
JimCarver 0:6b753f761943 1003 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 1004 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1005 {
JimCarver 0:6b753f761943 1006 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1007 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1008 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1009 }
JimCarver 0:6b753f761943 1010
JimCarver 0:6b753f761943 1011 pal_osDelay(5000);
JimCarver 0:6b753f761943 1012 /*#14*/
JimCarver 0:6b753f761943 1013 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 1014 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1015 {
JimCarver 0:6b753f761943 1016 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1017 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1018 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1019 }
JimCarver 0:6b753f761943 1020
JimCarver 0:6b753f761943 1021 /*#15*/
JimCarver 0:6b753f761943 1022 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1023 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1024 {
JimCarver 0:6b753f761943 1025 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1026 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1027 }
JimCarver 0:6b753f761943 1028 /*#16*/
JimCarver 0:6b753f761943 1029 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1030 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1031
JimCarver 0:6b753f761943 1032 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1033 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1034
JimCarver 0:6b753f761943 1035 /*#17*/
JimCarver 0:6b753f761943 1036 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1037 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1038 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime);
JimCarver 0:6b753f761943 1039 #endif
JimCarver 0:6b753f761943 1040 }
JimCarver 0:6b753f761943 1041
JimCarver 0:6b753f761943 1042
JimCarver 0:6b753f761943 1043 /**
JimCarver 0:6b753f761943 1044 * @brief Test TLS handshake (TCP blocking) with future time to make handshake to fail due to bad cert time from server.
JimCarver 0:6b753f761943 1045 *
JimCarver 0:6b753f761943 1046 *
JimCarver 0:6b753f761943 1047 * | # | Step | Expected |
JimCarver 0:6b753f761943 1048 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 1049 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1050 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1051 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1052 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1053 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1054 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1055 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 1056 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1057 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1058 * | 10 | Setsystem time to be far in the future `pal_osSetTime`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1059 * | 11 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_ERR_X509_CERT_VERIFY_FAILED |
JimCarver 0:6b753f761943 1060 * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_ERR_X509_BADCERT_EXPIRED |
JimCarver 0:6b753f761943 1061 * | 13 | Set tme back to the original time before the test. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1062 * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1063 * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1064 * | 16 | Verify that the SOTP time value was not changed. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1065 */
JimCarver 0:6b753f761943 1066 TEST(pal_tls, tlsHandshakeTCP_ExpiredLWM2MCert)
JimCarver 0:6b753f761943 1067 {
JimCarver 0:6b753f761943 1068 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 1069 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 1070 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 1071 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 1072 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 1073 palSocketAddress_t socketAddr = {0};
JimCarver 0:6b753f761943 1074 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 1075 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)};
JimCarver 0:6b753f761943 1076 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)};
JimCarver 0:6b753f761943 1077 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 1078 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 1079 uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT
JimCarver 0:6b753f761943 1080 uint64_t currentTime = 0;
JimCarver 0:6b753f761943 1081 uint64_t currentSOTPTime = 0;
JimCarver 0:6b753f761943 1082 uint16_t actualSavedTimeSize = 0;
JimCarver 0:6b753f761943 1083 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 1084 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 1085
JimCarver 0:6b753f761943 1086
JimCarver 0:6b753f761943 1087 /*#1*/
JimCarver 0:6b753f761943 1088 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 1089 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1090 /*#2*/
JimCarver 0:6b753f761943 1091 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 1092 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 1093 {
JimCarver 0:6b753f761943 1094 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 1095 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1096 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1097 return;
JimCarver 0:6b753f761943 1098 }
JimCarver 0:6b753f761943 1099 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1100
JimCarver 0:6b753f761943 1101 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 1102 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 1103 /*#3*/
JimCarver 0:6b753f761943 1104 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT);
JimCarver 0:6b753f761943 1105 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1106 /*#4*/
JimCarver 0:6b753f761943 1107 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 1108 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1109 /*#5*/
JimCarver 0:6b753f761943 1110 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 1111 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1112 /*#6*/
JimCarver 0:6b753f761943 1113 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 1114 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1115 {
JimCarver 0:6b753f761943 1116 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1117 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1118 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1119 }
JimCarver 0:6b753f761943 1120
JimCarver 0:6b753f761943 1121 /*#7*/
JimCarver 0:6b753f761943 1122 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 1123 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1124 {
JimCarver 0:6b753f761943 1125 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1126 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1127 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1128 }
JimCarver 0:6b753f761943 1129 /*#8*/
JimCarver 0:6b753f761943 1130 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 1131 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1132 {
JimCarver 0:6b753f761943 1133 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1134 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1135 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1136 }
JimCarver 0:6b753f761943 1137 /*#9*/
JimCarver 0:6b753f761943 1138 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 1139 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1140 {
JimCarver 0:6b753f761943 1141 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1142 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1143 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1144 }
JimCarver 0:6b753f761943 1145 /*#10*/
JimCarver 0:6b753f761943 1146 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)&currentTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1147 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1148 status = pal_osSetTime(futureTime);
JimCarver 0:6b753f761943 1149 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1150 {
JimCarver 0:6b753f761943 1151 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1152 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1153 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1154 }
JimCarver 0:6b753f761943 1155 /*#11*/
JimCarver 0:6b753f761943 1156 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 1157 if (PAL_ERR_X509_CERT_VERIFY_FAILED != status)
JimCarver 0:6b753f761943 1158 {
JimCarver 0:6b753f761943 1159 pal_osSetTime(currentTime);
JimCarver 0:6b753f761943 1160 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1161 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1162 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_CERT_VERIFY_FAILED, status);
JimCarver 0:6b753f761943 1163 }
JimCarver 0:6b753f761943 1164 /*#12*/
JimCarver 0:6b753f761943 1165 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 1166 if ((PAL_ERR_X509_CERT_VERIFY_FAILED != status) || (0 == (PAL_ERR_X509_BADCERT_EXPIRED & verifyResult)))
JimCarver 0:6b753f761943 1167 {
JimCarver 0:6b753f761943 1168 pal_osSetTime(currentTime);
JimCarver 0:6b753f761943 1169 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1170 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1171 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult);
JimCarver 0:6b753f761943 1172 }
JimCarver 0:6b753f761943 1173 /*#13*/
JimCarver 0:6b753f761943 1174 status = pal_osSetTime(currentTime);
JimCarver 0:6b753f761943 1175 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1176 /*#14*/
JimCarver 0:6b753f761943 1177 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1178 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1179 {
JimCarver 0:6b753f761943 1180 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1181 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1182 }
JimCarver 0:6b753f761943 1183 /*#15*/
JimCarver 0:6b753f761943 1184 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1185 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1186
JimCarver 0:6b753f761943 1187 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1188 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1189
JimCarver 0:6b753f761943 1190 /*#16*/
JimCarver 0:6b753f761943 1191 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentSOTPTime), (uint32_t*)&currentSOTPTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1192 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1193 TEST_ASSERT_TRUE(futureTime <= currentSOTPTime);
JimCarver 0:6b753f761943 1194 #endif
JimCarver 0:6b753f761943 1195 }
JimCarver 0:6b753f761943 1196
JimCarver 0:6b753f761943 1197 /**
JimCarver 0:6b753f761943 1198 * @brief Test TLS handshake (TCP blocking) with future time to make handshake update the device time according to the server time.
JimCarver 0:6b753f761943 1199 *
JimCarver 0:6b753f761943 1200 *
JimCarver 0:6b753f761943 1201 * | # | Step | Expected |
JimCarver 0:6b753f761943 1202 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 1203 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1204 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1205 * | 3 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1206 * | 4 | Parse the CA cert. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1207 * | 5 | Get the CA cert ID. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1208 * | 6 | Set the CA cert ID into the SOTP. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1209 * | 7 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1210 * | 8 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1211 * | 9 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1212 * | 10 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 1213 * | 11 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1214 * | 12 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1215 * | 13 | Set system time to be far in the future `pal_osSetTime`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1216 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1217 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1218 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1219 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1220 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1221 * | 19 | Free X509 handle. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1222 * | 20 | Verify that the time updated during the handshake. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1223 */
JimCarver 0:6b753f761943 1224 TEST(pal_tls, tlsHandshakeTCP_ExpiredServerCert_Trusted)
JimCarver 0:6b753f761943 1225 {
JimCarver 0:6b753f761943 1226 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 1227 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 1228 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 1229 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 1230 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 1231 palSocketAddress_t socketAddr = { 0 };
JimCarver 0:6b753f761943 1232 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 1233 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 1234 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 1235 uint32_t written = 0;
JimCarver 0:6b753f761943 1236 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) };
JimCarver 0:6b753f761943 1237 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) };
JimCarver 0:6b753f761943 1238 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 1239 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 1240 uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT
JimCarver 0:6b753f761943 1241 uint64_t updatedTime = 0;
JimCarver 0:6b753f761943 1242 uint16_t actualSavedTimeSize = 0;
JimCarver 0:6b753f761943 1243 palX509Handle_t trustedServerCA = NULLPTR;
JimCarver 0:6b753f761943 1244 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 1245 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 1246
JimCarver 0:6b753f761943 1247 /*#1*/
JimCarver 0:6b753f761943 1248 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 1249 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1250 /*#2*/
JimCarver 0:6b753f761943 1251 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 1252 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 1253 {
JimCarver 0:6b753f761943 1254 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 1255 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1256 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1257 return;
JimCarver 0:6b753f761943 1258 }
JimCarver 0:6b753f761943 1259 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1260 /*#3*/
JimCarver 0:6b753f761943 1261 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT);
JimCarver 0:6b753f761943 1262 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1263
JimCarver 0:6b753f761943 1264 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 1265 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 1266 /*#4*/
JimCarver 0:6b753f761943 1267 status = pal_x509Initiate(&trustedServerCA);
JimCarver 0:6b753f761943 1268 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR);
JimCarver 0:6b753f761943 1269 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1270
JimCarver 0:6b753f761943 1271 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas));
JimCarver 0:6b753f761943 1272 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1273 {
JimCarver 0:6b753f761943 1274 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1275 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1276 }
JimCarver 0:6b753f761943 1277 /*#5*/
JimCarver 0:6b753f761943 1278 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize);
JimCarver 0:6b753f761943 1279 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1280 {
JimCarver 0:6b753f761943 1281 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1282 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1283 }
JimCarver 0:6b753f761943 1284 /*#6*/
JimCarver 0:6b753f761943 1285 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID);
JimCarver 0:6b753f761943 1286 if (SOTP_SUCCESS != sotpRes)
JimCarver 0:6b753f761943 1287 {
JimCarver 0:6b753f761943 1288 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1289 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1290 }
JimCarver 0:6b753f761943 1291
JimCarver 0:6b753f761943 1292 /*#7*/
JimCarver 0:6b753f761943 1293 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 1294 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1295 {
JimCarver 0:6b753f761943 1296 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1297 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1298 }
JimCarver 0:6b753f761943 1299 /*#8*/
JimCarver 0:6b753f761943 1300 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 1301 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1302 /*#9*/
JimCarver 0:6b753f761943 1303 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 1304 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1305 {
JimCarver 0:6b753f761943 1306 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1307 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1308 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1309 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1310 }
JimCarver 0:6b753f761943 1311
JimCarver 0:6b753f761943 1312 /*#10*/
JimCarver 0:6b753f761943 1313 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 1314 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1315 {
JimCarver 0:6b753f761943 1316 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1317 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1318 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1319 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1320 }
JimCarver 0:6b753f761943 1321 /*#11*/
JimCarver 0:6b753f761943 1322 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 1323 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1324 {
JimCarver 0:6b753f761943 1325 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1326 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1327 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1328 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1329 }
JimCarver 0:6b753f761943 1330 /*#12*/
JimCarver 0:6b753f761943 1331 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 1332 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1333 {
JimCarver 0:6b753f761943 1334 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1335 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1336 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1337 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1338 }
JimCarver 0:6b753f761943 1339 /*#13*/
JimCarver 0:6b753f761943 1340 status = pal_osSetStrongTime(futureTime);
JimCarver 0:6b753f761943 1341 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1342 {
JimCarver 0:6b753f761943 1343 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1344 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1345 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1346 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1347 }
JimCarver 0:6b753f761943 1348 /*#14*/
JimCarver 0:6b753f761943 1349 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 1350 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1351 {
JimCarver 0:6b753f761943 1352 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1353 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1354 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1355 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1356 }
JimCarver 0:6b753f761943 1357 /*#15*/
JimCarver 0:6b753f761943 1358 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 1359 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1360 {
JimCarver 0:6b753f761943 1361 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1362 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1363 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1364 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult);
JimCarver 0:6b753f761943 1365 }
JimCarver 0:6b753f761943 1366 /*#16*/
JimCarver 0:6b753f761943 1367 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 1368 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1369 {
JimCarver 0:6b753f761943 1370 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1371 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1372 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1373 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status);
JimCarver 0:6b753f761943 1374 }
JimCarver 0:6b753f761943 1375
JimCarver 0:6b753f761943 1376 pal_osDelay(5000);
JimCarver 0:6b753f761943 1377 /*#14*/
JimCarver 0:6b753f761943 1378 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 1379 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1380 {
JimCarver 0:6b753f761943 1381 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1382 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1383 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1384 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status);
JimCarver 0:6b753f761943 1385 }
JimCarver 0:6b753f761943 1386
JimCarver 0:6b753f761943 1387 /*#17*/
JimCarver 0:6b753f761943 1388 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1389 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1390 {
JimCarver 0:6b753f761943 1391 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1392 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1393 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1394 }
JimCarver 0:6b753f761943 1395 /*#18*/
JimCarver 0:6b753f761943 1396 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1397 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1398 {
JimCarver 0:6b753f761943 1399 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1400 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1401 }
JimCarver 0:6b753f761943 1402 /*#19*/
JimCarver 0:6b753f761943 1403 status = pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1404 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1405 /*#20*/
JimCarver 0:6b753f761943 1406 updatedTime = pal_osGetTime();
JimCarver 0:6b753f761943 1407 TEST_ASSERT_TRUE(updatedTime < futureTime);
JimCarver 0:6b753f761943 1408
JimCarver 0:6b753f761943 1409 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1410 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1411
JimCarver 0:6b753f761943 1412 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1413 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1414 TEST_ASSERT_TRUE(updatedTime <= futureTime);
JimCarver 0:6b753f761943 1415
JimCarver 0:6b753f761943 1416 sotpRes = sotp_get(SOTP_TYPE_LAST_TIME_BACK, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1417 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1418 TEST_ASSERT_TRUE(updatedTime <= futureTime);
JimCarver 0:6b753f761943 1419 #endif
JimCarver 0:6b753f761943 1420 }
JimCarver 0:6b753f761943 1421
JimCarver 0:6b753f761943 1422 /**
JimCarver 0:6b753f761943 1423 * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules)
JimCarver 0:6b753f761943 1424 *
JimCarver 0:6b753f761943 1425 *
JimCarver 0:6b753f761943 1426 * | # | Step | Expected |
JimCarver 0:6b753f761943 1427 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 1428 * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS |
JimCarver 0:6b753f761943 1429 * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1430 * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1431 * | 4 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1432 * | 5 | Parse the CA cert. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1433 * | 6 | Get the CA cert ID. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1434 * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1435 * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1436 * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1437 * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1438 * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 1439 * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1440 * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1441 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1442 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1443 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1444 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1445 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1446 * | 19 | Free X509 Handle. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1447 * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1448 */
JimCarver 0:6b753f761943 1449 TEST(pal_tls, tlsHandshakeTCP_FutureTrustedServer_NoTimeUpdate)
JimCarver 0:6b753f761943 1450 {
JimCarver 0:6b753f761943 1451 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 1452 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 1453 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 1454 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 1455 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 1456 palSocketAddress_t socketAddr = { 0 };
JimCarver 0:6b753f761943 1457 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 1458 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 1459 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 1460 uint32_t written = 0;
JimCarver 0:6b753f761943 1461 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) };
JimCarver 0:6b753f761943 1462 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) };
JimCarver 0:6b753f761943 1463 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 1464 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 1465 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 1466 uint64_t currentTime = 0;
JimCarver 0:6b753f761943 1467 uint64_t updatedTime = 0;
JimCarver 0:6b753f761943 1468 uint16_t actualSavedTimeSize = 0;
JimCarver 0:6b753f761943 1469 palX509Handle_t trustedServerCA = NULLPTR;
JimCarver 0:6b753f761943 1470 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 1471
JimCarver 0:6b753f761943 1472 /*#1*/
JimCarver 0:6b753f761943 1473 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)&currentTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1474 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1475 TEST_ASSERT_TRUE(0 != currentTime);
JimCarver 0:6b753f761943 1476
JimCarver 0:6b753f761943 1477 status = pal_osSetTime(currentTime - (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update)
JimCarver 0:6b753f761943 1478 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1479 /*#2*/
JimCarver 0:6b753f761943 1480 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 1481 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1482 /*#3*/
JimCarver 0:6b753f761943 1483 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 1484 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 1485 {
JimCarver 0:6b753f761943 1486 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 1487 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1488 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1489 return;
JimCarver 0:6b753f761943 1490 }
JimCarver 0:6b753f761943 1491 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1492 /*#4*/
JimCarver 0:6b753f761943 1493 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT);
JimCarver 0:6b753f761943 1494 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1495
JimCarver 0:6b753f761943 1496 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 1497 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 1498
JimCarver 0:6b753f761943 1499 /*#5*/
JimCarver 0:6b753f761943 1500 status = pal_x509Initiate(&trustedServerCA);
JimCarver 0:6b753f761943 1501 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR);
JimCarver 0:6b753f761943 1502 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1503
JimCarver 0:6b753f761943 1504 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas));
JimCarver 0:6b753f761943 1505 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1506 {
JimCarver 0:6b753f761943 1507 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1508 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1509 }
JimCarver 0:6b753f761943 1510 /*#6*/
JimCarver 0:6b753f761943 1511 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize);
JimCarver 0:6b753f761943 1512 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1513 {
JimCarver 0:6b753f761943 1514 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1515 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1516 }
JimCarver 0:6b753f761943 1517 /*#7*/
JimCarver 0:6b753f761943 1518 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID);
JimCarver 0:6b753f761943 1519 if (SOTP_SUCCESS != sotpRes)
JimCarver 0:6b753f761943 1520 {
JimCarver 0:6b753f761943 1521 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1522 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1523 }
JimCarver 0:6b753f761943 1524
JimCarver 0:6b753f761943 1525 /*#8*/
JimCarver 0:6b753f761943 1526 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 1527 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1528 {
JimCarver 0:6b753f761943 1529 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1530 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1531 }
JimCarver 0:6b753f761943 1532 /*#9*/
JimCarver 0:6b753f761943 1533 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 1534 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1535 {
JimCarver 0:6b753f761943 1536 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1537 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1538 }
JimCarver 0:6b753f761943 1539 /*#10*/
JimCarver 0:6b753f761943 1540 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 1541 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1542 {
JimCarver 0:6b753f761943 1543 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1544 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1545 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1546 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1547 }
JimCarver 0:6b753f761943 1548
JimCarver 0:6b753f761943 1549 /*#11*/
JimCarver 0:6b753f761943 1550 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 1551 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1552 {
JimCarver 0:6b753f761943 1553 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1554 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1555 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1556 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1557 }
JimCarver 0:6b753f761943 1558 /*#12*/
JimCarver 0:6b753f761943 1559 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 1560 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1561 {
JimCarver 0:6b753f761943 1562 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1563 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1564 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1565 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1566 }
JimCarver 0:6b753f761943 1567 /*#13*/
JimCarver 0:6b753f761943 1568 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 1569 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1570 {
JimCarver 0:6b753f761943 1571 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1572 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1573 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1574 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1575 }
JimCarver 0:6b753f761943 1576 /*#14*/
JimCarver 0:6b753f761943 1577 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 1578 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1579 {
JimCarver 0:6b753f761943 1580 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1581 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1582 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1583 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1584 }
JimCarver 0:6b753f761943 1585 /*#15*/
JimCarver 0:6b753f761943 1586 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 1587 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1588 {
JimCarver 0:6b753f761943 1589 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1590 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1591 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1592 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult);
JimCarver 0:6b753f761943 1593 }
JimCarver 0:6b753f761943 1594 /*#16*/
JimCarver 0:6b753f761943 1595 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 1596 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1597 {
JimCarver 0:6b753f761943 1598 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1599 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1600 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1601 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1602 }
JimCarver 0:6b753f761943 1603
JimCarver 0:6b753f761943 1604 pal_osDelay(5000);
JimCarver 0:6b753f761943 1605 /*#14*/
JimCarver 0:6b753f761943 1606 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 1607 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1608 {
JimCarver 0:6b753f761943 1609 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1610 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1611 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1612 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1613 }
JimCarver 0:6b753f761943 1614
JimCarver 0:6b753f761943 1615 /*#17*/
JimCarver 0:6b753f761943 1616 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1617 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1618 {
JimCarver 0:6b753f761943 1619 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1620 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1621 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1622 }
JimCarver 0:6b753f761943 1623 /*#18*/
JimCarver 0:6b753f761943 1624 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1625 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1626 {
JimCarver 0:6b753f761943 1627 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1628 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1629 }
JimCarver 0:6b753f761943 1630 /*#19*/
JimCarver 0:6b753f761943 1631 status = pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1632 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1633
JimCarver 0:6b753f761943 1634 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1635 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1636
JimCarver 0:6b753f761943 1637 /*#20*/
JimCarver 0:6b753f761943 1638 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1639 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1640 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime);
JimCarver 0:6b753f761943 1641 #endif
JimCarver 0:6b753f761943 1642
JimCarver 0:6b753f761943 1643 }
JimCarver 0:6b753f761943 1644
JimCarver 0:6b753f761943 1645 /**
JimCarver 0:6b753f761943 1646 * @brief Test TLS handshake (TCP blocking) with near past time and validate that the handshake didn't update the device time (due to set time rules)
JimCarver 0:6b753f761943 1647 *
JimCarver 0:6b753f761943 1648 *
JimCarver 0:6b753f761943 1649 * | # | Step | Expected |
JimCarver 0:6b753f761943 1650 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 1651 * | 1 | Get saved time from SOTP, move forward half day and set time to RAM | PAL_SUCCESS |
JimCarver 0:6b753f761943 1652 * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1653 * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1654 * | 4 | Set the server port. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1655 * | 5 | Parse the CA cert. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1656 * | 6 | Get the CA cert ID. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1657 * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1658 * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1659 * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1660 * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1661 * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS |
JimCarver 0:6b753f761943 1662 * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1663 * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1664 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1665 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1666 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1667 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1668 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1669 * | 19 | Free X509 handle. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1670 * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS |
JimCarver 0:6b753f761943 1671 */
JimCarver 0:6b753f761943 1672 TEST(pal_tls, tlsHandshakeTCP_NearPastTrustedServer_NoTimeUpdate)
JimCarver 0:6b753f761943 1673 {
JimCarver 0:6b753f761943 1674 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1))
JimCarver 0:6b753f761943 1675 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 1676 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 1677 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 1678 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 1679 palSocketAddress_t socketAddr = { 0 };
JimCarver 0:6b753f761943 1680 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 1681 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 1682 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 1683 uint32_t written = 0;
JimCarver 0:6b753f761943 1684 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) };
JimCarver 0:6b753f761943 1685 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) };
JimCarver 0:6b753f761943 1686 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 1687 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 1688 sotp_result_e sotpRes = SOTP_SUCCESS;
JimCarver 0:6b753f761943 1689 uint64_t currentTime = 0;
JimCarver 0:6b753f761943 1690 uint64_t updatedTime = 0;
JimCarver 0:6b753f761943 1691 uint16_t actualSavedTimeSize = 0;
JimCarver 0:6b753f761943 1692 palX509Handle_t trustedServerCA = NULLPTR;
JimCarver 0:6b753f761943 1693 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 1694
JimCarver 0:6b753f761943 1695 /*#1*/
JimCarver 0:6b753f761943 1696 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)&currentTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1697 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1698 TEST_ASSERT_TRUE(0 != currentTime);
JimCarver 0:6b753f761943 1699
JimCarver 0:6b753f761943 1700 status = pal_osSetTime(currentTime + (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update)
JimCarver 0:6b753f761943 1701 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1702 /*#2*/
JimCarver 0:6b753f761943 1703 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket);
JimCarver 0:6b753f761943 1704 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1705 /*#3*/
JimCarver 0:6b753f761943 1706 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 1707 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 1708 {
JimCarver 0:6b753f761943 1709 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 1710 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1711 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1712 return;
JimCarver 0:6b753f761943 1713 }
JimCarver 0:6b753f761943 1714 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1715 /*#4*/
JimCarver 0:6b753f761943 1716 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT);
JimCarver 0:6b753f761943 1717 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1718
JimCarver 0:6b753f761943 1719 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 1720 tlsSocket.socket = g_socket;
JimCarver 0:6b753f761943 1721
JimCarver 0:6b753f761943 1722 /*#5*/
JimCarver 0:6b753f761943 1723 status = pal_x509Initiate(&trustedServerCA);
JimCarver 0:6b753f761943 1724 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR);
JimCarver 0:6b753f761943 1725 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1726
JimCarver 0:6b753f761943 1727 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas));
JimCarver 0:6b753f761943 1728 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1729 {
JimCarver 0:6b753f761943 1730 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1731 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1732 }
JimCarver 0:6b753f761943 1733 /*#6*/
JimCarver 0:6b753f761943 1734 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize);
JimCarver 0:6b753f761943 1735 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1736 {
JimCarver 0:6b753f761943 1737 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1738 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1739 }
JimCarver 0:6b753f761943 1740 /*#7*/
JimCarver 0:6b753f761943 1741 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID);
JimCarver 0:6b753f761943 1742 if (SOTP_SUCCESS != sotpRes)
JimCarver 0:6b753f761943 1743 {
JimCarver 0:6b753f761943 1744 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1745 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1746 }
JimCarver 0:6b753f761943 1747
JimCarver 0:6b753f761943 1748 /*#8*/
JimCarver 0:6b753f761943 1749 status = pal_connect(g_socket, &socketAddr, addressLength);
JimCarver 0:6b753f761943 1750 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1751 {
JimCarver 0:6b753f761943 1752 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1753 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1754 }
JimCarver 0:6b753f761943 1755 /*#9*/
JimCarver 0:6b753f761943 1756 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 1757 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1758 {
JimCarver 0:6b753f761943 1759 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1760 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1761 }
JimCarver 0:6b753f761943 1762 /*#10*/
JimCarver 0:6b753f761943 1763 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 1764 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1765 {
JimCarver 0:6b753f761943 1766 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1767 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1768 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1769 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1770 }
JimCarver 0:6b753f761943 1771
JimCarver 0:6b753f761943 1772 /*#11*/
JimCarver 0:6b753f761943 1773 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 1774 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1775 {
JimCarver 0:6b753f761943 1776 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1777 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1778 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1779 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1780 }
JimCarver 0:6b753f761943 1781 /*#12*/
JimCarver 0:6b753f761943 1782 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 1783 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1784 {
JimCarver 0:6b753f761943 1785 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1786 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1787 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1788 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1789 }
JimCarver 0:6b753f761943 1790 /*#13*/
JimCarver 0:6b753f761943 1791 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 1792 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1793 {
JimCarver 0:6b753f761943 1794 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1795 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1796 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1797 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1798 }
JimCarver 0:6b753f761943 1799 /*#14*/
JimCarver 0:6b753f761943 1800 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 1801 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1802 {
JimCarver 0:6b753f761943 1803 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1804 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1805 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1806 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1807 }
JimCarver 0:6b753f761943 1808 /*#15*/
JimCarver 0:6b753f761943 1809 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 1810 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1811 {
JimCarver 0:6b753f761943 1812 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1813 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1814 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1815 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult);
JimCarver 0:6b753f761943 1816 }
JimCarver 0:6b753f761943 1817 /*#16*/
JimCarver 0:6b753f761943 1818 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 1819 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1820 {
JimCarver 0:6b753f761943 1821 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1822 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1823 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1824 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1825 }
JimCarver 0:6b753f761943 1826
JimCarver 0:6b753f761943 1827 pal_osDelay(5000);
JimCarver 0:6b753f761943 1828 /*#14*/
JimCarver 0:6b753f761943 1829 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 1830 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1831 {
JimCarver 0:6b753f761943 1832 pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1833 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1834 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1835 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1836 }
JimCarver 0:6b753f761943 1837
JimCarver 0:6b753f761943 1838 /*#17*/
JimCarver 0:6b753f761943 1839 status = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1840 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1841 {
JimCarver 0:6b753f761943 1842 pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1843 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1844 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1845 }
JimCarver 0:6b753f761943 1846 /*#18*/
JimCarver 0:6b753f761943 1847 status = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1848 if (PAL_SUCCESS != status)
JimCarver 0:6b753f761943 1849 {
JimCarver 0:6b753f761943 1850 pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1851 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1852 }
JimCarver 0:6b753f761943 1853 /*#19*/
JimCarver 0:6b753f761943 1854 status = pal_x509Free(&trustedServerCA);
JimCarver 0:6b753f761943 1855 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1856
JimCarver 0:6b753f761943 1857 status = pal_close(&g_socket);
JimCarver 0:6b753f761943 1858 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1859 /*#20*/
JimCarver 0:6b753f761943 1860 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize);
JimCarver 0:6b753f761943 1861 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes);
JimCarver 0:6b753f761943 1862 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime);
JimCarver 0:6b753f761943 1863 #endif
JimCarver 0:6b753f761943 1864 }
JimCarver 0:6b753f761943 1865
JimCarver 0:6b753f761943 1866 #endif //PAL_USE_INTERNAL_FLASH
JimCarver 0:6b753f761943 1867
JimCarver 0:6b753f761943 1868 static palStatus_t ThreadHandshakeTCP(bool socketNonBlocking)
JimCarver 0:6b753f761943 1869 {
JimCarver 0:6b753f761943 1870 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 1871 palStatus_t tmpStatus = PAL_SUCCESS;
JimCarver 0:6b753f761943 1872 palTLSConfHandle_t palTLSConf = NULLPTR;
JimCarver 0:6b753f761943 1873 palTLSHandle_t palTLSHandle = NULLPTR;
JimCarver 0:6b753f761943 1874 palTLSTransportMode_t transportationMode = PAL_TLS_MODE;
JimCarver 0:6b753f761943 1875 palSocketAddress_t socketAddr = {0};
JimCarver 0:6b753f761943 1876 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 1877 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0};
JimCarver 0:6b753f761943 1878 uint32_t actualLen = 0;
JimCarver 0:6b753f761943 1879 uint32_t written = 0;
JimCarver 0:6b753f761943 1880 palSocket_t socketTCP = 0;
JimCarver 0:6b753f761943 1881 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)};
JimCarver 0:6b753f761943 1882 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)};
JimCarver 0:6b753f761943 1883 palTLSSocket_t tlsSocket = { socketTCP, &socketAddr, 0, transportationMode };
JimCarver 0:6b753f761943 1884 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) };
JimCarver 0:6b753f761943 1885 palTLSTest_t *testTLSCtx = NULL;
JimCarver 0:6b753f761943 1886 palStatus_t mutexStatus = PAL_SUCCESS;
JimCarver 0:6b753f761943 1887 bool mutexWait = false;
JimCarver 0:6b753f761943 1888 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 1889
JimCarver 0:6b753f761943 1890 mutexWait = true;
JimCarver 0:6b753f761943 1891 /*#1*/
JimCarver 0:6b753f761943 1892 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &socketTCP);
JimCarver 0:6b753f761943 1893 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1894 /*#2*/
JimCarver 0:6b753f761943 1895 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 1896 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1897
JimCarver 0:6b753f761943 1898 tlsSocket.addressLength = addressLength;
JimCarver 0:6b753f761943 1899 tlsSocket.socket = socketTCP;
JimCarver 0:6b753f761943 1900 /*#3*/
JimCarver 0:6b753f761943 1901 if (true == socketNonBlocking)
JimCarver 0:6b753f761943 1902 {
JimCarver 0:6b753f761943 1903 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB);
JimCarver 0:6b753f761943 1904 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1905 }
JimCarver 0:6b753f761943 1906 else //blocking
JimCarver 0:6b753f761943 1907 {
JimCarver 0:6b753f761943 1908 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT);
JimCarver 0:6b753f761943 1909 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1910 }
JimCarver 0:6b753f761943 1911
JimCarver 0:6b753f761943 1912 /*#4*/
JimCarver 0:6b753f761943 1913 status = pal_connect(socketTCP, &socketAddr, addressLength);
JimCarver 0:6b753f761943 1914 if (PAL_ERR_SOCKET_IN_PROGRES == status)
JimCarver 0:6b753f761943 1915 {
JimCarver 0:6b753f761943 1916 pal_osDelay(500);
JimCarver 0:6b753f761943 1917 }
JimCarver 0:6b753f761943 1918 else
JimCarver 0:6b753f761943 1919 {
JimCarver 0:6b753f761943 1920 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1921 }
JimCarver 0:6b753f761943 1922 /*#5*/
JimCarver 0:6b753f761943 1923 status = pal_initTLSConfiguration(&palTLSConf, transportationMode);
JimCarver 0:6b753f761943 1924 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1925 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR);
JimCarver 0:6b753f761943 1926 /*#6*/
JimCarver 0:6b753f761943 1927 status = pal_initTLS(palTLSConf, &palTLSHandle);
JimCarver 0:6b753f761943 1928 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1929
JimCarver 0:6b753f761943 1930 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them.
JimCarver 0:6b753f761943 1931 //status = pal_sslSetDebugging(palTLSConf, true);
JimCarver 0:6b753f761943 1932 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1933 /*#7*/
JimCarver 0:6b753f761943 1934 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey);
JimCarver 0:6b753f761943 1935 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1936 /*#8*/
JimCarver 0:6b753f761943 1937 status = pal_setCAChain(palTLSConf, &caCert, NULL);
JimCarver 0:6b753f761943 1938 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1939 /*#9*/
JimCarver 0:6b753f761943 1940 status = pal_tlsSetSocket(palTLSConf, &tlsSocket);
JimCarver 0:6b753f761943 1941 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1942 /*#10*/
JimCarver 0:6b753f761943 1943 testTLSCtx = (palTLSTest_t*)palTLSHandle; //This casting is done to sign that we are in retry situation.
JimCarver 0:6b753f761943 1944 if (true == socketNonBlocking)
JimCarver 0:6b753f761943 1945 {
JimCarver 0:6b753f761943 1946 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); // More than current epoch time -> success
JimCarver 0:6b753f761943 1947 do
JimCarver 0:6b753f761943 1948 {
JimCarver 0:6b753f761943 1949 if (testTLSCtx->retryHandShake && !g_retryHandshake)
JimCarver 0:6b753f761943 1950 {
JimCarver 0:6b753f761943 1951 g_retryHandshake = true;
JimCarver 0:6b753f761943 1952 if (mutexWait)
JimCarver 0:6b753f761943 1953 {
JimCarver 0:6b753f761943 1954 mutexStatus = pal_osMutexRelease(g_mutexHandShake1);
JimCarver 0:6b753f761943 1955 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 1956 mutexWait = false;
JimCarver 0:6b753f761943 1957 pal_osDelay(600);
JimCarver 0:6b753f761943 1958 }
JimCarver 0:6b753f761943 1959 }
JimCarver 0:6b753f761943 1960 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 1961 }
JimCarver 0:6b753f761943 1962 while ( (PAL_ERR_TLS_WANT_READ == status) || (PAL_ERR_TLS_WANT_WRITE == status));
JimCarver 0:6b753f761943 1963 }
JimCarver 0:6b753f761943 1964 else //blocking
JimCarver 0:6b753f761943 1965 {
JimCarver 0:6b753f761943 1966 status = pal_handShake(palTLSHandle, palTLSConf);
JimCarver 0:6b753f761943 1967 }
JimCarver 0:6b753f761943 1968 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1969
JimCarver 0:6b753f761943 1970 /*#11*/
JimCarver 0:6b753f761943 1971 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult);
JimCarver 0:6b753f761943 1972 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1973 /*#12*/
JimCarver 0:6b753f761943 1974 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written);
JimCarver 0:6b753f761943 1975 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1976 /*#13*/
JimCarver 0:6b753f761943 1977 pal_osDelay(5000);
JimCarver 0:6b753f761943 1978
JimCarver 0:6b753f761943 1979 /*#14*/
JimCarver 0:6b753f761943 1980 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen);
JimCarver 0:6b753f761943 1981 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 1982
JimCarver 0:6b753f761943 1983 finish:
JimCarver 0:6b753f761943 1984 if (mutexWait)
JimCarver 0:6b753f761943 1985 {
JimCarver 0:6b753f761943 1986 mutexStatus = pal_osMutexRelease(g_mutexHandShake1);
JimCarver 0:6b753f761943 1987 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 1988 }
JimCarver 0:6b753f761943 1989 /*#15*/
JimCarver 0:6b753f761943 1990 tmpStatus = pal_freeTLS(&palTLSHandle);
JimCarver 0:6b753f761943 1991 if (PAL_SUCCESS != tmpStatus)
JimCarver 0:6b753f761943 1992 {
JimCarver 0:6b753f761943 1993 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__);
JimCarver 0:6b753f761943 1994 }
JimCarver 0:6b753f761943 1995 /*#16*/
JimCarver 0:6b753f761943 1996 tmpStatus = pal_tlsConfigurationFree(&palTLSConf);
JimCarver 0:6b753f761943 1997 if (PAL_SUCCESS != tmpStatus)
JimCarver 0:6b753f761943 1998 {
JimCarver 0:6b753f761943 1999 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__);
JimCarver 0:6b753f761943 2000 }
JimCarver 0:6b753f761943 2001 /*#17*/
JimCarver 0:6b753f761943 2002 tmpStatus = pal_close(&socketTCP);
JimCarver 0:6b753f761943 2003 if (PAL_SUCCESS != tmpStatus)
JimCarver 0:6b753f761943 2004 {
JimCarver 0:6b753f761943 2005 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__);
JimCarver 0:6b753f761943 2006 }
JimCarver 0:6b753f761943 2007 if (PAL_SUCCESS == status)
JimCarver 0:6b753f761943 2008 {
JimCarver 0:6b753f761943 2009 status = tmpStatus;
JimCarver 0:6b753f761943 2010 }
JimCarver 0:6b753f761943 2011 return status;
JimCarver 0:6b753f761943 2012
JimCarver 0:6b753f761943 2013 }
JimCarver 0:6b753f761943 2014
JimCarver 0:6b753f761943 2015 void pal_TCPHandshakeFunc3(void const *argument)
JimCarver 0:6b753f761943 2016 {
JimCarver 0:6b753f761943 2017 palStatus_t mutexStatus = PAL_SUCCESS;
JimCarver 0:6b753f761943 2018 palStatus_t* arg = (palStatus_t*)argument;
JimCarver 0:6b753f761943 2019
JimCarver 0:6b753f761943 2020 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2021 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 2022
JimCarver 0:6b753f761943 2023 mutexStatus = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2024 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 2025
JimCarver 0:6b753f761943 2026 *arg = ThreadHandshakeTCP(true);
JimCarver 0:6b753f761943 2027
JimCarver 0:6b753f761943 2028 mutexStatus = pal_osMutexRelease(g_mutex1);
JimCarver 0:6b753f761943 2029 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 2030 }
JimCarver 0:6b753f761943 2031
JimCarver 0:6b753f761943 2032 void pal_CertVerify(void const *argument)
JimCarver 0:6b753f761943 2033 {
JimCarver 0:6b753f761943 2034 #if (PAL_ENABLE_X509 == 1)
JimCarver 0:6b753f761943 2035 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 2036 palStatus_t mutexStatus = PAL_SUCCESS;
JimCarver 0:6b753f761943 2037 palStatus_t* arg = (palStatus_t*)argument;
JimCarver 0:6b753f761943 2038 palX509Handle_t certHandle = NULLPTR;
JimCarver 0:6b753f761943 2039 int32_t verifyResult = 0;
JimCarver 0:6b753f761943 2040
JimCarver 0:6b753f761943 2041 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2042 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 2043
JimCarver 0:6b753f761943 2044 status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2045 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2046
JimCarver 0:6b753f761943 2047 status = pal_x509Initiate(&certHandle);
JimCarver 0:6b753f761943 2048 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2049
JimCarver 0:6b753f761943 2050 status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas));
JimCarver 0:6b753f761943 2051 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2052
JimCarver 0:6b753f761943 2053 PAL_LOG(INFO,"Calling Cert Verify..");
JimCarver 0:6b753f761943 2054 *arg = pal_x509CertVerifyExtended(certHandle, certHandle, &verifyResult);
JimCarver 0:6b753f761943 2055 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_FUTURE & verifyResult);
JimCarver 0:6b753f761943 2056
JimCarver 0:6b753f761943 2057 pal_x509Free(&certHandle);
JimCarver 0:6b753f761943 2058
JimCarver 0:6b753f761943 2059 mutexStatus = pal_osMutexRelease(g_mutexHandShake1);
JimCarver 0:6b753f761943 2060 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 2061
JimCarver 0:6b753f761943 2062 mutexStatus = pal_osMutexRelease(g_mutex2);
JimCarver 0:6b753f761943 2063 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus);
JimCarver 0:6b753f761943 2064 #endif
JimCarver 0:6b753f761943 2065 }
JimCarver 0:6b753f761943 2066
JimCarver 0:6b753f761943 2067 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_ENABLE_X509 == 1))
JimCarver 0:6b753f761943 2068 static void runTLSThreadTest(palThreadFuncPtr func1, palThreadFuncPtr func2, palStatus_t test1Result, palStatus_t test2Result)
JimCarver 0:6b753f761943 2069 {
JimCarver 0:6b753f761943 2070 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 2071 palThreadID_t threadID1 = NULLPTR;
JimCarver 0:6b753f761943 2072 palThreadID_t threadID2 = NULLPTR;
JimCarver 0:6b753f761943 2073 palStatus_t tlsArgs1 = PAL_SUCCESS;
JimCarver 0:6b753f761943 2074 palStatus_t tlsArgs2 = PAL_SUCCESS;
JimCarver 0:6b753f761943 2075
JimCarver 0:6b753f761943 2076 status = pal_osMutexCreate(&g_mutexHandShake1);
JimCarver 0:6b753f761943 2077 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2078
JimCarver 0:6b753f761943 2079 status = pal_osMutexCreate(&g_mutex1);
JimCarver 0:6b753f761943 2080 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2081
JimCarver 0:6b753f761943 2082 status = pal_osMutexCreate(&g_mutex2);
JimCarver 0:6b753f761943 2083 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2084
JimCarver 0:6b753f761943 2085 status = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2086 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2087
JimCarver 0:6b753f761943 2088 status = pal_osThreadCreateWithAlloc(func1, &tlsArgs1, PAL_osPriorityHigh, 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID1);
JimCarver 0:6b753f761943 2089 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2090
JimCarver 0:6b753f761943 2091 status = pal_osMutexRelease(g_mutexHandShake1);
JimCarver 0:6b753f761943 2092 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2093
JimCarver 0:6b753f761943 2094 pal_osDelay(100);
JimCarver 0:6b753f761943 2095
JimCarver 0:6b753f761943 2096 status = pal_osThreadCreateWithAlloc(func2, &tlsArgs2, PAL_osPriorityAboveNormal, 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID2);
JimCarver 0:6b753f761943 2097 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2098
JimCarver 0:6b753f761943 2099 status = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2100 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2101
JimCarver 0:6b753f761943 2102 status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER);
JimCarver 0:6b753f761943 2103 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2104
JimCarver 0:6b753f761943 2105 status = pal_osThreadTerminate(&threadID1);
JimCarver 0:6b753f761943 2106 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2107
JimCarver 0:6b753f761943 2108 status = pal_osThreadTerminate(&threadID2);
JimCarver 0:6b753f761943 2109 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2110
JimCarver 0:6b753f761943 2111 status = pal_osMutexRelease(g_mutex1);
JimCarver 0:6b753f761943 2112 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2113
JimCarver 0:6b753f761943 2114 status = pal_osMutexRelease(g_mutex2);
JimCarver 0:6b753f761943 2115 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2116
JimCarver 0:6b753f761943 2117 status = pal_osMutexDelete(&g_mutex1);
JimCarver 0:6b753f761943 2118 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2119
JimCarver 0:6b753f761943 2120 status = pal_osMutexDelete(&g_mutex2);
JimCarver 0:6b753f761943 2121 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2122
JimCarver 0:6b753f761943 2123 status = pal_osMutexDelete(&g_mutexHandShake1);
JimCarver 0:6b753f761943 2124 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2125
JimCarver 0:6b753f761943 2126 TEST_ASSERT_EQUAL_HEX(test1Result, tlsArgs1);
JimCarver 0:6b753f761943 2127 TEST_ASSERT_EQUAL_HEX(test2Result, tlsArgs2);
JimCarver 0:6b753f761943 2128 }
JimCarver 0:6b753f761943 2129 #endif
JimCarver 0:6b753f761943 2130
JimCarver 0:6b753f761943 2131
JimCarver 0:6b753f761943 2132
JimCarver 0:6b753f761943 2133 /**
JimCarver 0:6b753f761943 2134 * @brief Test try to process certificate verification with future certificate validation time while processing handshake
JimCarver 0:6b753f761943 2135 * in another thread to update the device time, we need to check that certificate verification is done against the
JimCarver 0:6b753f761943 2136 * broken device time (0) and after handshake is done, we need to re-verify against the fixed time according to the
JimCarver 0:6b753f761943 2137 * server time sent by the server during handshake.
JimCarver 0:6b753f761943 2138 *
JimCarver 0:6b753f761943 2139 *
JimCarver 0:6b753f761943 2140 * | # | Step | Expected |
JimCarver 0:6b753f761943 2141 * |---|--------------------------------|-------------|
JimCarver 0:6b753f761943 2142 * | 1 | Create Thread1 to process DTLS handshake | PAL_SUCCESS |
JimCarver 0:6b753f761943 2143 * | 1 | Create Thread2 to process TLS handshake | PAL_ERR_X509_CERT_VERIFY_FAILED |
JimCarver 0:6b753f761943 2144 */
JimCarver 0:6b753f761943 2145 TEST(pal_tls, TCPHandshakeWhileCertVerify_threads)
JimCarver 0:6b753f761943 2146 {
JimCarver 0:6b753f761943 2147 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_ENABLE_X509 == 1))
JimCarver 0:6b753f761943 2148 palStatus_t status = PAL_SUCCESS;
JimCarver 0:6b753f761943 2149 palX509Handle_t certHandle = NULLPTR;
JimCarver 0:6b753f761943 2150 uint64_t systemTime = 0;
JimCarver 0:6b753f761943 2151 palSocketAddress_t socketAddr = { 0 };
JimCarver 0:6b753f761943 2152 palSocketLength_t addressLength = 0;
JimCarver 0:6b753f761943 2153
JimCarver 0:6b753f761943 2154 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength);
JimCarver 0:6b753f761943 2155 if ((PAL_ERR_SOCKET_DNS_ERROR == status) || (PAL_ERR_SOCKET_INVALID_ADDRESS_FAMILY == status))
JimCarver 0:6b753f761943 2156 {
JimCarver 0:6b753f761943 2157 PAL_LOG(ERR, "error: address lookup returned an address not supported by current configuration cant continue test ( IPv6 add for IPv4 only configuration or IPv4 for IPv6 only configuration or error)");
JimCarver 0:6b753f761943 2158 return;
JimCarver 0:6b753f761943 2159 }
JimCarver 0:6b753f761943 2160
JimCarver 0:6b753f761943 2161 status = pal_osSetTime(0);
JimCarver 0:6b753f761943 2162 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2163
JimCarver 0:6b753f761943 2164 runTLSThreadTest(pal_TCPHandshakeFunc3, pal_CertVerify, PAL_SUCCESS, PAL_ERR_X509_CERT_VERIFY_FAILED);
JimCarver 0:6b753f761943 2165
JimCarver 0:6b753f761943 2166 systemTime = pal_osGetTime();
JimCarver 0:6b753f761943 2167 TEST_ASSERT_TRUE(0 < systemTime);
JimCarver 0:6b753f761943 2168
JimCarver 0:6b753f761943 2169 status = pal_x509Initiate(&certHandle);
JimCarver 0:6b753f761943 2170 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2171
JimCarver 0:6b753f761943 2172 status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas));
JimCarver 0:6b753f761943 2173 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2174
JimCarver 0:6b753f761943 2175 status = pal_x509CertVerify(certHandle, certHandle);
JimCarver 0:6b753f761943 2176 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2177
JimCarver 0:6b753f761943 2178 status = pal_x509Free(&certHandle);
JimCarver 0:6b753f761943 2179 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status);
JimCarver 0:6b753f761943 2180 #endif
JimCarver 0:6b753f761943 2181 }
JimCarver 0:6b753f761943 2182
JimCarver 0:6b753f761943 2183
JimCarver 0:6b753f761943 2184
JimCarver 0:6b753f761943 2185
JimCarver 0:6b753f761943 2186
JimCarver 0:6b753f761943 2187
JimCarver 0:6b753f761943 2188
JimCarver 0:6b753f761943 2189